Incident Response

From: Desmond Irvine (desmond.irvineat_private)
Date: Tue Jul 31 2001 - 08:06:32 PDT

  • Next message: David Hickman: "Re: Large ISP response to Code Red?"

    Does anyone have an incidence response form that they would be willing
    to share?  I'm looking to see what sort of information others are
    recording about security incidents.  I want to put together something
    comprehensive to help in documenting incidents that could also serve a
    sort of check list of things that should be done.  Sometimes without a
    form it's easy to forget to check simple things like is the clock on the
    compromised system in sync with the rest of the world.
    
    Thanks, Desmond.
    
    -- 
    Desmond Irvine                Security Analyst, Information Technology
    Sheridan College              Phone: 905-845-9430 x2035
    1430 Trafalgar Road           Fax: 905-815-4011
    Oakville, ON  L6H 2L1         EMail: desmond.irvineat_private
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:47:30 PDT