It may be late answer but still you can find a lot of related information about incident description and response at the Incident Taxonomy and Description Working Group (also known as Incident Object Description and Exchange Format WG - IODEF WG) webpage at http://www.terena.nl/task-forces/tf-csirt/iodef/index.html Current documents: * Best Current Practice on Incident classification and reporting schemes. Version 1.0. * Taxonomy of the Computer Security Incident related terminology * RFC 3067 TERENA's Incident Object Description and Exchange Format Requirements * Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition * Incident Object XML Data Type Definition (XML DTD). Draft Version 0.0 * Incident Object Data Model Draft Version 0.0 (Description, Chart) The above development is based on experience of few leading European CSIRTs and first of all JANET-CERT (http://www.ja.net/cert/) and CERT-NL (http://cert-nl.surfnet.nl/) where you can find or ask more practical information. Desmond Irvine wrote: > > Does anyone have an incidence response form that they would be willing > to share? I'm looking to see what sort of information others are > recording about security incidents. I want to put together something > comprehensive to help in documenting incidents that could also serve a > sort of check list of things that should be done. Sometimes without a > form it's easy to forget to check simple things like is the clock on the > compromised system in sync with the rest of the world. > > Thanks, Desmond. > > -- > Desmond Irvine Security Analyst, Information Technology > Sheridan College Phone: 905-845-9430 x2035 > 1430 Trafalgar Road Fax: 905-815-4011 > Oakville, ON L6H 2L1 EMail: desmond.irvineat_private > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- ----------------------------------------------------------------------- Yuri Demchenko, TERENA, Singel 468D, 1017 AW Amsterdam, The Netherlands Tel: +31 20 530 4488 Fax: +31 20 530 4499 E-mail: demchenkoat_private ----------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 08:09:25 PDT