Re: Need Incident Handling Process Framework

From: Yuri Demchenko (demchat_private)
Date: Fri Nov 09 2001 - 12:40:00 PST

Next message: H C: "Re: Need Incident Handling Process Framework"

Previous message: Dave Dittrich: "Re: Analysis of SSH crc32 compensation attack detector exploit"
In reply to: J Jewitt: "Need Incident Handling Process Framework"
Next in thread: H C: "Re: Need Incident Handling Process Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a Trans-European activity on CSIRT coordination (TF-CSIRT) that
is also developing common Incident response framework based on IODEF
(Incident Object Description and Exchange Format) RFC3067

All information is available at the TF-CSIRT and IODEF WG webpages
http://www.terena.nl/task-forces/tf-csirt/
http://www.terena.nl/task-forces/tf-csirt/iodef/

And more is coming with Extended Incident Handling BOF (inch) to take
place at IETF52 on Monday 13.00-15.00 December 10, 2001
http://www.terena.nl/task-forces/tf-csirt/inch/inch-bof-ietf52-draft.txt

Yuri

J Jewitt wrote:
> 
>    Hi all,
> 
>    I'm looking for a source for boilerplate incident
> response policies, plans, forms, checklists, etc. The
> whole package.
>    I work for a global company and I am responsible
> for incidents occurring in North and South America,
> and I'd like to have a nice, clean process.
>    I have looked at "Incident Response" (O'Reilly) and
> "Incident Response: Investigating Computer Crime"
> (Mandia & Prosise) as well as some CERT and SANS
> course materials.
>    If someone knows of a resource, or would care to
> send me sanitized versions of their framework, it
> would be of benefit to anyone on the list wishing to
> normalize their incident response process.
> 
>        thanks!
>          J
> 
> __________________________________________________
> Do You Yahoo!?
> Find a job, post your resume.
> http://careers.yahoo.com
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

-- 
-----------------------------------------------------------------------
Yuri Demchenko, TERENA, Singel 468D, 1017 AW Amsterdam, The Netherlands 
Tel: +31 20 530 4488  Fax: +31 20 530 4499  E-mail: demchenkoat_private
-----------------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: H C: "Re: Need Incident Handling Process Framework"
Previous message: Dave Dittrich: "Re: Analysis of SSH crc32 compensation attack detector exploit"
In reply to: J Jewitt: "Need Incident Handling Process Framework"
Next in thread: H C: "Re: Need Incident Handling Process Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 13:17:41 PST