Re: Need Incident Handling Process Framework

From: H C (keydet89at_private)
Date: Fri Nov 09 2001 - 11:48:44 PST

Next message: Joshua Wright: "RE: SYN Flood attack with sequential destination ports?"

Previous message: Yuri Demchenko: "Re: Need Incident Handling Process Framework"
In reply to: J Jewitt: "Need Incident Handling Process Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

J,

It looks to me as if you've gone to all the right
places and seen a lot of very good material.  I think
that perhaps now, I don't really understand what it is
you're looking for.

The sites you've visited, and the books you've
reviewed, provide an excellent overview of what is
involved in an incident response policy and process.

Given that security must be tailored to the
infrastructure, one would think at this point all
that's left is for you to sit down and put pen to
paper, as it were.

You've got to start somewhere...so take what you've
already looked at and tailor it to suit your needs. 
None of us in this list can do it for you (which is
what you seem to be asking for), as none of us are
aware of the technical or political issues inherent in
your organization.

Why don't you do this...produce the policy,
process/procedure and forms yourself.  Then, if you
like, post them for review, suggestions, etc.  Sound
good?

>    I'm looking for a source for boilerplate incident
> response policies, plans, forms, checklists, etc.
> The
> whole package.
>    I work for a global company and I am responsible
> for incidents occurring in North and South America,
> and I'd like to have a nice, clean process.
>    I have looked at "Incident Response" (O'Reilly)
> and
> "Incident Response: Investigating Computer Crime"
> (Mandia & Prosise) as well as some CERT and SANS
> course materials.
>    If someone knows of a resource, or would care to
> send me sanitized versions of their framework, it
> would be of benefit to anyone on the list wishing to
> normalize their incident response process.



__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Joshua Wright: "RE: SYN Flood attack with sequential destination ports?"
Previous message: Yuri Demchenko: "Re: Need Incident Handling Process Framework"
In reply to: J Jewitt: "Need Incident Handling Process Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 13:20:30 PST