Re: Got IDS installed, now need incident response plan document

• Previous message: Zach Forsyth: "Low cost HID based IDS system"
• In reply to: Bryan Morris: "Got IDS installed, now need incident response plan document"
• Next in thread: Mark Phillips: "Re: Got IDS installed, now need incident response plan document"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Bryan Morris" <bryanmorrisjr@hotmail.com>, FOCUS-IDS@securityfocus.com
Date: Fri, 16 May 2003 09:01:31 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 15 May 2003 08:54 pm, Bryan Morris wrote:
> Hello,
>
> I was able to get our corporate IDS up and running.
>
> Now my boss wants me to design an incident response plan.
>
> Does anyone know of any pre-canned documents I can use, so I don’t
> have to spend 2 weeks writing an incident response document from
> scratch?

Bryan,

Google is your friend. Search on "incident response" (including the
quotation marks. You'll get more than you can imagine. Having said
that, I think you seriously underestimate the task if you think it
would take you only two weeks to write one from scratch . . . Even
with templates, it's going to take much longer than that . . . there
are *lots* of decisions to make and *many* processes to put into place
. . . Don't let your boss push things too fast. An incomplete plan
only generates a false sense of security. Plus, a good incident
response plan is a living document that evolves with the threats and
the organizaion . . .

Have fun! ;-)

George Capehart
- --
George W. Capehart

"With sufficient thrust, pigs fly just fine . . ."
 -- RFC 1925

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+xOE9PhMbfSg3fpARAgpPAJ0dCGXROkKbWCIJBQAto6DDvgkfkgCg3AzU
twpTMuISmcQ+ZG9YfhrFZKE=
=k1Vp
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------

• Previous message: Zach Forsyth: "Low cost HID based IDS system"
• In reply to: Bryan Morris: "Got IDS installed, now need incident response plan document"
• Next in thread: Mark Phillips: "Re: Got IDS installed, now need incident response plan document"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]