Re: Incident Response Guidelines

From: C. Henderson (macrackman@netscape.net)
Date: 12/27/02

  • Next message: Gene: "Re: Incident Response Guidelines" 
    Date: Fri, 27 Dec 2002 13:41:01 -0700
From: "C. Henderson" <macrackman@netscape.net>
To: John Smithson <why1234@hotmail.com>

    I would start with some of the old agencies.. They have one heck of a
    pile on this stuff.
    http://www.cert.org/
    http://www.ciac.org/ciac/
    http://www.first.org/

    I personally would not worry about this new fine NIPC thing, they seem
    to be still getting their act together, and have been now attached to
    the Office of Home Land Security.
    So that means they can go through at least one more reorg..
    They also seem to be more interested in "Infrastructure" issues, versus
    NET issues.
    At all of the talks I have attended, I haven't met one FBI person who
    knows the simple difference between a "Hacker" and a "Cracker". They
    seem to think they are all one in the same..

    That scares me.

    For What It Is Worth..
    CH

    John Smithson wrote:

    >
    > Hello,
    >
    > I'm about to start huge documentation phase on creating Incident
    > Response Guidelines / Handling - including creating the structure,
    > creating the Incident Response Team, documenting the guidelines per
    > incidents - such as web server hacked, DOS attack, Virus Outbreak
    >
    > I need your help on pointing me to few good documents / books.
    > Obviously, I have googled, and found good info. However, I may be
    > missing some good information that you gurus have collected over time.
    >
    > Please any help would be greatly appreciated.
    >
    > Thanks,
    >
    > John Smithson
    >
    >
    >
    >
    >
    > _________________________________________________________________
    > MSN 8 limited-time offer: Join now and get 3 months FREE*.
    > http://join.msn.com/?page=dept/dialup&xAPID=42&PS=47575&PI=7324&DI=7474&SUrace and if it is less <br> tha> http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_newmsn8ishere_3mf problem.&quot; <br> <p>On another note./
    > http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_newmsn8ishere_3mf problem.&quot; <br> <p>On another note./
    >
    >
    >
    >

    Relevant Pages

    • Re: AS: Incident Response Guidelines
      ... >I'm about to start huge documentation phase on creating Incident ... >Incident Response Team, documenting the guidelines per incidents - such ...
      (Security-Basics)
    • Re: IDS Incident Escalation Procedure
      ... The structure of the core Incident Response Team ... Adherence to any higher level policy, if required (in line with escalation matrices defined in the business continuity plans) ... Now depending on the nature and category of alerts coming from the IDS, an incident can be escalated from the incident handler to CIRT leader to database admin to Legal Counsel. ...
      (Focus-IDS)
    • RE: Incident Lifecycle
      ... Subject: Incident Lifecycle ... I just got done reading Incident Response ... and the one thing they wouldn't stop stressing is documentation, ...
      (Security-Basics)
    • Re: Geir Helgemo not playing for NOrway in Bermuda Bowl?
      ... incident (serious breach of ethics) had taken place ... Documentation of that will be welcome, and that point is, as you say, ...
      (rec.games.bridge)