The Effective Incident Response Team

Effective Incident Response Team, The
By Julie Lucas, Brian Moeller

Publisher : Addison Wesley
Pub Date : September 23, 2003
ISBN : 0-201-76175-0
Pages : 336


When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches.

The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references.

IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities.

Inside, readers will find information on:
* Formulating reactive or preventative operational strategy
* Forming, training, and marketing the CIRT
* Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools
* Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses
* Tracking, storing, and counting incident reports and assessing the cost of an incident
* Working with law enforcement and the legal community
* Benefiting from shared resources
* Scrutinizing closed incidents to further prevention
* Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews
* Communicating the CIRT's return on investment through management reporting


Copyright
Foreword
Preface
Some Notes of Thanks
Chapter 1. Welcome to the Information Age
A Brief History
What Does This Mean to My Organization?
Examples of Incident Response Teams
Some Statistics
Summary
Chapter 2. What's Your Mission?
Focus and Scope
Working with Law Enforcement
Operational Strategy
Services Offered
The Impotance of Credibility
Summary
Chapter 3. The Terminology Piece
What Is a Computer Incident?
An Incident Taxonomy
Common Vulnerability and Exposure (CVE) Project
Summary

Chapter 4. Computer Attacks
Consequences of Computer Attacks
Attack Vectors
Malicious Logic
Summary
Chapter 5. Forming the Puzzle
Putting the Team Together
Facilities
Products and Tools
Funding the Team
Training
Marketing the Team
Dealing with the Media
Summary
Chapter 6. Teamwork
External Team Members
Internal Teamwork
Summary
Chapter 7. Selecting the Products and Tools
Training as a Tool
Sound Security Practices
The Tools of the Trade
Using the Tools
Summary
Chapter 8. The Puzzle in Action
The Life Cycle of an Incident
Incident Reporting
Keeping Current
Writing Computer Security Advisories
Summary
Chapter 9. What Did That Incident Cost?
Statistics and Cases
Forms of Economic Impact
An Incident Cost Model
Summary
Chapter 10. The Legal Eagles
Working with the Legal Community
Needed—Case Law
Reporting Computer Crime
Summary
Chapter 11. Computer Forensics: An Evolving Discipline
The World of Forensics
Overview and Impotance of Computer Forensics
Summary
Chapter 12. Conclusions
Appendix A. Sample Incident Report Form
Appendix B. Federal Code Related to Cyber Crime
18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices
18 U.S.C. 1030. Fraud and Related Activity in Connection with Computers: As amended October 11, 1996
18 U.S.C. 1362. Communication Lines, Stations, or Systems
Appendix C. Sample Frequently Asked Questions
Appendix D. Domain Name Extensions Used for Internet Addresses
Appendix E. Well-Known Port Numbers
Glossary
Bibliography
Books
Reports and Articles
Web Sites

Download
Another Computer Security Books