The Effective Incident Response Team by Julie Lucas
The Effective Incident Response Team by Julie Lucas, Brian Moeller
Publisher: Addison-Wesley Professional; 1st edition (September 26, 2003) | ISBN-10: 0201761750 | CHM | 0,7 Mb | 256 pages
Publisher: Addison-Wesley Professional; 1st edition (September 26, 2003) | ISBN-10: 0201761750 | CHM | 0,7 Mb | 256 pages
When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches.
The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references.
IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities.
Inside, readers will find information on:
— Formulating reactive or preventative operational strategy — Forming, training, and marketing the CIRT — Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools — Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses — Tracking, storing, and counting incident reports and assessing the cost of an incident — Working with law enforcement and the legal community — Benefiting from shared resources — Scrutinizing closed incidents to further prevention — Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews — Communicating the CIRT's return on investment through management reporting