Publisher: O'Reilly Media Released: August 2001 Pages: 240
Seventy percent of businesses reported security breaches in 2000, and the rate is on the rise. Is your organization ready to respond to such an incident head-on? Will you be able to tell whether an incident is an attack or a glitch in the system? Do you know how to assess the possible damage from an incident? Incident Response shows you how to answer questions like these and create a plan for exactly what to do before, during, and after an incident. The authors of Incident Response draw on years of experience developing and taking part in incident response teams at the highest levels of government and business. They guide you through both the technical and administrative details of effective incident response planning as they describe: - What incident response is, and the problems of distinguishing real risk from perceived risk
- The different types of incident response teams, and advantages and disadvantages of each
- Planning and establishing an incident response team
- State of the Hack® information about different types of attacks
- Recommendations and details about available tools for incident response teams
- Resources available to incident response teams
Whatever your organization's size or purpose, Incident Response shows how to put in place an incident-response process that's as planned, efficient, and businesslike as any other IT operation in a mature organization. Incidents happen, and being able to respond to them effectively makes good business sense. |
-
Chapter 1 What Is Incident Response? -
Real-Life Incidents -
What Is an Incident? -
About the Bad Guys -
What Is Incident Response? -
Risk Assessment and Incident Response -
Development of Incident Response Efforts -
Are You Ready? Are You Willing? -
Chapter 2 Incident Response Teams -
Who Should Do It? -
Public Resource Teams -
Internal Teams -
Commercial Teams -
Vendor Teams -
Ad Hoc Teams -
Forum of Incident Response and Security Teams (FIRST) -
Now Who Should Do It? -
Chapter 3 Planning the Incident Response Program -
Establishing the Incident Response Program -
Internal Versus External -
Types of Incidents -
Who Are the Clients? -
Summary -
Chapter 4 Mission and Capabilities -
Roles and Responsibilities -
Staffing and Training -
Involving the Critical Players -
List of Contacts -
Setting Up a Hotline -
Establishing Procedures -
Awareness and Advertising -
Fire Drills -
Issues and Pitfalls -
Chapter 5 State of the Hack -
The Moving Target -
Keeping Up with Attack Profiles -
Training -
Chapter 6 Incident Response Operations -
We’ve Been Hit -- Now What? -
Incident Response Processes -
While Under Pressure -
Chapter 7 Tools of the Trade -
What’s Out There? -
Network-Based Tools -
Network Monitors and Protocol Analyzers -
Network-Based Intrusion Detection Systems -
Network Vulnerability Scanners -
Other Essential Network-Based Tools -
Host-Based Tools -
Communications -
Encryption -
Removable Storage Media -
The Incident Kit -
If We Ruled the World -
Chapter 8 Resources -
Security Information on the Web -
Incident Response Team Resources -
Commercial Incident ResponseService Providers -
Antivirus Products -
Mailing Lists and Newsgroups -
U.S. Government Resources -
Training, Conferences, and Certification Programs -
Legal Resources -
Appendix FIRST -
FIRST Statement of Mission and Strategic Goals -
FIRST Member Team Information -
Appendix Sample Incident Report -
Incident Chronology -
Law Enforcement Coordination -
Damage Assessment -
Management Review -
Colophon |
- Title:
- Incident Response
- By:
- Kenneth R. van Wyk, Richard Forno
- Publisher:
- O'Reilly Media
- Formats:
-
- Print
- Safari Books Online
- Print:
- August 2001
- Pages:
- 240
- Print ISBN:
- 978-0-596-00130-8
- | ISBN 10:
- 0-596-00130-4
|
-
Kenneth R. van Wyk Kenneth R. van Wyk is an internationally recognized information security expert and author of the O'Reilly Media books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: as a monthly columnist for on-line security portal, eSecurityPlanet, and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute.
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.
Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler. View Kenneth R. van Wyk's full profile page. -
Richard Forno Richard Forno is a recognized security professional and coauthor of The Art of Information Warfare. He has held high-profile security positions at major companies and government organizations; he helped establish the first incident response team for the United States House of Representatives and provided advisory support to offices of the Department of Defense on information warfare. He is the cofounder of G2-Forward, a prominent information analysis and distribution service supporting the military intelligence and law enforcement communities. In 1998, he became the chief security officer for Network Solutions (the InterNIC), the company responsible for developing and operating the Internet Shared Registry System. View Richard Forno's full profile page. |
Colophon Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Incident Response is a diver and shark. There are over 350 species of sharks, but only three are responsible for most attacks on swimmers and divers: the white shark (Carcharodon leucas), the tiger shark (Galeocerdo cuvier), and the bull shark (Carcharhinus leucas). Other species known to attack humans include the hammerhead, the shortfin mako, and certain reef sharks. In Florida, reports of shark attacks implicate the blacktip, spinner, and blacknose sharks. To avoid shark attacks, divers are advised to swim in groups and avoid the water at night, dawn, and dusk. Sharks are the apex predator of the ocean, balancing the ecosystem by controlling the populations of other animals such as seals and pinnipeds. Sharks rely on sight, taste, smell, and sound to track prey in the water. They can sense electric and magnetic fields, and detect low frequency vibrations a mile or more away. Their teeth are constantly replaced, sometimes every eight days, and their bodies are a hydrodynamic torpedo shape. The smallest shark, the 6-inch cigar shark, lives 1,500 feet under the surface in the Atlantic, Indian, and western Pacific oceans. The largest shark is the 60-foot whale shark, which feeds on plankton. The average lifespan is 25 years, but some sharks live to be as much as 100 years old. Colleen Gorman was the production editor and copyeditor for Incident Response. Mary Brady was the proofreader, and Nicole Arigo provided quality control. Molly Shangraw and Edie Shapiro provided production support. Ellen Troutman-Zaig wrote the index. Ellie Volckhausen designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from Dover's Men: A Pictoral Archive from 19th Century Sources. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font. David Futato designed the interior layout based on a series design by Nancy Priest. Neil Walls converted the files from Microsoft Word to FrameMaker 5.5.6 using tools created by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book; the code font is Constant Willison. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia Free-Hand 9 and Adobe Photoshop 6. This colophon was written by Colleen Gorman. Whenever possible, our books use a durable and flexible lay-flat binding. If the page count exceeds this binding's limit, perfect binding is used. |
|
Description
|
Table of Contents
|
Product Details
|
About the Author
|
Colophon
|
 |
|
|
|
|
|
Recommended for You
|
Recently Viewed
|
|
|
By Sanjay Mishra, Alan Beaulieu
April 2002
By Christopher A. Jones, Fred L. Drake Jr
December 2001
By Matthew Gast
August 2001
|
Customer Reviews
|
|
|
