Seventy percent of businesses reported security breaches in 2000, and the rate is on the rise. Is your organization ready to respond to such an incident head-on? Will you be able to tell whether an incident is an attack or a glitch in the system? Do you know how to assess the possible damage from an incident? Incident Response shows you how to answer questions like these and create a plan for exactly what to do before, during, and after an incident.The authors of Incident Response draw on years of experience developing and taking part in incident response teams at the highest levels of government and business. They guide you through both the technical and administrative details of effective incident response planning as they describe:
What incident response is, and the problems of distinguishing real risk from perceived risk
The different types of incident response teams, and advantages and disadvantages of each
Planning and establishing an incident response team
State of the Hack® information about different types of attacks
Recommendations and details about available tools for incident response teams
Resources available to incident response teams
Whatever your organization's size or purpose, Incident Response shows how to put in place an incident-response process that's as planned, efficient, and businesslike as any other IT operation in a mature organization. Incidents happen, and being able to respond to them effectively makes good business sense.
Chapter 1 What Is Incident Response?
What Is an Incident?
About the Bad Guys
What Is Incident Response?
Risk Assessment and Incident Response
Development of Incident Response Efforts
Are You Ready? Are You Willing?
Chapter 2 Incident Response Teams
Who Should Do It?
Public Resource Teams
Ad Hoc Teams
Forum of Incident Response and Security Teams (FIRST)
Kenneth R. van Wyk is an internationally recognized information security expert and author of the O'Reilly Media books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: as a monthly columnist for on-line security portal, eSecurityPlanet, and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute.
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.
Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler.
Richard Forno is a recognized security professional and coauthor of The Art of Information Warfare. He has held high-profile security positions at major companies and government organizations; he helped establish the first incident response team for the United States House of Representatives and provided advisory support to offices of the Department of Defense on information warfare. He is the cofounder of G2-Forward, a prominent information analysis and distribution service supporting the military intelligence and law enforcement communities. In 1998, he became the chief security officer for Network Solutions (the InterNIC), the company responsible for developing and operating the Internet Shared Registry System.
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Incident Response is a diver and shark. There are over 350 species of sharks, but only three are responsible for most attacks on swimmers and divers: the white shark (Carcharodon leucas), the tiger shark (Galeocerdo cuvier), and the bull shark (Carcharhinus leucas). Other species known to attack humans include the hammerhead, the shortfin mako, and certain reef sharks. In Florida, reports of shark attacks implicate the blacktip, spinner, and blacknose sharks. To avoid shark attacks, divers are advised to swim in groups and avoid the water at night, dawn, and dusk.Sharks are the apex predator of the ocean, balancing the ecosystem by controlling the populations of other animals such as seals and pinnipeds. Sharks rely on sight, taste, smell, and sound to track prey in the water. They can sense electric and magnetic fields, and detect low frequency vibrations a mile or more away. Their teeth are constantly replaced, sometimes every eight days, and their bodies are a hydrodynamic torpedo shape. The smallest shark, the 6-inch cigar shark, lives 1,500 feet under the surface in the Atlantic, Indian, and western Pacific oceans. The largest shark is the 60-foot whale shark, which feeds on plankton. The average lifespan is 25 years, but some sharks live to be as much as 100 years old. Colleen Gorman was the production editor and copyeditor for Incident Response. Mary Brady was the proofreader, and Nicole Arigo provided quality control. Molly Shangraw and Edie Shapiro provided production support. Ellen Troutman-Zaig wrote the index.Ellie Volckhausen designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from Dover's Men: A Pictoral Archive from 19th Century Sources. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.David Futato designed the interior layout based on a series design by Nancy Priest. Neil Walls converted the files from Microsoft Word to FrameMaker 5.5.6 using tools created by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book; the code font is Constant Willison. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia Free-Hand 9 and Adobe Photoshop 6. This colophon was written by Colleen Gorman.Whenever possible, our books use a durable and flexible lay-flat binding. If the page count exceeds this binding's limit, perfect binding is used.