Keeping Up with Attack Profiles
Because it is so important to maintain a current knowledge and awareness of the state of the hack, every incident response team must ensure that its members are adequately collecting, analyzing, assimilating, and disseminating the right information. That means that a percentage of time of every person on the team, no matter how small or large, should be spent on maintaining the knowledge base and gathering intelligence. There are a number of ways to do that efficiently, but in the end, there’s no real substitute for reading, testing, and documenting. Some suggestions for maintaining your knowledge base include:
- Open sources of information
There are hundreds of public information sources that directly relate to state of the hack technology issues out on the Internet. These range from web sites to electronic mailing lists and Usenet newsgroups. In fact, finding the groups is the easy part; sifting through the vast amounts of data to separate the quality content from the noise is the difficult part. In their aggregate, these information sources produce an enormous amount of information that is probably more than any one person can reasonably read to any appreciable level of comprehension. One way to optimize a team’s efforts in sifting through these information sources is to assign different lists, technologies, pages, and so forth, to each team member. Another alternative is to use automated data filtering tools to search for particular key words, ...
Get Incident Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
