You are previewing Effective Incident Response Team, The.
O'Reilly logo
Effective Incident Response Team, The

Book Description

When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches.

The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references.

IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities.

Inside, readers will find information on:

  • Formulating reactive or preventative operational strategy

  • Forming, training, and marketing the CIRT

  • Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools

  • Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses

  • Tracking, storing, and counting incident reports and assessing the cost of an incident

  • Working with law enforcement and the legal community

  • Benefiting from shared resources

  • Scrutinizing closed incidents to further prevention

  • Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews

  • Communicating the CIRT's return on investment through management reporting

  • 0201761750B10062003

    Table of Contents

    1. Copyright
    2. Foreword
    3. Preface
    4. Welcome to the Information Age
      1. A Brief History
      2. What Does This Mean to My Organization?
      3. Examples of Incident Response Teams
      4. Some Statistics
      5. Summary
    5. What's Your Mission?
      1. Focus and Scope
      2. Working with Law Enforcement
      3. Operational Strategy
      4. Services Offered
      5. The Importance of Credibility
      6. Summary
    6. The Terminology Piece
      1. What Is a Computer Incident?
      2. An Incident Taxonomy
      3. Common Vulnerability and Exposure (CVE) Project
      4. Summary
    7. Computer Attacks
      1. Consequences of Computer Attacks
      2. Attack Vectors
      3. Malicious Logic
      4. Summary
    8. Forming the Puzzle
      1. Putting the Team Together
      2. Facilities
      3. Products and Tools
      4. Funding the Team
      5. Training
      6. Marketing the Team
      7. Dealing with the Media
      8. Summary
    9. Teamwork
      1. External Team Members
      2. Internal Teamwork
      3. Summary
    10. Selecting the Products and Tools
      1. Training as a Tool
      2. Sound Security Practices
      3. The Tools of the Trade
      4. Using the Tools
      5. Summary
    11. The Puzzle in Action
      1. The Life Cycle of an Incident
      2. Incident Reporting
      3. Keeping Current
      4. Writing Computer Security Advisories
      5. Summary
    12. What Did That Incident Cost?
      1. Statistics and Cases
      2. Forms of Economic Impact
      3. An Incident Cost Model
      4. Summary
    13. The Legal Eagles
      1. Working with the Legal Community
      2. Needed—Case Law
      3. Reporting Computer Crime
      4. Summary
    14. Computer Forensics: An Evolving Discipline
      1. The World of Forensics
      2. Overview and Importance of Computer Forensics
      3. Summary
    15. Conclusions
    16. Sample Incident Report Form
    17. Federal Code Related to Cyber Crime
      1. 18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices
      2. 18 U.S.C. 1030. Fraud and Related Activity in Connection with Computers: As amended October 11, 1996
      3. 18 U.S.C. 1362. Communication Lines, Stations, or Systems
    18. Sample Frequently Asked Questions
    19. Domain Name Extensions Used for Internet Addresses
    20. Well-Known Port Numbers
    21. Glossary
    22. Bibliography
      1. Books
      2. Reports and Articles
      3. Web Sites