O'Reilly logo

Incident Response by Richard Forno, Kenneth R. van Wyk

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

While Under Pressure

Incident response operations are highly stressful at times. The hours can be long and the pressures immense. This section presents some guidelines that you should adopt. They are the principal keys to success.

Procedures Were Written for a Reason

Procedures can be either a roadmap or set of guidelines. In particular, they need to govern how an incident is to be handled at a very high level -- and should be ingrained in all members of the response organization as the rules to follow during an incident. Procedures are also necessary to describe how to handle various incidents -- viruses, network intrusions, denial of services, and so forth. Given that procedures are written before an incident and have been reviewed by key players (e.g., Legal) it’s imperative they be followed during an incident to insure that approved processes are followed, especially if you’re bringing a case to court -- it’s absolutely essential that computer evidence be handled in accordance with established, legally admissible procedures. Procedures must allow responders to adapt to certain situations -- but such adaptations must be documented and kept to a minimum!

To illustrate, our company was once the victim of a DDoS attack from a California Internet Service Provider (ISP). We enjoyed a strong working relationship with the ISP’s Chief Technology Officer, who was more than helpful in assisting in the incident response process. Although the California company did not have a robust security ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required