IDS mailing list archives
Re: Got IDS installed, now need incident response plan document
From: "George W. Capehart" <gwc () capehassoc com>
Date: Fri, 16 May 2003 09:01:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 May 2003 08:54 pm, Bryan Morris wrote:
Hello, I was able to get our corporate IDS up and running. Now my boss wants me to design an incident response plan. Does anyone know of any pre-canned documents I can use, so I dont have to spend 2 weeks writing an incident response document from scratch?
Bryan, Google is your friend. Search on "incident response" (including the quotation marks. You'll get more than you can imagine. Having said that, I think you seriously underestimate the task if you think it would take you only two weeks to write one from scratch . . . Even with templates, it's going to take much longer than that . . . there are *lots* of decisions to make and *many* processes to put into place . . . Don't let your boss push things too fast. An incomplete plan only generates a false sense of security. Plus, a good incident response plan is a living document that evolves with the threats and the organizaion . . . Have fun! ;-) George Capehart - -- George W. Capehart "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+xOE9PhMbfSg3fpARAgpPAJ0dCGXROkKbWCIJBQAto6DDvgkfkgCg3AzU twpTMuISmcQ+ZG9YfhrFZKE= =k1Vp -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Got IDS installed, now need incident response plan document Bryan Morris (May 15)
- Re: Got IDS installed, now need incident response plan document George W. Capehart (May 16)
- Re: Got IDS installed, now need incident response plan document Mark Phillips (May 16)
- Re: Got IDS installed, now need incident response plan document Randy Taylor (May 16)