Security Incidents mailing list archives
RE: Simple Windows incident response methodology
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Mon, 14 Jun 2004 10:55:48 -0400
For example, if there is any suspicion of child pornography, we punt it towards a forensically sound investigation. If there is financial fraud, it could go either way (due to fear of negative publicity out-weighing legal recourse). If its normal hacking or warez, it usually fine to just figure out what happened, and move along, since most law enforcement don't want to mess with it anyway. It is not a bad idea to have a list of criteria, approved by legal counsel, as part of your IR plan, but for that matter, legal should be part of the planning process anyway. Mark Lachniet
-----Original Message----- From: Mike Lyman [mailto:mlyman-security () comcast net] The decision to end and an incident as quickly as possible or to take legal action was often explicitely spelled out in our incident response plans in my previous job
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040614 ----------------------------------------------------------------------------
Current thread:
- RE: [ok] Simple Windows incident response methodology, (continued)
- RE: [ok] Simple Windows incident response methodology Curt Purdy (Jun 09)
- Spammers bypassing Cisco ACL's?? Chris Harrington (Jun 10)
- Re: Spammers bypassing Cisco ACL's?? Mark Coleman (Jun 10)
- RE: [ok] Simple Windows incident response methodology Harlan Carvey (Jun 14)
- Spammers bypassing Cisco ACL's?? Chris Harrington (Jun 10)
- Re: Simple Windows incident response methodology H Carvey (Jun 08)
- RE: Simple Windows incident response methodology Lachniet, Mark (Jun 09)
- RE: Simple Windows incident response methodology Harlan Carvey (Jun 10)
- Re: Simple Windows incident response methodology Steve Barnet (Jun 11)
- Re: Simple Windows incident response methodology Harlan Carvey (Jun 11)
- RE: Simple Windows incident response methodology Mike Lyman (Jun 14)
- RE: Simple Windows incident response methodology Harlan Carvey (Jun 10)
- RE: [ok] Simple Windows incident response methodology Curt Purdy (Jun 09)
- RE: Simple Windows incident response methodology Lachniet, Mark (Jun 14)
- RE: Simple Windows incident response methodology Brad Webb (Jun 20)