Security Incidents mailing list archives
Re: REVIEW: "Incident Response", Douglas Schweitzer
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Fri, 27 Jan 2006 09:11:34 -0500
Stephen J. Smoogen wrote:
Thanks for the plug. As you point out, Rick Forno and I tried to address how create and start an IRT in our book, which is now out of print by the way. We saw (and still see) forensics as being very different than incident response. (More recent nomenclature would probably be "incident handling" or "incident management", but that's beside the point.)I found the O'Reilly book was good on setting up an Incident Response team versus Forensics work. http://www.oreilly.com/catalog/incidentres/index.html
In any case, our book is quite out of date as well as out of print. The good news, though, is that the kind folks over at O'Reilly have given it back to us at our request. We're planning on open sourcing it, making it available as a free resource to the community, as well as working on some of its much-needed updates. Not sure about the timeline, but the process is currently under way. Ideas, suggestions, volunteer effort, etc., are always appreciated.
I'd also suggest, by the way, looking at NIST's incident handling guide, Special Publication 800-61 (http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf). IMHO, it's a good document. Although it's a tad US government centric, there's still a lot of valuable information there for others.
Cheers, Ken van Wyk http://www.KRvW.com
Current thread:
- Re: REVIEW: "Incident Response", Douglas Schweitzer, (continued)
- Re: REVIEW: "Incident Response", Douglas Schweitzer frank_kenisky (Jan 23)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Dude VanWinkle (Jan 23)
- RE: Re: REVIEW: "Incident Response", Douglas Schweitzer Cooper, Christopher (Jan 24)
- RE: Re: REVIEW: "Incident Response", Douglas Schweitzer Robinson, Sonja (Jan 24)
- Re: Re: REVIEW: "Incident Response", Douglas Schweitzer frank_kenisky (Jan 24)
- RE: Re: REVIEW: "Incident Response", Douglas Schweitzer Mike Coliton (Jan 24)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Meadows, Chip (Jan 24)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Stephen J. Smoogen (Jan 24)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Volker Tanger (Jan 25)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Jess Garcia (Jan 25)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Kenneth R. van Wyk (Jan 27)
- Re: REVIEW: "Incident Response", Douglas Schweitzer Stephen J. Smoogen (Jan 24)
- Re: REVIEW: "Incident Response", Douglas Schweitzer frank_kenisky (Jan 23)
- RE: REVIEW: "Incident Response", Douglas Schweitzer Chain, David (NA ITRC Team Lead) (Jan 25)