Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: REVIEW: "Incident Response", Douglas Schweitzer

From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Fri, 27 Jan 2006 09:11:34 -0500
Stephen J. Smoogen wrote:


I found the O'Reilly book was good on setting up an Incident Response

team versus Forensics work.

http://www.oreilly.com/catalog/incidentres/index.html
Thanks for the plug. As you point out, Rick Forno and I tried to address how create and start an IRT in our book, which is now out of print by the way. We saw (and still see) forensics as being very different than incident response. (More recent nomenclature would probably be "incident handling" or "incident management", but that's beside the point.)
In any case, our book is quite out of date as well as out of print. The good news, though, is that the kind folks over at O'Reilly have given it back to us at our request. We're planning on open sourcing it, making it available as a free resource to the community, as well as working on some of its much-needed updates. Not sure about the timeline, but the process is currently under way. Ideas, suggestions, volunteer effort, etc., are always appreciated.
I'd also suggest, by the way, looking at NIST's incident handling guide, Special Publication 800-61 (http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf). IMHO, it's a good document. Although it's a tad US government centric, there's still a lot of valuable information there for others. 

Cheers,

Ken van Wyk
http://www.KRvW.com
Previous By Date Next
Previous By Thread Next

Current thread: