Re: Online Incident Response Management

["Brooks Garrett" <bg () brooksgarrett com>]

My concern is the wiki/sharepoint site will *Work*, but I want
something functional and something that has MOV, not just another tool
for the sake of having it. The industry at large has seemed to fall
into this rut of implementing the newest tools and products without
ever actually defining actionable responses to the output of those
utilities!

On Mon, Jul 14, 2008 at 11:08 AM, Daniel I. Didier
<ddidier () netsecureia com> wrote:
> Brooks,
> This is a great topic / idea.  I currently use the built in
> case-management feature of Cisco MARS.  However, if there is an incident
> outside this system, it obviously isn't optimum for handling it.  I
> could manually enter information and track it there, but it wouldn't
> have the ability to upload documents and such.  I work with a number of
> organizations, and most of they simply keep a paper record, or some type
> of unorganized electronic documents (.doc or .pdf).  I too am interested
> to see what others may have employed for this.  I think a sharepoint /
> wiki site may be able to work well but I'm curious what other solutions
> are in use.
>
> Dan
> http://www.NetSecureIA.com
>
> > -----Original Message-----
> > From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> > On Behalf Of Brooks Garrett
> > Sent: Monday, July 14, 2008 10:42 AM
> > To: security-basics () securityfocus com
> > Subject: Online Incident Response Management
> >
> > I'm looking for a way to bring my Incident Response SOP's online to
> > better document and control our Incidents. Are you guys currently
> > using any software for this purpose? I've looked at building a custom
> > Sharepoint site and also evaluated doing a Wiki. I'm really curious to
> > see what the rest of the industry is doing, so any input?
> >
> > --
> > Thanks!
> >
> > Brooks Garrett



-- 
Robert Bulwer-Lytton