Educause Security Discussion mailing list archives
Re: [unisog] Incident Response Procedures
From: Bob Mahoney <bobmah () MIT EDU>
Date: Thu, 22 Jul 2004 11:22:22 -0400
Jason- A colleague and I presented a paper at the June FIRST conference, "Incident Response and Large Event Handling in the Research University" While it does not describe the current structure of security response at MIT, some of the topics raised might be of interest, as you discuss your own approaches. You can get a copy at: http://www.zanshinsecurity.com/University-IR-Large-Events-FIRST-2004.pdf We began the paper back when I was still leading MIT's team. (Please note that I no longer speak for the Institute in security matters.) I'd also suggest getting a copy of two great books: "The CERT Guide to System and network Security Practices" (Addison Wesley) by Julia Allen (who modestly did not mention it directly :-), and "Incident Response Planning and Management" (O'Reilly) by Kenneth van Wyk & Richard Forno Both *well* worth the time... -Bob At 4:21 PM -0400 7/21/04, Jason Brooks wrote:
We are working on formulating an Incident Response Policy and Procedure. We've scoured the net and found little that aids us in the Higher Ed sector; most are geared for business. So, not wanting to unnecessarily reinvent the wheel, we are soliciting input. Does anyone have any IRP/Procedures that they would be willing to share? Thanks, Jason Brooks Jason Brooks Information Security Technician Longwood University 201 High Street Farmville, VA 23909 (434) 395-2034 mailto:brooksje () longwood edu _______________________________________________ unisog mailing list unisog () lists sans org http://www.dshield.org/mailman/listinfo/unisog
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: [unisog] Incident Response Procedures Bob Mahoney (Jul 22)