Re: [unisog] Incident Response Procedures

[Bob Mahoney <bobmah () MIT EDU>]

Jason-

A colleague and I presented a paper at the June FIRST conference,
"Incident Response and Large Event Handling in the Research
University"   While it does not describe the current structure of
security response at MIT, some of the topics raised might be of
interest, as you discuss your own approaches.  You can get a copy at:

http://www.zanshinsecurity.com/University-IR-Large-Events-FIRST-2004.pdf

We began the paper back when I was still leading MIT's team.  (Please
note that I no longer speak for the Institute in security matters.)

I'd also suggest getting a copy of two great books:

 "The CERT Guide to System and network Security Practices" (Addison
Wesley) by Julia Allen (who modestly did not mention it directly
:-), and

"Incident Response Planning and Management" (O'Reilly) by Kenneth van
Wyk & Richard Forno

Both *well* worth the time...

-Bob

At 4:21 PM -0400 7/21/04, Jason Brooks wrote:
> We are working on formulating an Incident Response Policy and Procedure.
> We've scoured the net and found little that aids us in the Higher Ed sector;
> most are geared for business.  So, not wanting to unnecessarily reinvent the
> wheel, we are soliciting input.
>
> Does anyone have any IRP/Procedures that they would be willing to share?
>
> Thanks,
> Jason Brooks
>
> Jason Brooks
> Information Security Technician
> Longwood University
> 201 High Street
> Farmville, VA 23909
> (434) 395-2034
> mailto:brooksje () longwood edu
>
> _______________________________________________
> unisog mailing list
> unisog () lists sans org
> http://www.dshield.org/mailman/listinfo/unisog

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.