Re: Got IDS installed, now need incident response plan document

["George W. Capehart" <gwc () capehassoc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 15 May 2003 08:54 pm, Bryan Morris wrote:
> Hello,
>
> I was able to get our corporate IDS up and running.
>
> Now my boss wants me to design an incident response plan.
>
> Does anyone know of any pre-canned documents I can use, so I don’t
> have to spend 2 weeks writing an incident response document from
> scratch?

Bryan,

Google is your friend.  Search on "incident response" (including the 
quotation marks.  You'll get more than you can imagine.  Having said 
that, I think you seriously underestimate the task if you think it 
would take you only two weeks to write one from scratch . . .  Even 
with templates, it's going to take much longer than that . . . there 
are *lots* of decisions to make and *many* processes to put into place 
. . .  Don't let your boss push things too fast.  An incomplete plan 
only generates a false sense of security.  Plus, a good incident 
response plan is a living document that evolves with the threats and 
the organizaion . . .

Have fun!  ;-)

George Capehart
- -- 
George W. Capehart

"With sufficient thrust, pigs fly just fine . . ."
 -- RFC 1925

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+xOE9PhMbfSg3fpARAgpPAJ0dCGXROkKbWCIJBQAto6DDvgkfkgCg3AzU
twpTMuISmcQ+ZG9YfhrFZKE=
=k1Vp
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------