IDS mailing list archives

Re: Got IDS installed, now need incident response plan document

From: Randy Taylor <gnu () charm net>
Date: Fri, 16 May 2003 11:42:14 -0400


Hi Bryan -

Here are two books that may help.

"Writing Information Security Policies", by Scott Barman
and
"Incident Response: A Strategic Guide to Handling System
and Network Security Breaches", by Dr. Gene Schultz and
Russell Shumway

Of the two, the incident response book may give you more
short-term benefit, but from the sounds of it, the security policy
book will probably help you as well.

George Capehart's advice is spot on. Don't let yourself
get rushed into putting out a plan. That path will likely
do more harm than good long term. Educate your boss!

Writing an IR plan isn't "War and Peace", but it isn't
something one can just toss off, either.

Hope this helps.

Randy


At 12:54 AM 5/16/2003 +0000, Bryan Morris wrote:

Hello,

I was able to get our corporate IDS up and running.

Now my boss wants me to design an incident response plan.
Does anyone know of any pre-canned documents I can use, so I don't have tospend 2 weeks writing an incident response document from scratch?
Thanks,
Bryan

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.http://join.msn.com/?page=features/junkmail
-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities- including intrusion identification, relevancy, direction, impact andanalysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges,and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------




-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities- including intrusion identification, relevancy, direction, impact and analysis- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:http://www.securityfocus.com/IntruVert-focus-ids2

-------------------------------------------------------------------------------

Current thread:

Got IDS installed, now need incident response plan document Bryan Morris (May 15)
- Re: Got IDS installed, now need incident response plan document George W. Capehart (May 16)
- Re: Got IDS installed, now need incident response plan document Mark Phillips (May 16)
- Re: Got IDS installed, now need incident response plan document Randy Taylor (May 16)