Security Incidents mailing list archives
RE: Incident investigation methodologies
From: Steven Trewick <STrewick () joplings co uk>
Date: Mon, 7 Jun 2004 15:46:48 +0100
One more thing to think about...what happens when you go to the doctor? When you go to a doctor's office with a complaint, does he simply give you a lethal injection then perform an autopsy to determine what was wrong with you? Or does he collect volatile information...interview you, ask you questions, take your temperature and blood pressure, etc?
That is simply the single most bogus metaphor I've heard this week. In the real world, production systems need to go back into production ASAP. Frontline support staff simply do not have the time or resource (or often even the knowledge) to conduct lengthy forensic investigations. Time = Money, that's a cold, hard fact, and there simply isn't any way around it. If my choice as a human being was to perform a procedure on myself that would cost a minimal amount of resource, and take a minimal amount of time, or a lengthy and costly series of investigations that would take forever, be painful, and possibly, ultimately inconclusive, which would I pick ? </code> The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. joplings.co.uk
Current thread:
- Re: Incident investigation methodologies FRCMSEC (Jun 04)
- Re: Incident investigation methodologies Harlan Carvey (Jun 04)
- <Possible follow-ups>
- Re: Incident investigation methodologies Maarten Van Horenbeeck (Jun 04)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 04)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Barry Fitzgerald (Jun 09)
- RE: Incident investigation methodologies Tim Hollebeek (Jun 10)
- Re: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Gaydosh, Adam (Jun 04)
- RE: Incident investigation methodologies Steven Trewick (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Dave Paris (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 07)
- RE: Incident investigation methodologies pfft (Jun 13)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 13)