RE: Incident Handling

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Here is a list of resources that I came up with while researching for the development of my companies Incident Response Plan. It should be relatively thorough:

Computer Security Incident Response Planning - Information Resource List

Websites

 SEI: Handbook for Computer Security Incident Response Teams http://www.sei.cmu.edu/pub/documents/98.reports/pdf/98hb001.pdf

CERT/CC: Computer Security Incident Response http://www.cert.org/csirts/

CERT/CC: Responding to Intrusions
http://www.cert.org/security-improvement/modules/m06.html

AuCERT: Forming an Incident Response Team http://www.auscert.org.au/render.html?it=2252&cid=1920

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SANS: S.C.O.R.E
http://www.sans.org/score/

SANS Reading Room: Incident Handling
http://www.sans.org/rr/incident/

SANS Forum: Incident Handling and Hacker Exploits Forum http://forum.sans.org/discus/messages/79/79.html?1047450013

NIST SP 800-3: Establishing a Computer Security Incident Response Capability
http://csrc.nist.gov/publications/nistpubs/800-3/800-3.pdf

CIAC: Incident Reporting Procedures
http://www.ciac.org/ciac/CIAC_incident_reporting_procs.html

FIRST: Forum of Incident Response and Security Teams http://www.first.org/

IETF: RFC 2196 - The Site Security Handbook (Chapter 5) http://www.ietf.org/rfc/rfc2196.txt?number=2196

IETF: RFC 2350 - Expectations for Computer Security Incident Response http://www.ietf.org/rfc/rfc2350.txt

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

CIO: CyberThreat Response and Reporting Guidelines http://www.cio.com/research/security/incident_response.pdf

ISS: Computer Security Incident Response Planning http://documents.iss.net/whitepapers/csirplanning.pdf

Incident Response: Managing Security at Microsoft http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio ns/msit/security/msirsec.asp

Books

SANS: Computer Security Incident Handling: Step-by-Step http://store.sans.org/store_item.php?item=62

New Riders: Incident Response - A Strategic Guide to Handling System and Network Security Breaches by E. Eugene Schultz and Russell Shumway ISBN: 1578702569 McGraw-Hill: Incident Response - Investigating Computer Crime by Chris Prosise and Kevin Mandia
ISBN: 0072131829 Addison-Wesley: Computer Forensics - Incident Response Essentials by Warren Kruse and Jay Heiser
ISBN: 0201707195 O'reilly: Incident Response by Kenneth R. van Wyk and Richard Forno ISBN: 0596001304 Addison-Wesley: The CERT Guide to System and Network Security Practices by Julia H. Allen
ISBN: 020173723X Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios by Mike Schiffman
ISBN: 0072193840

• - Brad Bemis
• -----Original Message----- From: satya arigela [mailto:a.satyanarayana@digital.com] Sent: Friday, July 04, 2003 12:17 AM To: focus-ih@securityfocus.com Subject: Incident Handling

Hi,

Cau u please give some useful sites which provide information on Incident

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

response / management.

BestRegards

satya

-----BEGIN PGP SIGNATURE-----

Comment: KeyID: 0xB8F26ADD
Comment: Fingerprint: 6E1C D617 CD65 A203 7FD5 4C68 90E7 39F4 B8F2 6ADD

iQA/AwUBPwmeupDnOfS48mrdEQJp6gCg5rh8Zdzd9rKJLkgnTaUEg5yHTWgAoLr+ gv327UP1uXvTuS6sfO1vNFGJ
=BP7R
-----END PGP SIGNATURE-----
Received on Mon Jul 7 12:47:20 2003