Incident Response

The number of computer incidents is increasing rapidly. When an incident occurs, how do you know if it's an attack or a glitch in the system? Does anyone in your organization have plans in place for assessing the possible damage?

Incident Response combines technical information with guidelines for administrative planning so that organizations can map out their responses to computer incidents. The authors show how the incident response process needs to be as planned, efficient, and business-like as any other IT operation in a mature organization. Crises happen, and being able to respond to them effectively makes good business sense.

Based on several years of experience in developing and participating in incident response teams, the authors have used their expertise to describe:

• What incident response is and the problems of distinguishing real risk from perceived risk
• The different types of incident response teams, and advantages and disadvantages of each
• Considerations in planning and establishing an incident response team
• State of the Hack information about different types of attacks
• Recommendations and details about available tools for incident response teams
• Details information about all sorts of resources available to incident response teams

Incident Response is a complete guide for organizations of all sizes and types who are addressing their computer security issues.

1. What Is Incident Response?
• Real-Life Incidents
• What Is an Incident?
• About the Bad Guys
• What Is Incident Response?
• Risk Assessment and Incident Response
• Development of Incident Response Efforts
• Are You Ready? Are You Willing?
2. Incident Response Teams
• Who Should Do It?
• Public Resource Teams
• Internal Teams
• Commercial Teams
• Vendor Teams
• Ad Hoc Teams
• Forum of Incident Response and Security Teams (FIRST)
• Now Who Should Do It?
3. Planning the Incident Response Program
• Establishing the Incident Response Program
• Internal Versus External
• Types of Incidents
• Who Are the Clients?
• Summary
4. Mission and Capabilities
• Roles and Responsibilities
• Staffing and Training
• Involving the Critical Players
• List of Contacts
• Setting Up a Hotline
• Establishing Procedures
• Awareness and Advertising
• Fire Drills
• Issues and Pitfalls
5. State of the Hack
• The Moving Target
• Keeping Up with Attack Profiles
• Training
6. Incident Response Operations
• We’ve Been Hit — Now What?
• Incident Response Processes
• While Under Pressure
7. Tools of the Trade
• What’s Out There?
• Network-Based Tools
• Network Monitors and Protocol Analyzers
• Network-Based Intrusion Detection Systems
• Network Vulnerability Scanners
• Other Essential Network-Based Tools
• Host-Based Tools
• Communications
• Encryption
• Removable Storage Media
• The Incident Kit
• If We Ruled the World
8. Resources
• Security Information on the Web
• Incident Response Team Resources
• Commercial Incident Response Service Providers
• Antivirus Products
• Mailing Lists and Newsgroups
• U.S. Government Resources
• Training, Conferences, and Certification Programs
• Legal Resources

1. FIRST
2. Sample Incident Report

A pretty decent book, even if it doesn't have any practical implications (of course, they discuss some contemprorary tools. but they tend to become obsolete very fast).