When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches.
The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references.
IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities.
Inside, readers will find information on:
- Formulating reactive or preventative operational strategy
- Forming, training, and marketing the CIRT
- Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools
- Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses
- Tracking, storing, and counting incident reports and assessing the cost of an incident
- Working with law enforcement and the legal community
- Benefiting from shared resources
- Scrutinizing closed incidents to further prevention
- Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews
- Communicating the CIRT's return on investment through management reporting
About the Author
Julie Lucas is currently the director of security operations for a Fortune 500 financial services company. In this role, she has a direct impact on the daily operations and security monitoring of the company's backbone. Prior to her current role, she served as the general manager for security solutions for Enterasys Networks. As the general manager, she was directly responsible for the company's security solutions, including both products and services.
Julie was an officer in the United States Navy from 1988 to 2000. While on active duty, she became the Naval Computer Incident Response Team (NAVCIRT) officer in 1996. From 1996 through 2000, she helped to develop the NAVCIRT into a world class incident response team, which was responsible for detecting and responding to attacks on Navy and Marine Corps systems worldwide.
Julie has briefed multiple audiences over the years on a variety of computer security-related topics, including presentations at SANS conferences, RSA 2001, ComNet 2002, and the Business Week CIO Summit. She is also a Certified Information Systems Security Professional (CISSP).
Brian R. Moeller, CISSP, is a Senior Security Engineer for Ohio State University's Incident Response Team. In his role at the University, he primarily focuses on analyzing incidents, and devising methods of preventing incidents of a similar nature. Previously, Brian has been a software developer and security engineer for one of the top 10 banks and one of the largest utilities in the US. His professional interests include an OSU-developed firewall and a repeatable method of measuring security risks to computer systems and networks.