• Effective Incident Response Team

    by  • July 29, 2009 • D-F

    Rating

    The Bottom Line

    Moving through phases of computer security metamorphosis, many companies are now arriving at the point where they realize they should form some sort of incident response team or at least an incident response process. Having moved from installing a network to implementing firewalls and antivirus, more and more are also learning that they need to know how to respond when an incident does occur. This book will help managers work through defining and forming a computer incident response team.
    Pros
    • Authors bring years of CIRT experience to writing this book
    • Good coverage of info without being too cumbersome or technical
    • Appendices filled with useful information to help manage incident response
    Cons
    • Primarily targeted at forming and managing team- not technical response

    Description

    • Provides knowledge you need to help define the roles and scope of your CIRT
    • Good overview of the Carnegie Mellon CERT agency and its formation and operational functions
    • Great high-level overview. People tasked with actually handling incidents may need more tech info
    • Provides references to a number of valuable tools that you can use for your CIRT

    Review

    Julie Lucas and Brian Moeller bring a lot of knowledge and experience to the table in creating this book. The focus of The Effective Incident Response Team is not to teach you everything you need to know to respond to computer intrusions or incidents. The goal of the book is to help a manager understand the roles and functions of a CIRT (computer incident response team) and answer the questions they need to answer to define and form their own CIRT.The Effective Incident Response Team begins with a brief history of computer incidents and incident response teams and a short overview of the grandmother of all CIRT’s- the Carnegie Mellon CERT (computer emergency response team). To this day the Carnegie Mellon CERT remains as one of the primary sources of reliable information and one of the key resources that many rely on when creating their own CIRT processes.

    The book goes on to define the scope and some of the roles and responsibilities you will need to consider in creating your own incident response team. It does so in relatively plain English and at a fairly high level. Again, the goal is to help a manager define and form a team- not to provide the level of technical expertise required to actually be on the team.

    For managers who have been tasked with forming or leading a CIRT or defining their incident response process this book can be a great start. For those looking for more technical depth you may want to refer to books like Incident Response by Douglas Schweitzer.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com