• Incident Response

    by  • July 30, 2009 • G-I, Incident Response / Forensics

    Rating five

    The Bottom Line

    This book should be required reading for anyone tasked with handling security incidents. It covers all aspects of security incident response and includes tools and utilities you can use.
    Pros
    • Excellent guide for handling security incidents
    • Includes CD with forensic data tools
    • Appendix covers implications of Patriot Act
    Cons
    • None

    Description

    • Terrific overview of all aspects of responding to a security incident.
    • Well written and easy to read. Provides the information you need without being too techie
    • Comprehensive information. Should be kept around as a desk reference for incident response.
    • Appendixes provide detailed explanation of the USA PATRIOT Act of 2001 and rules of evidence.
    • Includes CD with incident response checklists and various trialware and freeware utilities.

    Review:

    Douglas Schweitzer does a superb job of providing the reader with the knowledge they need to respond to computer security incidents. Incident Response walks the reader through all of the phases of computer incident response: preparation, detection, gathering clues and evidence, cleaning the system, recovering lost data and applying any lessons learned to prevent future incidents. Each phase is explained in detail in a clear, well-written manner that is easy to follow. Especially valuable are the sections pertaining to the rules of evidence and how to handle a security incident without destroying the evidence. The information on the USA PATRIOT Act in the appendix is valuable for information security as well. Definitely a book I recommend.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com