Good source of information on incident handling/response?

Good source of information on incident handling/response?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Good source of information on incident handling/response? The Frustrated 10-13-2005
Posted by =?Utf-8?B?VGhlIEZydXN0cmF0ZWQg on October 13, 2005, 10:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I am looking for a good source of information on incident response/handling.
While I do have some books none do a very good job on what do to for
different types of incidents; all provide only general information (contain,
erradicate, etc). I have done quite a bit of searching on Google and have
come up empty.

Does anyone know a resource that provides this type of information?

Posted by Lanwench [MVP - Exchange] on October 13, 2005, 11:16 am
If you were  Registered and logged in, you could reply and use other advanced thread options


> I am looking for a good source of information on incident
> response/handling. While I do have some books none do a very good job
> on what do to for different types of incidents; all provide only
> general information (contain, erradicate, etc). I have done quite a
> bit of searching on Google and have come up empty.
>
> Does anyone know a resource that provides this type of information?

What sorts of things are you trying to log/handle? What do you mean by
"incidence response/handling"? That sounds either very generic, or very
specific to something in a context you haven't specified....




Posted by Malke on October 13, 2005, 11:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options
The Frustrated Monk wrote:

> I am looking for a good source of information on incident
> response/handling. While I do have some books none do a very good job
> on what do to for different types of incidents; all provide only
> general information (contain, erradicate, etc). I have done quite a
> bit of searching on Google and have come up empty.
>
> Does anyone know a resource that provides this type of information?

You didn't specify what sort of incidents, but a great place to start
would be on Microsoft's Technet:

http://www.microsoft.com/technet/Security/default.mspx

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by =?Utf-8?B?VGhlIEZydXN0cmF0ZWQg on October 13, 2005, 12:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am looking for information on how to deal with different types of
incidents. The goal is to provide this to first responders so they can take
preliminary steps while the issue is being escalated.

For example, if one of our Internet-facing web sites is defaced do XYZ. If a
workstation is infected with a worm, then do ABC. If a user is attempting to
access a sensitive system without permission, then do 123.

I am looking for a resource that already has quite a bit done so I do not
have to reinvent the wheel.

Posted by Karl Levinson, mvp on October 13, 2005, 9:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> I am looking for a good source of information on incident
response/handling.
> While I do have some books none do a very good job on what do to for
> different types of incidents; all provide only general information
(contain,
> erradicate, etc). I have done quite a bit of searching on Google and have
> come up empty.

Try the links here:

http://securityadmin.info/resource.asp?category=Forensics%20/%20Incident%20Response




Similar ThreadsPosted
The Phishing Incident Reporting and Termination Squad is Looking For a Few Good Men and Women March 27, 2006, 10:39 pm
French Security Incident Response Team : "Msdds.dll" August 17, 2005, 4:50 pm
User Information. November 8, 2005, 8:08 pm
Grabbing information when all you have is the IP April 16, 2006, 12:19 pm
Important Information November 14, 2006, 8:18 am
Last login information... December 27, 2006, 11:13 am
XML Bulletin information March 19, 2007, 10:47 am
Information Bar Missing September 25, 2007, 1:06 pm
Information Security August 24, 2008, 10:30 am
Firewall blocking information from being sent November 10, 2005, 5:51 pm

The site map in XML format XML site map

Contact Us | Privacy Policy