Product Description

This book teaches readers what they need to know to not only set up an incident response effort, but also how to improve existing incident response efforts. The book provides a comprehensive approach to incident response, covering everything necessary to deal with all phases of incident response effectively ¿ spanning from pre-incident conditions and considerations to the end of an incident.

Although technical considerations, (e.g. the particular binaries in Unix and Linux and dynamically linked libraries in Windows NT and Windows 2000) that need to be inspected in case they are corrupted, the types of logging data available in major operating systems and how to interpret it to obtain information about incidents, how network attacks can be detected on the basis of information contained in packets, and so on ¿ the major focus of this book is on managerial and procedural matters. Incident Response advances the notion that without effective management, incident response cannot succeed.

Product Details

• Amazon Sales Rank: #826521 in Books
• Published on: 2001-11-18
• Original language: English
• Dimensions: .86" h x 7.05" w x 8.99" l, 1.38 pounds
• Binding: Paperback
• 408 pages

From Amazon.co.uk
Incident Response fills a need that's existed in the security book market for some time. The authors--a pair of accomplished incident response experts, not merely researchers--have converted to book form their accumulated wisdom on the question of how to respond to an attack on computer systems. Their expertise is only partly technical; much of what Eugene Schultz and Russell Shumway have written has to do with legal questions and policy decisions. It's a reasonable balance, considering that the state of the art in network intrusion (and defence against it) changes frequently and security administrators are better armed with concepts and strategies than with "click this, type that" instructions. The explicit technical material that does appear here is nicely balanced between Windows and Unix systems, and clearly explains networking details of interest to security people and their managers. The explanation of how a spanning port can make a switch work like a hub for purposes of packet monitoring--nearly entirely prose--is one example of high-quality technical coverage that will remain valuable as operating systems and other network details change over time.

Unlike many books about computers, this one deserves to be read cover-to-cover. The authors have points to make, and they generally build on their earlier thoughts as they go. Some material in these pages seems somewhat obvious--the advice to dress nicely for a media interview, for example--but it all fits with the authors' goal of showing their readers how to react (in all respects) to security problems when they happen. Read this, be prepared for trouble, and know how to educate others about incident response. --David Wall

Topics covered: how an organisation should react--organisationally, technically, legally and in terms of public relations--to incidents of unauthorised access (originating both internally and externally) to its computer systems.

From the Back Cover

The increasing complexity and diversity of systems, applications, and networks has made them more difficult to defend. As companies continue to experience losses due to security breaches, security professionals must take a new approach in protecting their assets. By using monitoring and detection measures with prompt intervention, you can reduce the magnitude of incidents. This book gives you the information you need to develop an effective incident response strategy. Providing specific security plans from internationally recognized experts on the topic, illustrated through case studies showing real-world application, Incident Response provides comprehensive coverage of all phases of incident response, from pre-incident conditions and considerations to post-incident analysis. Dr. E. Eugene Schultz and Russell Shumway (along wiht a contribution by Dr. Terry Gudaitis) teach you security principles that help you minimize information loss and system disruption.

About the Author

Dr. E. Eugene Schultz, founder and former manager of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) team, is currently on the support staff of Global Integrity's REACT team¿the first commercial incident response capability.

Russell Shumway is the director of intelligence and response services with Network Security Corporation, which is responsible for the management of NSEC's Incident Mitigation and Open-Source Monitoring services. Russ previously worked as the technical director of Global Integrity Corporation's REACT program, where he worked on numerous computer-security incidents for clients ranging from Fortune 100 companies to private individuals and provided consulting services to 7 of the top 10 financial services companies in the United States and 13 of the top 50 in the world. He assisted in the design and development of Global Integrity's Financial Services Incident Sharing and Advisory Center (FS/ISAC). Dr. Terry Gudaitis is a behavioral scientist/criminologist who has 12 years of experience in research and applied practice in the discipline of behavioral assessment and profiling. She received her MA and Ph.D. from the University of Florida. Since 1987, she has provided domestic and international assessments and profiles for academia, local law enforcement, federal agencies and bureaus, and private industry.

Dr. Gudaitis has worked with the Central Intelligence Agency as a criminal psychologist at the CounterTerrorist Center. Currently, Dr. Gudaitis is responsible for the integration of behavioral/criminal profiling and computer forensics at Global Integrity Corporation, a Science Applications International Corporation (SAIC) subsidiary. Dr. Gudaitis provides consultation, human systems assessment, and profiling services to private industry. Dr. Gudaitis has recently published articles in CyberPsychology and Behavior, Imp Magazine, presented on the "Insider Threat" at SecureComm98, was a guest speaker on "Cyber Crime Profiling" for Leadership America-Greater Washington, and is an active member of the High Technology Crime Investigative Association.