Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Apr 27, 2007

On building an incident response capability

Mich Kabay has released a superb white paper synthesizing various pieces he has written previously on building an effective Computer Security Incident Response Team. It's 31 golden pages long. I appreciate his comments towards the end, for example, about post-incident reviews coming up with an action plan clearly stating "who intends to deliver precisely what operational result to whom in which form by when". As a former IT auditor, I know the value of going the extra mile, pinning people down to commit to making the changes necessary for actual control improvements. Otherwise, history just repeats. Hindsight may be 20/20 but why is it so difficult to get management to DO the things they admit ought to be done?

Mich has also republished the contents of a training CD on incident response from US DoD's Defense Information Systems Agency (DISA), with their permission. At over 300 megs, it's not short of content.