Computer incident response and product security

Format:

Book

Author/Creator:

Rajnovic, Damir, Author.

Language:

English

Subjects (All):

Copmputer networks--Security measures.

Copmputer networks.

Computer crimes--Risk assessment.

Computer crimes.

Data recovery (Computer science).

Physical Description:

1 online resource (xx, 225 p.) : ill.

Edition:

1st edition

Place of Publication:

[Place of publication not identified] Cisco Press 2011

Language Note:

English

System Details:

text file

Summary:

Learn how to build a Security Incident Response team with guidance from a leading SIRT from Cisco Gain insight into the best practices of one of the foremost incident response teams Master your plan for building a SIRT (Security Incidence Response Team) with detailed guidelines and expert advice for incident handling and response Review legal issues from a variety of national perspectives, and consider practical aspects of coordination with other organizations Network Security Incident Response provides practical guidelines for building an SIRT team as well offering advice on responding to actual incidents. For many companies, incident response is new territory. Some companies do not have an incidence response team at all. Some would like to have one but need guidance to start and others would like to improve existing practices. Today, there are only a handful of organizations that do have mature and experienced teams. For that reason this book is structured to provide help in both creating and running an effective Security Incident Response Team. Organizations who are evaluating whether to invest in a SIRT or who are just getting started building one will find the information in this book to be invaluable in helping them understand the nature of the threats, justifying resources, and building effective IR (Incidence Response) teams. Established IR teams will also benefit from the best practices highlighted in building IR teams as well as information on the current state of incident response handling, incident coordination, and legal issues. Written by a leading SIRT (Security Incident Response Team) from Cisco, the expertise and guidance provided in this book will serve as the blueprint for successful incidence response planning for most any organization.

Contents:

Cover

Contents

Introduction

Part I: Computer Security Incidents

Chapter 1 Why Care About Incident Response?

Instead of an Introduction

Reasons to Care About Responding to Incidents

How Did We Get Here or "Why Me?"

Summary

References

Chapter 2 Forming an IRT

Steps in Establishing an IRT

Define Constituency

Ensure Upper-Management Support

Secure Funding and Funding Models

Central, Distributed, and Virtual Teams

Developing Policies and Procedures

Chapter 3 Operating an IRT

Team Size and Working Hours

New Team Member Profile

Advertising the IRT's Existence

Acknowledging Incoming Messages

Cooperation with Internal Groups

Be Prepared!

Measure of Success

Chapter 4 Dealing with an Attack

Assigning an Incident Owner

Law Enforcement Involvement

Assessing the Incident's Severity

Assessing the Scope

Solving the Problem

Involving Other Incident Response Teams

Involving Public Relations

Post-Mortern Analysis

Chapter 5 Incident Coordination

Multiple Sites Compromised from Your Site

How to Contact Somebody Far Away

Working with Different Teams

Keeping Track of Incident Information

Product Vulnerabilities

Exchanging Incident Information

Chapter 6 Getting to Know Your Peers: Teams and Organizations Around the World

FIRST

APCERT

TF-CSIRT

BARF

InfraGard

ISAC

NSP-Security Forum

Other Forums and Organizations of Importance

Part II: Product Security

Chapter 7 Product Security Vulnerabilities

Definition of Security Vulnerability

Severe and Minor Vulnerabilities

Fixing Theoretical Vulnerabilities, or Do We Need an Exploit?

Internally Versus Externally Found Vulnerabilities.

Are Vendors Slow to Produce Remedies?

Reasons For and Against Applying a Remedy

Question of Appliances

Chapter 8 Creating a Product Security Team

Why Must a Vendor Have a Product Security Team?

Placement of a PST

Product Security Team Roles and the Team Size

Virtual Team or Not?

Chapter 9 Operating a Product Security Team

Working Hours

Supporting Technical Facilities

Third-Party Components

Chapter 10 Actors in Vulnerability Handling

Researchers

Vendors

Coordinators

Users

Interaction Among Actors

Chapter 11 Security Vulnerability Handling by Vendors

Known Unknowns

Steps in Handling Vulnerability

Discovery of the Vulnerability

Initial Triage

Reproduction

Detailed Evaluation

Remedy Production

Remedy Distribution and Notification

Monitoring the Situation

Chapter 12 Security Vulnerability Notification

Types of Notification

When to Disclose Vulnerability

Amount of Information in the Notice

Disclosing Internally Found Vulnerabilities

Public Versus Selected Recipients

Vulnerability Predisclosure

Scheduled Versus Ad Hoc Notification Publication

Vulnerability Grouping

Notification Format

Push or Pull

Internal Notification Review

Notification Maintenance

Access to the Notifications

Chapter 13 Vulnerability Coordination

Why Cooperate and How to Deal with Competitors

Who Should Be a Coordinator?

How to Coordinate Vendors on a Global Scale

Index.

Notes:

Bibliographic Level Mode of Issuance: Monograph

Includes bibliographical references and index.

Description based on publisher supplied metadata and other sources.

ISBN:

9786612905841

9781282905849

1282905848

9780132491488

0132491486

OCLC:

1027191331