Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS Incident Escalation Procedure

from [john lokka] Network Security [Permanent Link]
Subject: RE: IDS Incident Escalation Procedure
Date: Thu, 6 Sep 2007 02:43:47 +0000 
Hi There,



Hi,

Would appreciate if anyone can share what should we include to
formulate a IDS/IPS incident escalation procedure.





Thanks,

Jim
-------

Jim,

   You'll want to take into account the  expected effort versus the
expected outcome of the incident. For example, your network has a worm
outbreak. The expected effort is medium (reimage and repatch computers
to a known baseline), but the expected outcome is low (non-law
enforcement involvement). However, a million credit cards are stolen.
The expected effort is high (create forensic-sound images, etc.) and
the expected outcome is high (law enforcement involvement and severe
public relations). This leads to a categorization of incidents and
possibly matrixing. You may want to have columns labeled with
"sysadmin", "forensics team" "cso/cio", and "president" with rows
labeled "virus/worm", "unauthorized user", "unauthorized root",
"Insecure Information Handling", etc. Where the boxes met, a defined
response and/or a check box (meaning level of notification and this
would be explained elsewhere).

hopefully, this helps.

R/
John Lokka, CISSP

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Karalon test report on Snort, jason
Next by Date:  Re: IDS Incident Escalation Procedure, Vijay K
Previous by Thread:  Re: IDS Incident Escalation Procedure, Jerry Dixon
Next by Thread:  Re: IDS Incident Escalation Procedure, khushbu . jithra
Indexes:  [Date] [Thread] [Top] [All Lists]