Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Incident Escalation Procedure

from [khushbu . jithra] Network Security [Permanent Link]
Subject: Re: IDS Incident Escalation Procedure
Date: 17 Sep 2007 05:02:12 -0000 
Hi Jim,

Usually, an Incident Escalation procedure for an IDS stems from
1. The structure of the core Incident Response Team
2. Adherence to any higher level policy, if required (in line with escalation 
matrices defined in the business continuity plans)
3. SLAs signed with clients - internal and external

One suggested team structure is
1. Computer Incident Response Team (CIRT) leader
2. Incident Handler
3. Database Administrators
4. Legal Counsel

Now depending on the nature and category of alerts coming from the IDS, an 
incident can be escalated from the incident handler to CIRT leader to database 
admin to Legal Counsel. Also, the escalation may vary depending on the severity 
of alerts.

As Vijay rightly pointed, you can refer to the NIST SP 800-61 publication, the 
Incident Notification section. This provides a sample list of parties which are 
usually notified.

HTH,
Khushbu Jithra
Information Security Consultant
NII Consulting
Web: http://www.niiconsulting.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPS Implementaion, Göran Sandahl
Next by Date:  RE: IDS Incident Escalation Procedure, Dimitrios Patsos
Previous by Thread:  RE: IDS Incident Escalation Procedure, john lokka
Next by Thread:  RE: IDS Incident Escalation Procedure, Dimitrios Patsos
Indexes:  [Date] [Thread] [Top] [All Lists]