Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS Incident Escalation Procedure

from [Dimitrios Patsos] Network Security [Permanent Link]
Subject: RE: IDS Incident Escalation Procedure
Date: Tue, 18 Sep 2007 09:38:08 +0300 
Hi all,

I've recently co-authored a paper for the current state of the art in
Incident Response, called "On Incident Handling and Response: A
state-of-the-art approach. It provides guidelines for the formation of an
Incident Handling Team, the points of contact,methodology and procedures.

It's under property of Elsevier Computers & Security 25(5):351-370,2006, but
I'm pretty sure that it can be found somewhere online.

Hope this helps.

Dimitrios Patsos
Ph.D.(Cand.),M.S.c,CCDA,CCSE,CME,CHFA


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of khushbu.jithra@gmail.com
Sent: Monday, September 17, 2007 08:02
To: focus-ids@securityfocus.com
Subject: Re: IDS Incident Escalation Procedure

Hi Jim,

Usually, an Incident Escalation procedure for an IDS stems from
1. The structure of the core Incident Response Team
2. Adherence to any higher level policy, if required (in line with
escalation matrices defined in the business continuity plans)
3. SLAs signed with clients - internal and external

One suggested team structure is
1. Computer Incident Response Team (CIRT) leader
2. Incident Handler
3. Database Administrators
4. Legal Counsel

Now depending on the nature and category of alerts coming from the IDS, an
incident can be escalated from the incident handler to CIRT leader to
database admin to Legal Counsel. Also, the escalation may vary depending on
the severity of alerts.

As Vijay rightly pointed, you can refer to the NIST SP 800-61 publication,
the Incident Notification section. This provides a sample list of parties
which are usually notified.

HTH,
Khushbu Jithra
Information Security Consultant
NII Consulting
Web: http://www.niiconsulting.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Incident Escalation Procedure, khushbu . jithra
Next by Date:  RE: IDS Incident Escalation Procedure, Simon Taylor
Previous by Thread:  Re: IDS Incident Escalation Procedure, khushbu . jithra
Next by Thread:  RE: IDS Incident Escalation Procedure, Simon Taylor
Indexes:  [Date] [Thread] [Top] [All Lists]