Re: REVIEW: "Incident Response", Douglas Schweitzer

Stephen J. Smoogen wrote:

> I found the O'Reilly book was good on setting up an Incident Response
>
> team versus Forensics work.
>
> http://www.oreilly.com/catalog/incidentres/index.html
>  
Thanks for the plug.  As you point out, Rick Forno and I tried to 
address how create and start an IRT in our book, which is now out of 
print by the way.  We saw (and still see) forensics as being very 
different than incident response.  (More recent nomenclature would 
probably be "incident handling" or "incident management", but that's 
beside the point.)

In any case, our book is quite out of date as well as out of print.  The 
good news, though, is that the kind folks over at O'Reilly have given it 
back to us at our request.  We're planning on open sourcing it, making 
it available as a free resource to the community, as well as working on 
some of its much-needed updates.  Not sure about the timeline, but the 
process is currently under way.  Ideas, suggestions, volunteer effort, 
etc., are always appreciated.

I'd also suggest, by the way, looking at NIST's incident handling guide, 
Special Publication 800-61 
(http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf).  IMHO, 
it's a good document.  Although it's a tad US government centric, 
there's still a lot of valuable information there for others.

Cheers,

Ken van Wyk
http://www.KRvW.com