Stephen J. Smoogen wrote:

> I found the O'Reilly book was good on setting up an Incident Response
>
>team versus Forensics work.
>
>http://www.oreilly.com/catalog/incidentres/index.html
>
>
Thanks for the plug. As you point out, Rick Forno and I tried to
address how create and start an IRT in our book, which is now out of
print by the way. We saw (and still see) forensics as being very
different than incident response. (More recent nomenclature would
probably be "incident handling" or "incident management", but that's
beside the point.)

In any case, our book is quite out of date as well as out of print. The
good news, though, is that the kind folks over at O'Reilly have given it
back to us at our request. We're planning on open sourcing it, making
it available as a free resource to the community, as well as working on
some of its much-needed updates. Not sure about the timeline, but the
process is currently under way. Ideas, suggestions, volunteer effort,
etc., are always appreciated.

I'd also suggest, by the way, looking at NIST's incident handling guide,
Special Publication 800-61
(http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf). IMHO,
it's a good document. Although it's a tad US government centric,
there's still a lot of valuable information there for others.

Cheers,

Ken van Wyk
http://www.KRvW.com

[ reply ]