All Articles

Stages of Incident Response-

1. method 1

2. method 2

Method1(7-steps)

1. Preparation
2. Identification
   categories based on incident type
3. Containment
4. Investigation
5. Iradication
6. Recovery
7. Follow up

Method2(4-steps)

1. Preparation
2. Detection and Analysis
3. Containment, Eradication and Recovery
4. Post-Incident Activity

--------

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

The incident response plan should include the following elements:
 Mission
 Strategies and goals
 Senior management approval
 Organizational approach to incident response
 How the incident response team will communicate with the rest of the organization and with other
organizations
 Metrics for measuring the incident response capability and its effectiveness
 Roadmap for maturing the incident response capability
 How the program fits into the overall organization

Procedure elements

Sharing information with outside parties

the media

law enforcement

incident handling talk to other outside parties -ISP,s/w vendors,

--

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

Handling an incidence rspons

preparation

detection and analysis

containment,eradication, recovery

postincident activity

incident handling chk

recommendtn

-----

http://technet.microsoft.com/en-us/library/cc700825.aspx

To instigate a successful incident response plan, you should:

• Make an initial assessment.

• Communicate the incident.

• Contain the damage and minimize the risk.

• Identify the type and severity of the compromise.

• Protect evidence.

• Notify external agencies if appropriate.

• Recover systems.

• Compile and organize incident documentation.

• Assess incident damage and cost.

• Review the response and update policies.

---------

http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821

Primary Phases of the CSIRT .....................................................................................16
a) Identification................................................................................................................16
i) Triage Role ................................................................................................................17
ii) Identification Tasks................................................................................................17
b) Containment................................................................................................................19
c) Eradication...................................................................................................................20
d) Recovery ......................................................................................................................21
e) Lessons Learned..........

---------

Other sources-

http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf (stages)
https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf (has warning) [useful url)

http://books.google.co.in/books?id=lPEgnnKWpmYC&pg=PA14&lpg=PA14&dq=skills+required+for+incident+response+personnel&source=bl&ots=gYCcMcKYYo&sig=J7_Lslvwq48PPnF39Bckjtvp9do&hl=en&sa=X&ei=MIgZVMaFL8iwuAS_rYCYDw&ved=0CEMQ6AEwBQ#v=snippet&q=technical%20skills&f=false