Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members. Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components. Provides readers with a complete handbook on computer incident response from the perspective of forensics team managementIdentify the key steps to completing a successful computer incident response investigation Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams
- Federal Information Processing Standards (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems, December 2003.Google Scholar
- Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.Google Scholar
- Federal Information Security Management Act of 2002 (FISMA).Google Scholar
- National Institute of Standards and Technology Special Publication 800- 53, rev. 4, Recommended Security Controls for Federal Information Systems.Google Scholar
- National Institute of Standards and Technology Special Publication 800- 61 rev. 1, Computer Security Incident Handling Guide, March 2008.Google Scholar
- National Institute of Standards and Technology Special Publication 800- 86, Guide To Integrating Forensic Techniques into Incident Response, August 2006.Google Scholar
- Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Information Resources, November 2000.Google Scholar
- Office of Management and Budget M-06-15, Safeguarding Personally Identifiable Information.Google Scholar
- Office of Management and Budget M-06-16, Protection of Sensitive Agency Information.Google Scholar
- Office of Management and Budget M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments.Google Scholar
- The Privacy Act of 1974.Google Scholar
- The Computer Fraud and Abuse Act of 1987.Google Scholar
- "Windows Forensics and Incident Recovery," Harlan Carvey, Addison-Wesley, New York, NY, 2005.Google Scholar
- "Incident Response: Computer Forensics Toolkit," Douglas Schweitzer, Wiley Publishing, Indianapolis, IN, 2003.Google Scholar
- "Computer Forensics: Computer Crime Scene Investigation," John Vacca, Charles River Media, Hingham, MA, 2002. Google Scholar
- "Creating a CSIRT" 1 day training course, CERT/CC, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, 2009.Google Scholar
- "Intrusion Detection and Prevention," Carl Endorf, Eugene Schultz, Jim Mellander, McGraw-Hill, USA, 2004.Google Scholar
- Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, NIST Publication 800-61 rev. 1, USA, 2008.Google Scholar
- ISACA, Certified Information Security Manager (CISM) Review Manual 2012, Chapter 4, Information Security Incident Management, USA, 2012.Google Scholar
- ISACA, Security Incident Management Audit/Assurance Program, USA, 2009.Google Scholar
- CSIRT Management, Kabay, M.E., Self-Published, USA, 2009.Google Scholar
- Incident Response: A Strategic Guide to Handling System and Network Security Breaches, Schultz, E., R. Shumway, New Riders, USA, 2002.Google Scholar
- "Creating a Computer Security Incident Response Team: A Process for Getting Started," Software Engineering Institute, CERT Coordination Center, Carnegie Mellon University, 2006.Google Scholar
- "Defining Incident Management Processes for CSIRTs: A Work in Progress," Software Engineering Institute, Carnegie Mellon University, USA, 2007.Google Scholar
- "Critical Incident Management," Sterneckert, Alan B., Auerbach, USA, 2004.Google Scholar
- "Managing Security Incidents in the Enterprise," Symantec, USA, 2003.Google Scholar
- United States Computer Emergency Readiness Team (US-CERT).Google Scholar
- "System Forensics, Investigation and Response," Vacca, John, K. Rudolph.Google Scholar
- "Handbook for Computer Security Incident Response Teams," US-CERT: 2003- 04-01, West-Brown, Moira J., Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek, Carnegie Mellon University, USA, 2003.Google Scholar
- "File System Forensic Analysis," Carrier, Brian, Addison-Wesley, 2005. Google Scholar
- "Digital Evidence and Computer Crime," Casey, Eoghan, Academic Press, 2004. Google Scholar
- "Computer Forensics: Incident Response Essentials," Kruse, Warren G., II, Jay G. Heiser, Addison-Wesley, 2001.Google Scholar
- "Staffing Your Computer Security Incident Response Team--What Basic Skills Are Needed?," Software Engineering Institute, CERT Coordination Center, Carnegie Mellon University, 2003.Google Scholar
Index Terms
- Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response
Recommendations
A forensic approach to incident response
InfoSecCD '10: 2010 Information Security Curriculum Development ConferenceAn incident response plan is critical for the detection and removal of information security threats. Incident response involves many aspects other than technical issues. There are management, legal, and social issues that an incident response team needs ...