Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response | Guide books

Computer Incident Response and Forensics Team Management: Conducting a Successful Incident ResponseDecember 2013

Go to Computer Incident Response and Forensics Team Management

December 2013

Author:
Leighton Johnson

Publisher:

Syngress Publishing

ISBN:978-1-59749-996-5

Published:06 December 2013

Pages:

352

Available at Amazon

Bibliometrics

Sections

2013

Abstract

Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members. Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components. Provides readers with a complete handbook on computer incident response from the perspective of forensics team managementIdentify the key steps to completing a successful computer incident response investigation Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams

References

Federal Information Processing Standards (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems, December 2003.Google Scholar
Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.Google Scholar
Federal Information Security Management Act of 2002 (FISMA).Google Scholar
National Institute of Standards and Technology Special Publication 800- 53, rev. 4, Recommended Security Controls for Federal Information Systems.Google Scholar
National Institute of Standards and Technology Special Publication 800- 61 rev. 1, Computer Security Incident Handling Guide, March 2008.Google Scholar
National Institute of Standards and Technology Special Publication 800- 86, Guide To Integrating Forensic Techniques into Incident Response, August 2006.Google Scholar
Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Information Resources, November 2000.Google Scholar
Office of Management and Budget M-06-15, Safeguarding Personally Identifiable Information.Google Scholar
Office of Management and Budget M-06-16, Protection of Sensitive Agency Information.Google Scholar
Office of Management and Budget M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments.Google Scholar
The Privacy Act of 1974.Google Scholar
The Computer Fraud and Abuse Act of 1987.Google Scholar
"Windows Forensics and Incident Recovery," Harlan Carvey, Addison-Wesley, New York, NY, 2005.Google Scholar
"Incident Response: Computer Forensics Toolkit," Douglas Schweitzer, Wiley Publishing, Indianapolis, IN, 2003.Google Scholar
"Computer Forensics: Computer Crime Scene Investigation," John Vacca, Charles River Media, Hingham, MA, 2002. Google Scholar
"Creating a CSIRT" 1 day training course, CERT/CC, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, 2009.Google Scholar
"Intrusion Detection and Prevention," Carl Endorf, Eugene Schultz, Jim Mellander, McGraw-Hill, USA, 2004.Google Scholar
Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, NIST Publication 800-61 rev. 1, USA, 2008.Google Scholar
ISACA, Certified Information Security Manager (CISM) Review Manual 2012, Chapter 4, Information Security Incident Management, USA, 2012.Google Scholar
ISACA, Security Incident Management Audit/Assurance Program, USA, 2009.Google Scholar
CSIRT Management, Kabay, M.E., Self-Published, USA, 2009.Google Scholar
Incident Response: A Strategic Guide to Handling System and Network Security Breaches, Schultz, E., R. Shumway, New Riders, USA, 2002.Google Scholar
"Creating a Computer Security Incident Response Team: A Process for Getting Started," Software Engineering Institute, CERT Coordination Center, Carnegie Mellon University, 2006.Google Scholar
"Defining Incident Management Processes for CSIRTs: A Work in Progress," Software Engineering Institute, Carnegie Mellon University, USA, 2007.Google Scholar
"Critical Incident Management," Sterneckert, Alan B., Auerbach, USA, 2004.Google Scholar
"Managing Security Incidents in the Enterprise," Symantec, USA, 2003.Google Scholar
United States Computer Emergency Readiness Team (US-CERT).Google Scholar
"System Forensics, Investigation and Response," Vacca, John, K. Rudolph.Google Scholar
"Handbook for Computer Security Incident Response Teams," US-CERT: 2003- 04-01, West-Brown, Moira J., Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek, Carnegie Mellon University, USA, 2003.Google Scholar
"File System Forensic Analysis," Carrier, Brian, Addison-Wesley, 2005. Google Scholar
"Digital Evidence and Computer Crime," Casey, Eoghan, Academic Press, 2004. Google Scholar
"Computer Forensics: Incident Response Essentials," Kruse, Warren G., II, Jay G. Heiser, Addison-Wesley, 2001.Google Scholar
"Staffing Your Computer Security Incident Response Team--What Basic Skills Are Needed?," Software Engineering Institute, CERT Coordination Center, Carnegie Mellon University, 2003.Google Scholar

Contributors

Leighton Johnson
- Publication Years2013 - 2013
- Publication counts1
- Citation count0
- Available for Download0
- Downloads (cumulative)156
- Downloads (12 months)0
- Downloads (6 weeks)0
- Average Downloads per Article0
- Average Citation per Article0
View Full Profile

Index Terms

Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Management of computing and information systems
      1. System management
        Technology audits

Reviews

Reviewer: Andre C. M. Marien

This book is not a technical book, but rather a guide for team managers. It is comprised of three parts, a conclusion, and three appendices. Part 1, “Incident Response Team,” has seven sections, and Part 2, “Forensics Team,” has seven sections. Parts 1 and 2 have roughly similar content and structure. They start with methodologies and processes. Next come requirements for team members, such as technical and personal skills, expertise, and certifications. Like in all security, policies play an important role, but in this domain they are critical. The authors dive into incident and forensic evidence handling, both of which require specialized tools. The legal requirements, corporate policies, laws, compliance frameworks, and specific elements related to evidence collection and handling provide a strict frame for working. Each of these elements is described concisely, but at the right level of granularity and with the key information. Part 3, “General Management and Team,” includes three sections: “General Team Management,” “Corporate [information technology, IT]-Related Security Relationship with [security incident response and forensics response teams, SIR&FT],” and “Relationship Management.” Next to managing the team, managing the team's relationships internally, especially with corporate IT, and externally is a big part of the manager's job. The appendices contain relevant references (Appendix A), official publications (Appendix B), and team templates (Appendix C). Appendix C is a highly valuable resource. It gives new team managers a head start, without expensive consulting or being inspired by previous positions, for less than $50. It contains, for instance, various forms, policies, incident response (IR) plan and policies examples, including escalation flows, and cheat sheets for use during interventions. The book explores the right subjects. It provides the right warnings, focal points, and pitfalls. It stays clearly away from technical details, but does, for instance, present tools with strengths and weaknesses. Unlike other books, it does look at the situation outside of the US. In forensics, you need to prove competence beyond doubt. For a team manager, this book is not a bad start for building that proof. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Recommendations

Incident Response & Computer Forensics, 2nd Ed.
Read More
A forensic approach to incident response
InfoSecCD '10: 2010 Information Security Curriculum Development Conference

An incident response plan is critical for the detection and removal of information security threats. Incident response involves many aspects other than technical issues. There are management, legal, and social issues that an incident response team needs ...
Read More
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
Read More

Save to Binder