August 2001
Intermediate to advanced
240 pages
8h 28m
English
Content preview from Incident ResponseBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Issues and Pitfalls
Naturally, there are any number of mistakes that can be made in setting up an incident response team. While we couldn’t possibly hope to capture all of them here (our editors have set a maximum length for this book!), this section describes some of the more common pitfalls and how to avoid them.
Business Comes First
In commercial enterprises, business comes first. Even in noncommercial enterprises, this is true to some degree. One of the cardinal rules of incident response is never to hinder the company’s ability to do business. That is, the incident response team should understand that it plays a supporting role to the company’s business activities. As such, it is important for the team to put the needs of the business first. A common mistake for incident response folks is that they focus exclusively on the technical aspects of an incident and its resolution, without fully appreciating the business situation. It is not enough to say, for example, that a web site has been compromised by Attacker X using Tools Y and Z from Remote School A; instead, it is also vital to understand what business process has been impacted by the web site’s incident, and what the financial impact is.
For example, assume that a high-traffic e-commerce web server of a major dot com company is compromised by a vulnerability. Shutting the server down in the middle of the work day for the investigation may be the best course of action from the perspective of the incident response team, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.