August 2001
Intermediate to advanced
240 pages
8h 28m
English
Content preview from Incident ResponseBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 6. Incident Response Operations
Now that we have covered all the background details from the administrative to the state of the hack, it is time to discuss actual incident response operations.We’ve arrived at the fun part.
By operations, we mean the steps and procedures taken during an incident to resolve the problem, from the moment that it is first detected through the time when it can safely be considered resolved (where its only value is lessons learned and war stories to tell newcomers). We have inhabited this domain for the past several years, while we have earned our keep and been trailblazers in the incident response field by working at and helping establish the Carnegie Mellon CERT Coordination Center (CERT/CC), the U.S. House of Representatives CERT, the InterNIC-CERT, and the Department of Defense CERT, among other commercial incident response consulting and training experiences. In this chapter, we stress on-site operations in which the incident response team leads the hands-on charge to help the customer or client get through an information protection crisis.
Let’s start with an example. In 1999, a company contacted us because they suspected one of their engineers was trafficking in trade secrets -- possibly even selling them to a competitor. The company wanted to catch the engineer in the act and have him prosecuted for his alleged crime, and they needed our assistance. The first thing we did was gather one of our incident response teams into a room equipped ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.