[unisog] Incident Response Procedures

Bob Mahoney bobmah at MIT.EDU
Thu Jul 22 15:22:22 GMT 2004


Jason-

A colleague and I presented a paper at the June FIRST conference, 
"Incident Response and Large Event Handling in the Research 
University"   While it does not describe the current structure of 
security response at MIT, some of the topics raised might be of 
interest, as you discuss your own approaches.  You can get a copy at:

http://www.zanshinsecurity.com/University-IR-Large-Events-FIRST-2004.pdf

We began the paper back when I was still leading MIT's team.  (Please 
note that I no longer speak for the Institute in security matters.)

I'd also suggest getting a copy of two great books:

  "The CERT Guide to System and network Security Practices" (Addison 
Wesley) by Julia Allen (who modestly did not mention it directly 
:-), and

"Incident Response Planning and Management" (O'Reilly) by Kenneth van 
Wyk & Richard Forno

Both *well* worth the time...

-Bob

At 4:21 PM -0400 7/21/04, Jason Brooks wrote:
>We are working on formulating an Incident Response Policy and Procedure.
>We've scoured the net and found little that aids us in the Higher Ed sector;
>most are geared for business.  So, not wanting to unnecessarily reinvent the
>wheel, we are soliciting input.
>
>Does anyone have any IRP/Procedures that they would be willing to share?
>
>Thanks,
>Jason Brooks
>
>Jason Brooks
>Information Security Technician
>Longwood University
>201 High Street
>Farmville, VA 23909
>(434) 395-2034
>mailto:brooksje at longwood.edu
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list