Computer Incident Response
and Product Security
The practical guide to building and running incident response and product security teams
Damir Rajnovic
Organizations increasingly recognize the urgent importance of effective, cohesive, and efficient security incident response. The speed and effectiveness with which a company can respond to incidents has a direct impact on how devastating an incident is on the company’s operations and finances. However, few have an experienced, mature incident response (IR) team. Many companies have no IR teams at all; others need help with improving current practices. In this book, leading Cisco incident response expert Damir Rajnovi´c presents start-to-finish guidance for creating and operating effective IR teams and responding to incidents to lessen their impact significantly.
Drawing on his extensive experience identifying and resolving Cisco product security vulnerabilities, the author also covers the entire process of correcting product security vulnerabilities and notifying customers. Throughout, he shows how to build the links across participants and processes that are crucial to an effective and timely response.
This book is an indispensable resource for every professional and leader who must maintain the integrity of network operations and products—from network and security administrators to software engineers, and from product architects to senior security executives.
-Determine why and how to organize an incident response (IR) team
-Learn the key strategies for making the case to senior management
-Locate the IR team in your organizational hierarchy for maximum effectiveness
-Review best practices for managing attack situations with your IR team
-Build relationships with other IR teams, organizations, and law enforcement to improve incident response effectiveness
-Learn how to form, organize, and operate a product security team to deal with product vulnerabilities and assess their severity
-Recognize the differences between product security vulnerabilities and exploits
-Understand how to coordinate all the entities involved in product security handling
-Learn the steps for handling a product security vulnerability based on proven Cisco processes and practices
-Learn strategies for notifying customers about product vulnerabilities and how to ensure customers are implementing fixes
This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending
networks.
Customer Reviews & Comments
The book is pitched at a manager who does not have a deep computing background. It explains numerous aspects of running a computer security team. There is very little jargon or indepth discussion of how a cracker might mount a successful intrusion. Instead you can see what computer security groups already exist, and how to contact them for assistance. The descriptions in Chapter 6 of major security groups shows a global distribution, albeit with an American emphasis. You should not hesitate to avail yourself of this global security backup. Likely, those in a security group might have already encountered a similar attack and can suggest countermeasures. Remember that for a mass attack by a cracker, your company is probably not the only victim, and a security group often will have a larger picture of the attack.
Of course, your team might have first taken precautions in securing your network and its machines. Here, the book suggests how to do a survey and analysis of your computing environment before any attack. This proactive approach lets you and your team calmly prepare for a perhaps inevitable attack.
Some issues like whether to publicly disclose that your company has been under attack can be difficult to decide. Your firm might be in an industry where it has an obligation to disclose if, say, a cracker has copied your customer [personal] data. But what if there is no legal obligation. Should you still disclose? Never a pleasant thing to decide! So the book gives you incentive to absorb its advice and try to prevent such an occurrence.
The references at the end of each chapter take you into more detailed technical discussions. Useful if you need extra information.
Comment Permalink
