Showing posts with label irp/drp/bcp. Show all posts
Showing posts with label irp/drp/bcp. Show all posts

QOTD on Borderless Network

We've been working on an assumption that you need different levels of security for the internal network versus the external one, the Internet - the Big Bad World out there. That's been an incorrect assumption for at least ten years.
and earlier,
Start designing everything now to be externalisable.
-- Paul Simmonds, former AstraZeneca CISO, now with the Jericho Forum

Src: The key to security? Blow up the corporate wall - Computer Business Review
Posted by DrInfoSec on 3/26/2011 0 comments
Labels: ,

Incident Response Templates, Cheat Sheets, and more

Yesterday I put out a call to the Twitterverse looking for Incident Response templates. There were many excellent suggestions so I decided to aggregate them here for future use.

Good start:
http://www.zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.html
http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
CIO-level http://www.cio.com/research/security/incident_response.pdf
DDOS related - http://www.zeltser.com/network-os-security/ddos-incident-cheat-sheet.html
Good list - http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3629.msg19357/topicseen,1/

More depth:
http://www.first.org/resources/guides/
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
Also see NIST Incident Response Templates: NIST SP 800-86, 800-83, 800-61rev1
http://www.sans.org/score/incidentforms/
http://www.sei.cmu.edu/publications/documents/03.reports/03hb002.html
http://labmice.techtarget.com/security/incidentresponse.htm
Digital Forensic Analysis Methodology Flowchart (PDF) http://www.cybercrime.gov/forensics_chart.pdf

Additional (not-IR specific sites):
http://www.cert.org/octave/
http://www.cerias.purdue.edu/tools_and_resources/
http://www.owasp.org/index.php/Main_Page
http://www.uribe100.com/index100.htm

Again, thanks to many in the Twitterverse who contributed: @lennyzeltser @shpantzer @idexperts @mikemurr @jth @cyberlocksmith @indi303 @raydavidson @richardebaker
Posted by DrInfoSec on 6/11/2009 1 comments
Labels: ,

QOTD - Northcutt on Incident Response

The majority of security appliances report what happened, but not who was behind the activity, historical information about that system or similar events.
...
With log monitoring, nothing succeeds like success.
...
Logging, which is usually considered dull and boring work, becomes exciting. -- Stephen Northcutt, President of the SANS Technology Institute
Src: Whodunnit? | SearchSecurity.com
Posted by DrInfoSec on 4/14/2009 0 comments
Labels: , , , ,

Former sysadmin sentenced for wrecking corporate servers

This story illustrates how many companies are still not ready to handle computer-related emergencies. A former system administrator removed critical operating system boot files. He reportedly wanted to cause "a small hickup", however "the company inadvertently caused more damage while trying to repair the situation."

There is no reason why missing boot files would have taken days to repair if the company had implemented appropriate incident response and business continuity plans. In my own home environment, I can be back up and running in less than 10 minutes should my entire operating system get trashed. Why can't a company do the same?

Former sysadmin sentenced for wrecking corporate servers
Posted by DrInfoSec on 11/01/2008 0 comments
Labels: ,
Subscribe to: Posts (Atom)