Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Incident Response", Kenneth R. van Wyk/Richard Forna

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINCRES.RVW 20011001 Incident Response , Kenneth R. van Wyk/Richard Forna, 2001, 0-59600-130-4, U$34.95/C$52.95 %A Kenneth R. van Wyk
    Message 1 of 1 , Jan 7, 2002
    • 0 Attachment
      BKINCRES.RVW 20011001

      "Incident Response", Kenneth R. van Wyk/Richard Forna, 2001,
      0-59600-130-4, U$34.95/C$52.95
      %A Kenneth R. van Wyk ken@...
      %A Richard Forna rick@...
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2001
      %G 0-59600-130-4
      %I O'Reilly & Associates, Inc.
      %O U$34.95/C$52.95 800-998-9938 fax: 707-829-0104 nuts@...
      %P 214 p.
      %T "Incident Response"

      Incident response has, in the past, received short shrift in security
      literature. It is also a rather vague term: what type of an incident
      are we talking about? how big? What type of response are we
      considering? protective? defensive? offensive? The authors have
      provided us a starting point for consideration and the benefit of some
      years of experience, but this work is, unfortunately, less detailed
      than it might have been.

      Chapter one does not do a good job of defining incident response: the
      examples are instructive, but the material wanders through a number of
      topics without developing any central focus. There is an examination
      of the strengths and shortcomings of various types of response teams,
      such as those internal to companies, related to vendors, or
      established by security management companies, in chapter two.
      Planning, in chapter three, has some good points to consider, but
      doesn't offer a lot of guidance. Chapter four, entitled "Mission and
      Capabilities," seems to be the core of the book, touching on staff,
      positions, training, legal considerations, procedures, and other
      issues. A wide-ranging list of attack types, albeit with very terse
      descriptions, is given in chapter five. The incident handling model
      presented in chapter six is vague but reasonable. Chapter seven
      contains quick overviews of a number of detection tools, mostly
      software. A few resources, generally Web sites, are given in chapter

      This book is the result of considerable background and practice.
      While there are no obvious errors and the material presents good
      advice, it is hard to be excited about the result. Overall, the book
      seems to lack direction, and fails to present a structured and clear
      guide to the preparations necessary for dealing with computer
      incidents. However, in the absence of other material it is better
      than nothing, and does raise the issues to be addressed.

      In response to the first draft of this review, one of the authors has
      responded that the intent of the book was not to address the
      techniques of incident response, but to provide management with an
      understanding of the subject. That statement fits with the text, but
      is in some opposition to the assertion in the preface that the book is
      aimed at all would need to respond to incidents, including systems
      administrators and other technical people.

      copyright Robert M. Slade, 2001 BKINCRES.RVW 20011001

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      The magnificent and the ridiculous are so close that they touch.
      - Le Bovier de Fontenelle
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.