REVIEW: "Incident Response", Kenneth R. van Wyk/Richard Forna
- BKINCRES.RVW 20011001
"Incident Response", Kenneth R. van Wyk/Richard Forna, 2001,
%A Kenneth R. van Wyk ken@...
%A Richard Forna rick@...
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%I O'Reilly & Associates, Inc.
%O U$34.95/C$52.95 800-998-9938 fax: 707-829-0104 nuts@...
%P 214 p.
%T "Incident Response"
Incident response has, in the past, received short shrift in security
literature. It is also a rather vague term: what type of an incident
are we talking about? how big? What type of response are we
considering? protective? defensive? offensive? The authors have
provided us a starting point for consideration and the benefit of some
years of experience, but this work is, unfortunately, less detailed
than it might have been.
Chapter one does not do a good job of defining incident response: the
examples are instructive, but the material wanders through a number of
topics without developing any central focus. There is an examination
of the strengths and shortcomings of various types of response teams,
such as those internal to companies, related to vendors, or
established by security management companies, in chapter two.
Planning, in chapter three, has some good points to consider, but
doesn't offer a lot of guidance. Chapter four, entitled "Mission and
Capabilities," seems to be the core of the book, touching on staff,
positions, training, legal considerations, procedures, and other
issues. A wide-ranging list of attack types, albeit with very terse
descriptions, is given in chapter five. The incident handling model
presented in chapter six is vague but reasonable. Chapter seven
contains quick overviews of a number of detection tools, mostly
software. A few resources, generally Web sites, are given in chapter
This book is the result of considerable background and practice.
While there are no obvious errors and the material presents good
advice, it is hard to be excited about the result. Overall, the book
seems to lack direction, and fails to present a structured and clear
guide to the preparations necessary for dealing with computer
incidents. However, in the absence of other material it is better
than nothing, and does raise the issues to be addressed.
In response to the first draft of this review, one of the authors has
responded that the intent of the book was not to address the
techniques of incident response, but to provide management with an
understanding of the subject. That statement fits with the text, but
is in some opposition to the assertion in the preface that the book is
aimed at all would need to respond to incidents, including systems
administrators and other technical people.
copyright Robert M. Slade, 2001 BKINCRES.RVW 20011001
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
The magnificent and the ridiculous are so close that they touch.
- Le Bovier de Fontenelle
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade