Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Incident Response", E. Eugene Schultz/Russell Shumway

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKIRSGHS.RVW 20060906 Incident Response , E. Eugene Schultz/Russell Shumway, 2002, 1-57870-256-9, U$39.99/C$59.95/UK#30.99 %A E. Eugene Schultz %A
    Message 1 of 1 , Nov 17, 2006
      BKIRSGHS.RVW 20060906

      "Incident Response", E. Eugene Schultz/Russell Shumway, 2002,
      1-57870-256-9, U$39.99/C$59.95/UK#30.99
      %A E. Eugene Schultz
      %A Russell Shumway
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2002
      %G 1-57870-256-9
      %I Macmillan Computer Publishing (MCP)/New Riders
      %O U$39.99/C$59.95/UK#30.99 800-858-7674 317-581-3743 info@...
      %O http://www.amazon.com/exec/obidos/ASIN/1578702569/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1578702569/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 384 p.
      %T "Incident Response: A Strategic Guide to Handling System and
      Network Security Breaches"

      Beyond saying that security breaches occur, and that we need to
      respond to them, the introduction doesn't tell us much about either
      the topic or the book.

      Chapter one contains a good deal of material with which security
      professionals will agree, but it does not provide helpful guidance.
      The attempt to define "incidents" is not wrong in any particular, but
      is tautological and of limited utility. "Risk Analysis," in chapter
      two, briefly repeats the usual procedures, but expends most of its
      text in details of specific (mostly network) system attacks. A
      suggested methodology for incident response is provided in chapter
      three, along with a justification for the use of a formal process.
      (Many may find it ironic that much of the rationale for formal methods
      has to do with expecting the unexpected.) (The process is given in
      the acronym PDCERF; which stands for preparation, detection,
      containment, eradication, recovery, and followup; but the text, rather
      unsettlingly, presents a number of variations on the acronym
      throughout the chapter.) Chapter four deals with forming and managing
      an incident response team, and the content is mostly concerned with
      communications, corporate culture, and management. This material is
      extended in chapter five, which covers other factors involved with
      organizing for incident response.

      Chapter six turns to a slightly more technical topic, regarding the
      tracing of network attacks. This is an overview, with only limited
      technical content, but even so a few items are suspect (such as the
      implication that MAC [Media Access Control] addresses are permanent
      and fixed). Legal issues related to incident response are reviewed in
      chapter seven. Chapters eight and nine provide an overview of
      computer forensics, as well as good advice on the handling and
      management of evidence, but at a conceptual, rather than technical,
      level. Insider attacks are difficult to determine and protect
      against, and chapter ten tacitly admits this by spending a lot of time
      just telling stories. Chapter eleven (written by an outside author)
      examines criminal profiling and other incident response factors
      related to social sciences. Honeypots and other types of deception
      aimed at the attacker are the subject of chapter twelve. Chapter
      thirteen finishes off with a look at emerging tools and directions.

      While still flawed, this work is probably more practical than Mandia
      and Procise's law enforcement oriented volume (cf. BKINCDRS.RVW), van
      Wyk and Forna's somewhat less detailed work (cf. BKINCRES.RVW), or
      Schweitzer's basic and wordy tome (cf. BKINCRSP.RVW) (all, of course,
      are entitled "Incident Response").

      copyright Robert M. Slade, 2006 BKIRSGHS.RVW 20060906

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      ...death coming at the hands of your own creation. That's part
      the human epic tradition, after all. Oedipus and his father,
      Baron Frankenstein and his monster, William Henry Gates
      and Windows '09.
      - David Brin, `Kiln People', Chap. 41, p. 396
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.