text.skipToContent text.skipToNavigation
  1. Home
  2. Computer Science & IT
  3. Incident Response: A Strategic Guide to Handling System and Network Security Breaches

Incident Response: A Strategic Guide to Handling System and Network Security Breaches, 1st edition

  • E Eugene Schultz
  • Russell Shumway

Published by Sams Publishing (November 8th 2001) - Copyright © 2002

1st edition

Incident Response: A Strategic Guide to Handling System and Network Security Breaches

ISBN-13: 9781578702565

Includes: Paperback
Free delivery

What's included

  • Paperback

    You'll get a bound printed text.


The increasing complexity and diversity of systems, applications, and networks has made them more difficult to defend. As companies continue to experience losses due to security breaches, security professionals must take a new approach in protecting their assets. By using monitoring and detection measures with prompt intervention, you can reduce the magnitude of incidents. This book gives you the information you need to develop an effective incident response strategy. Providing specific security plans from internationally recognized experts on the topic, illustrated through case studies showing real-world application, Incident Response provides comprehensive coverage of all phases of incident response, from pre-incident conditions and considerations to post-incident analysis. Dr. E. Eugene Schultz and Russell Shumway (along wiht a contribution by Dr. Terry Gudaitis) teach you security principles that help you minimize information loss and system disruption.

Table of contents

(NOTE: Each chapter concludes with a Summary/Conclusion.)

1. An Introduction to Incident Response.

What Is Incident Response? The Rationale for Incident Response. Overview of Incident Response.

2. Risk Analysis.

About Risk Analysis. Types of Security-Related Risks. Obtaining Data About Security-Related Incidents. The Importance of Risk Analysis in Incident Response.

3. A Methodology for Incident Response.

Rationale for Using an Incident Response Methodology. A Six-Stage Methodology for Incident Response. Caveats.

4. Forming and Managing an Incident Response Team.

What Is an Incident Response Team? Why Form an Incident Response Team? Issues in Forming a Response Team. About Managing an Incident Response Effort.

5. Organizing for Incident Response.

Virtual Teams-Ensuring Availability. Training the Team. Testing the Team. Barriers to Success. External Coordination. Managing Incidents.

6. Tracing Network Attacks.

What Does Tracing Network Attacks Mean? Putting Attack Tracing in Context. Tracing Methods. Next Steps. Constructing an “Attack Path”. Final Caveats.

7. Legal Issues.

U.S. Computer Crime Statutes. International Statutes. Search, Seizure, and Monitoring. Policies. Liability. To Prosecute or Not?

8. Forensics I.

Guiding Principles. Forensics Hardware. Forensics Software. Acquiring Evidence. Examination of the Evidence.

9. Forensics II.

Covert Searches. Advanced Searches. Encryption. Home Use Systems. UNIX and Server Forensics.

10. Responding to Insider Attacks.

Types of Insiders. Types of Attacks. Preparing for Insider Attacks. Detecting Insider Attacks. Responding to Insider Attacks. Special Considerations. Special Situations. Legal Issues.

11. The Human Side of Incident Response.

Integration of the Social Sciences into Incident Response. Part I: Cybercrime Profiling. Part II: Insider Attacks. Part III: Incident Victims. Part IV: Human Side of Incident Response.

12. Traps and Deceptive Measures.

About Traps and Deceptive Measures. Advantages and Limitations of Traps and Deceptive Measures. Focus: Honeypots. Integrating Traps and Deceptive Measures into Incident Response.

13. Future Directions in Incident Response.

Technical Advances. Social Advances. The Progress of the Profession. The Nature of Incidents.

Appendix A. RFC-2196.

Site Security Handbook.

Appendix B. Incident Response and Reporting Checklist.

For teachers

All the material you need to teach your courses.

Discover teaching material