Security Incidents mailing list archives
Re: Incident Response
From: Yuri Demchenko <demch () terena nl>
Date: Mon, 17 Sep 2001 11:48:59 +0200
It may be late answer but still you can find a lot of related information about incident description and response at the Incident Taxonomy and Description Working Group (also known as Incident Object Description and Exchange Format WG - IODEF WG) webpage at http://www.terena.nl/task-forces/tf-csirt/iodef/index.html Current documents: * Best Current Practice on Incident classification and reporting schemes. Version 1.0. * Taxonomy of the Computer Security Incident related terminology * RFC 3067 TERENA's Incident Object Description and Exchange Format Requirements * Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition * Incident Object XML Data Type Definition (XML DTD). Draft Version 0.0 * Incident Object Data Model Draft Version 0.0 (Description, Chart) The above development is based on experience of few leading European CSIRTs and first of all JANET-CERT (http://www.ja.net/cert/) and CERT-NL (http://cert-nl.surfnet.nl/) where you can find or ask more practical information. Desmond Irvine wrote:
Does anyone have an incidence response form that they would be willing to share? I'm looking to see what sort of information others are recording about security incidents. I want to put together something comprehensive to help in documenting incidents that could also serve a sort of check list of things that should be done. Sometimes without a form it's easy to forget to check simple things like is the clock on the compromised system in sync with the rest of the world. Thanks, Desmond. -- Desmond Irvine Security Analyst, Information Technology Sheridan College Phone: 905-845-9430 x2035 1430 Trafalgar Road Fax: 905-815-4011 Oakville, ON L6H 2L1 EMail: desmond.irvine () sheridanc on ca ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- ----------------------------------------------------------------------- Yuri Demchenko, TERENA, Singel 468D, 1017 AW Amsterdam, The Netherlands Tel: +31 20 530 4488 Fax: +31 20 530 4499 E-mail: demchenko () terena nl ----------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Incident Response Yuri Demchenko (Sep 17)