Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Incident Response

From: Yuri Demchenko <demch () terena nl>
Date: Mon, 17 Sep 2001 11:48:59 +0200
It may be late answer but still you can find a lot of related
information about incident description and response at the Incident
Taxonomy and Description Working Group (also known as  Incident Object
Description and Exchange Format WG - IODEF WG) webpage at 
http://www.terena.nl/task-forces/tf-csirt/iodef/index.html

Current documents:

* Best Current Practice on Incident classification and reporting
schemes. Version 1.0. 
* Taxonomy of the Computer Security Incident related terminology 
* RFC 3067 TERENA's Incident Object Description and Exchange Format
Requirements  
* Incident Object Description and Exchange Format  Data Model and
Extensible Markup Language (XML) Document Type Definition  
* Incident Object XML Data Type Definition (XML DTD). Draft Version 0.0 
* Incident Object Data Model Draft Version 0.0 (Description, Chart) 

The above development is based on experience of few leading European
CSIRTs and first of all JANET-CERT (http://www.ja.net/cert/) and CERT-NL
(http://cert-nl.surfnet.nl/) where you can find or ask more practical
information.


Desmond Irvine wrote:


Does anyone have an incidence response form that they would be willing
to share?  I'm looking to see what sort of information others are
recording about security incidents.  I want to put together something
comprehensive to help in documenting incidents that could also serve a
sort of check list of things that should be done.  Sometimes without a
form it's easy to forget to check simple things like is the clock on the
compromised system in sync with the rest of the world.

Thanks, Desmond.

--
Desmond Irvine                Security Analyst, Information Technology
Sheridan College              Phone: 905-845-9430 x2035
1430 Trafalgar Road           Fax: 905-815-4011
Oakville, ON  L6H 2L1         EMail: desmond.irvine () sheridanc on ca

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


-- 
-----------------------------------------------------------------------
Yuri Demchenko, TERENA, Singel 468D, 1017 AW Amsterdam, The Netherlands 
Tel: +31 20 530 4488  Fax: +31 20 530 4499  E-mail: demchenko () terena nl
-----------------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: