Best Practices

Best Practices

  • Employ diligent planning to alleviate uncertainty when responding to incidents.

    Because time is of the essence when handling incidents, it is critical to do as much work up front as possible. This work includes the following:

    • Implementing preventative measures described throughout this book

    • Implementing policies that support incident response

    • Training all staff in their role in security

    • Selecting the people who will be involved in incident response and designating the roles each will play

    • Collecting and maintaining incident handling guidelines

    • Assembling a comprehensive and accurate contact sheet

      In addition, difficult scenarios should be discussed by the incident response team and management to establish boundaries and predefine response goals. Team members and management should also discuss and agree upon aspects of involving the media and law enforcement agencies in an incident investigation. The more decisions you make up front, the easier incident response will be.

  • Remember that executive sponsorship is essential.

    Your sponsor will be able to make changes required to create the policies needed to support incident response. He also will be able to provide budget for training, staffing levels, and tools. For the most effective relationship with your sponsor, your team leader will must be able to understand and communicate the core business issues to the sponsor and to present complex issues in a logical, concise manner.

  • Formalize your incident response team.

    By formalizing the team even in cases where incident response is not the team s core activity you will dramatically improve response times and capability while minimizing uncertainty and power struggles.

  • Utilize the best resources.

    Make certain that the leader for each incident response is the most technically appropriate person for that type of incident. It does not make sense to use a senior Microsoft Windows technician for a mainframe issue. Nor does it makes sense to use an infrastructure engineer whose focus is routers and switches as leader on an intrusion in a database system.



Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net