Caveats

Previous page
Table of content
Next page
‚  < ‚  Free Open Study ‚  > ‚  

After reading this chapter, you might be tempted to think that if you use the PDCERF methodology to respond to incidents, things will somehow simply go better. Additionally, you might assume that you will do what is required to address the issues in one stage and then close these issues, moving on to the next .

Unfortunately, the real world does not work this way. Many security- related incidents do not unfold themselves in a serial manner. Just when you think that you have eradicated the cause of an incident, something else might happen that causes you to realize that whatever has caused the incident has surfaced again. You might have just done your best to contain an incident when another just like it occurs.

Several caveats will help you apply the PDCERF methodology better:

  1. It takes time to use a methodology like PDCERF. The learning curve is not too steep, but nevertheless there is a learning curve. An effective remedy is to practice responding to mock scenarios ‚ simulated incidents ‚ when there are no real incidents to handle, as covered in Chapter 4,"Forming and Managing an Incident Response Team."

  2. As mentioned in the examples presented earlier, few incidents follow the linear progression depicted in Figure 3.1. Furthermore, there might at best be a fuzzy distinction between the resolution of one stage and the beginning of the next.

  3. A methodology works only if it is custom tailored to the organization in which it is deployed.A bank, for example, is likely to treat containment differently than a university would.A DoS attack on a billing system has vastly different consequences than a DoS attack on a network used primarily by students.

  4. Even the most skilled and experienced handlers of security-related incidents have to deal with incidents for which there is no precedent whatsoever and for which few if any distinct stages actually exist. Insider attacks, covered in Chapter 10, "Responding to Insider Attacks," provide one of the best examples of attacks in which often those who deal with them might have great difficulty determining what to do at any point.

  5. A methodology will work better if follow-up activity occurs than if this stage is neglected. Feedback, review, and analysis of mistakes made are all key components of an effective incident response effort.

All things considered , however, and for reasons explained earlier in this chapter, it is far better to use a methodology such as PDCERF than to not use one. The incident response arena is very often on the brink of pandemonium. Use of a sound methodology provides some degree of sanity in an otherwise insane world.

Chapter 4 covers how to start and sustain an incident response team effort.

‚  < ‚  Free Open Study ‚  > ‚  

Previous page
Table of content
Next page
Incident Response. A Strategic Guide to Handling System and Network Security Breaches
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
ISBN: 1578702569
EAN: 2147483647
Year: 2002
Pages: 103
Authors: E. Eugene Schultz, Russell Shumway
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Network Security Architectures
C++ GUI Programming with Qt 3
Visual C# 2005 How to Program (2nd Edition)
Microsoft VBScript Professional Projects
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy