Chapter 40 – |
Computer Emergency Quick-Response Teams |
Bernie Cowens
Michael Miora, CISSP
Chapter Contents:
|
40.1 |
|
Overview
|
|
40.1.1 |
|
Description
|
|
40.1.2 |
|
Purpose
|
|
40.1.3 |
|
History and Background
|
|
40.1.4 |
|
Types of Teams
|
|
40.2 |
|
Planning the Team
|
|
40.2.1 |
|
Mission and Charter
|
|
40.2.2 |
|
Interaction with Outside Agencies/Others
|
|
40.2.3 |
|
Establish Baselines
|
|
40.3 |
|
Selecting and Building the Team
|
|
40.4 |
|
Training
|
|
40.4.1 |
|
Involve Legal Staff
|
|
40.4.2 |
|
Rehearse Often
|
|
40.4.3 |
|
Perform Training Reviews
|
|
40.5 |
|
Responding to Computer Emergencies
|
|
40.5.1 |
|
Tailored Responses
|
|
40.5.1.1 |
|
Step 1: Observe and Evaluate
|
|
40.5.1.2 |
|
Step 2: Begin Notification
|
|
40.5.1.3 |
|
Step 3: Set Up Communications
|
|
40.5.1.4 |
|
Step 4: Contain
|
|
40.5.1.5 |
|
Step 5: Identify
|
|
40.5.1.5 |
|
Step 6: Record
|
|
40.5.1.6 |
|
Step 7: Return to Operations
|
|
40.5.1.7 |
|
Step 8: Document and Review
|
|
40.5.1.8 |
|
Involving Law Enforcement
|
|
40.5.2 |
|
Need to Know
|
|
40.5.3 |
|
Management Role
|
|
40.5.4 |
|
Public Affairs
|
|
40.5.5 |
|
Forensic Awareness
|
|
40.6 |
|
Postincident Activities
|
|
40.7 |
|
For Further Reading
|
|
|
|