Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Computer Incident Response and Product Security

Computer Incident Response and Product Security

4.5 2
by Damir Rajnovic

See All Formats & Editions

Computer Incident Response
and Product Security


The practical guide to building and running incident response and product security teams


Damir Rajnovic


Organizations increasingly recognize the urgent importance of effective, cohesive, and efficient security incident response.


Computer Incident Response
and Product Security


The practical guide to building and running incident response and product security teams


Damir Rajnovic


Organizations increasingly recognize the urgent importance of effective, cohesive, and efficient security incident response. The speed and effectiveness with which a company can respond to incidents has a direct impact on how devastating an incident is on the company’s operations and finances. However, few have an experienced, mature incident response (IR) team. Many companies have no IR teams at all; others need help with improving current practices. In this book, leading Cisco incident response expert Damir Rajnovi´c presents start-to-finish guidance for creating and operating effective IR teams and responding to incidents to lessen their impact significantly.

Drawing on his extensive experience identifying and resolving Cisco product security vulnerabilities, the author also covers the entire process of correcting product security vulnerabilities and notifying customers. Throughout, he shows how to build the links across participants and processes that are crucial to an effective and timely response.

This book is an indispensable resource for every professional and leader who must maintain the integrity of network operations and products—from network and security administrators to software engineers, and from product architects to senior security executives.


    -Determine why and how to organize an incident response (IR) team

    -Learn the key strategies for making the case to senior management

    -Locate the IR team in your organizational hierarchy for maximum effectiveness

    -Review best practices for managing attack situations with your IR team

    -Build relationships with other IR teams, organizations, and law enforcement to improve incident response effectiveness

    -Learn how to form, organize, and operate a product security team to deal with product vulnerabilities and assess their severity

    -Recognize the differences between product security vulnerabilities and exploits

    -Understand how to coordinate all the entities involved in product security handling

    -Learn the steps for handling a product security vulnerability based on proven Cisco processes and practices

    -Learn strategies for notifying customers about product vulnerabilities and how to ensure customers are implementing fixes


This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending



Product Details

Pearson Education
Publication date:
Networking Technology: Security
Sold by:
Barnes & Noble
File size:
2 MB

Meet the Author

Damir Rajnovic finished his education in Croatia where, in 1993, he started his career in computer security. He started at the Croatian News Agency Hina, then moved on to the Ministry of Foreign Affairs, and finally to the Ministry of Science and Technology. During that time, Damir became involved with the Forum of Incident Response Teams (FIRST) and established the Croatian Academic and Research Network Computer Incident Response Team (CARNet CERT), which, until recently, was not only handling computer incidents for CARNet but was also acting as the Croatian national CERT. Damir then moved to the United Kingdom to work in EuroCERT which was a project that aimed to coordinate CERTs within the European region. After EuroCERT, Damir moved to the Cisco Product Security Incident Response Team (Cisco PSIRT), where he is still working. Cisco PSIRT is the focal point for managing security vulnerabilities in all Cisco products.


Damir remains active in FIRST, where he created Vendor SIG, and currently serves as liaison officer to the International Organization for Standardization (ISO) and International Telecommunication Union (ITU). Damir was an invited lecturer for the MSc Information Technology Security course at Westminster University, London. He was one of the core people who dreamed up and formed the Industry Consortium for the Advancement of Security on the Internet (ICASI).


His nonsecurity-related work includes working as a sound engineer on Radio 101 (http://www.radio101.hr) while living in Zagreb, Croatia. Damir lives with his family in Didcot, UK.


Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews

Computer Incident Response and Product Security 4.5 out of 5 based on 0 ratings. 2 reviews.
Are you about to form and run a computer incident response team? If you are, then this book is for you! Author Damir Rajnovic , has done an outstanding job of writing a book that provides guidance in both creating and running an effective incident response team. Author Rainovic, begins by covering the various reasons an organization should set up an incident response team. Then, the author shows you how to form an IRT: how to make your case to upper management; how to defend your budget; where to place the team within the organizational hierarchy; and, what policies you might want to put in place. Next, he shows you how to operate a successful IRT. The author also covers what process to follow to manage an attack situation well. He continues by dealing with the issues of incident coordination. Then, the author presents some more significant forums where various teams are coming together. Next, he introduces the theme of product security vulnerability. The author also deals with issues specific to forming the product security team. He continues by providing an overview on who can be involved in the whole product vulnerability space and what their motivation might be. Then, the author describes in detail steps to deal with a vulnerability¿starting from receiving a report on potential vulnerability all the way to publishing a notification. Next, he discusses various issues related to the notification, from what types a vendor may need and why, to language and dissemination, and finishes with document maintenance. Finally, he discusses issues related to vulnerability coordination. This most excellent book helps you establish computer incident response teams, if you do not have them, and gives you ideas on how to improve the operation of the existing ones. Perhaps more importantly, this book helps vendors in understanding that their products will contain security vulnerabilities no matter how hard they try to avoid them and to form a team and processes to manage these vulnerabilities.
Boudville More than 1 year ago
The book is pitched at a manager who does not have a deep computing background. It explains numerous aspects of running a computer security team. There is very little jargon or indepth discussion of how a cracker might mount a successful intrusion. Instead you can see what computer security groups already exist, and how to contact them for assistance. You should not hesitate to avail yourself of this global security backup. Likely, those in a security group might have already encountered a similar attack and can suggest countermeasures. Of course, your team might have first taken precautions in securing your network and its machines. Here, the book suggests how to do a survey and analysis of your computing environment before any attack. This proactive approach lets you and your team calmly prepare for a perhaps inevitable attack. Some issues like whether to publicly disclose that your company has been under attack can be difficult to decide. Your firm might be in an industry where it has an obligation to disclose if, say, a cracker has copied your customer [personal] data. But what if there is no legal obligation. Should you still disclose? Never a pleasant thing to decide! So the book gives you incentive to absorb its advice and try to prevent such an occurrence. The references at the end of each chapter take you into more detailed technical discussions. Useful if you need extra information.