Incident Response: A Strategic Guide to Handling System and Network Security Breaches / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 95%)
Other sellers (Paperback)
  • All (11) from $1.99   
  • New (6) from $29.31   
  • Used (5) from $1.99   


This book teaches readers what they need to know to not only set up an incident response effort, but also how to improve existing incident response efforts. The book provides a comprehensive approach to incident response, covering everything necessary to deal with all phases of incident response effectively ¿ spanning from pre-incident conditions and considerations to the end of an incident.

Although technical considerations, (e.g. the particular binaries in Unix and Linux and dynamically linked libraries in Windows NT and Windows 2000) that need to be inspected in case they are corrupted, the types of logging data available in major operating systems and how to interpret it to obtain information about incidents, how network attacks can be detected on the basis of information contained in packets, and so on ¿ the major focus of this book is on managerial and procedural matters. Incident Response advances the notion that without effective management, incident response cannot succeed.

Read More Show Less

Product Details

  • ISBN-13: 9781578702565
  • Publisher: Sams
  • Publication date: 11/28/2001
  • Series: Landmark Series
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 384
  • Sales rank: 1,367,629
  • Product dimensions: 7.00 (w) x 8.90 (h) x 0.90 (d)

Meet the Author

Dr. E. Eugene Schultz, founder and former manager of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) team, is currently on the support staff of Global Integrity's REACT team¿the first commercial incident response capability.

Russell Shumway is the director of intelligence and response services with Network Security Corporation, which is responsible for the management of NSEC's Incident Mitigation and Open-Source Monitoring services. Russ previously worked as the technical director of Global Integrity Corporation's REACT program, where he worked on numerous computer-security incidents for clients ranging from Fortune 100 companies to private individuals and provided consulting services to 7 of the top 10 financial services companies in the United States and 13 of the top 50 in the world. He assisted in the design and development of Global Integrity's Financial Services Incident Sharing and Advisory Center (FS/ISAC). Dr. Terry Gudaitis is a behavioral scientist/criminologist who has 12 years of experience in research and applied practice in the discipline of behavioral assessment and profiling. She received her MA and Ph.D. from the University of Florida. Since 1987, she has provided domestic and international assessments and profiles for academia, local law enforcement, federal agencies and bureaus, and private industry.

Dr. Gudaitis has worked with the Central Intelligence Agency as a criminal psychologist at the CounterTerrorist Center. Currently, Dr. Gudaitis is responsible for the integration of behavioral/criminal profiling and computer forensics at Global Integrity Corporation, a Science Applications International Corporation (SAIC) subsidiary. Dr. Gudaitis provides consultation, human systems assessment, and profiling services to private industry. Dr. Gudaitis has recently published articles in CyberPsychology and Behavior, Imp Magazine, presented on the "Insider Threat" at SecureComm98, was a guest speaker on "Cyber Crime Profiling" for Leadership America-Greater Washington, and is an active member of the High Technology Crime Investigative Association.

Read More Show Less

Table of Contents

(NOTE: Each chapter concludes with a Summary/Conclusion.)

1. An Introduction to Incident Response.

What Is Incident Response? The Rationale for Incident Response. Overview of Incident Response.

2. Risk Analysis.

About Risk Analysis. Types of Security-Related Risks. Obtaining Data About Security-Related Incidents. The Importance of Risk Analysis in Incident Response.

3. A Methodology for Incident Response.

Rationale for Using an Incident Response Methodology. A Six-Stage Methodology for Incident Response. Caveats.

4. Forming and Managing an Incident Response Team.

What Is an Incident Response Team? Why Form an Incident Response Team? Issues in Forming a Response Team. About Managing an Incident Response Effort.

5. Organizing for Incident Response.

Virtual Teams-Ensuring Availability. Training the Team. Testing the Team. Barriers to Success. External Coordination. Managing Incidents.

6. Tracing Network Attacks.

What Does Tracing Network Attacks Mean? Putting Attack Tracing in Context. Tracing Methods. Next Steps. Constructing an “Attack Path”. Final Caveats.

7. Legal Issues.

U.S. Computer Crime Statutes. International Statutes. Search, Seizure, and Monitoring. Policies. Liability. To Prosecute or Not?

8. Forensics I.

Guiding Principles. Forensics Hardware. Forensics Software. Acquiring Evidence. Examination of the Evidence.

9. Forensics II.

Covert Searches. Advanced Searches. Encryption. Home Use Systems. UNIX and Server Forensics.

10. Responding to Insider Attacks.

Types of Insiders. Types of Attacks. Preparing for Insider Attacks. Detecting Insider Attacks. Responding to Insider Attacks. Special Considerations. Special Situations. Legal Issues.

11. The Human Side of Incident Response.

Integration of the Social Sciences into Incident Response. Part I: Cybercrime Profiling. Part II: Insider Attacks. Part III: Incident Victims. Part IV: Human Side of Incident Response.

12. Traps and Deceptive Measures.

About Traps and Deceptive Measures. Advantages and Limitations of Traps and Deceptive Measures. Focus: Honeypots. Integrating Traps and Deceptive Measures into Incident Response.

13. Future Directions in Incident Response.

Technical Advances. Social Advances. The Progress of the Profession. The Nature of Incidents.

Appendix A. RFC-2196.

Site Security Handbook.

Appendix B. Incident Response and Reporting Checklist.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)