|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Simple Windows incident response methodology
From: Lachniet, Mark (mlachniet
sequoianet.com)
Date: Mon Jun 14 2004 - 09:55:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
For example, if there is any suspicion of child pornography, we punt it
towards a forensically sound investigation. If there is financial
fraud, it could go either way (due to fear of negative publicity
out-weighing legal recourse). If its normal hacking or warez, it
usually fine to just figure out what happened, and move along, since
most law enforcement don't want to mess with it anyway.
It is not a bad idea to have a list of criteria, approved by legal
counsel, as part of your IR plan, but for that matter, legal should be
part of the planning process anyway.
Mark Lachniet
> -----Original Message-----
> From: Mike Lyman [mailto:mlyman-securitycomcast.net]
> The decision to end and an incident as quickly as possible or
> to take legal action was often explicitely spelled out in our
> incident response plans in my previous job
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040614
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]