OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ted Arthur (arcturousHOTMAIL.COM)
Date: Thu Jan 18 2001 - 17:25:28 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I'm not sure where the line is drawn in respects military/commercial setup,
    but I do know that the military has spent years trying to emulate the
    private sector in the managing of both its people and its systems.
    Having worked as part of the Navy's ID team (among others) I can tell you,
    in vague terms, how we do things.
    Simply put, your ID team *is* your incident response team. After an
    intrusion is detected and the analysis has been conducted, the operator
    manning your ID gear should then turn around his findings in an Incident
    Response Report to allcon.
    Now, given the size of your organization, you might choose to have a
    separate entity who's prime mission is to take the findings of each incident
    and try to track any patterns and/or develop a plan to handle each incident.
    Whether or not you choose to use this entity to prosecute each incident or
    simply form a 'blacklist' to keep said offenders on would have to be another
    personal choice.

    Hope I could help. If not, would still be interested in the contrast to the
    private sector, as I hope to be joining it soon enough.

    -----Original Message-----
    From: Al Berg [mailto:alAL-BERG.COM]
    Sent: Wednesday, 17 January, 2001 4:05 PM
    To: FOCUS-IDSSECURITYFOCUS.COM
    Subject: Staffing an Intrusion Detection Capability?

    My company (an organization of approximately 3000
    people in the financial industry and which is doing an
    increasing amount of business on the Internet) is
    currently putting together a plan for an intrusion
    detection and incident response capability.

    I am curious to hear what other organizations of a
    similar size are doing regarding staffing such a
    capability.

    Does your organization have a dedicated ID staff?

    If so, how large is this staff? If not, where do you
    draw the staff from?

    What skills do you look for in ID staff?

    Is the ID staff integrated with the incident response
    staff?

    If anyone has a job description for members of such
    a staff that they would be willing to post, that would be
    great.

    I look forward to some interesting discussion on this
    topic!

    Al