5.4.2 Incident Response Policy
Incident Response Policy will vary with the particular needs of an organization. For example, while it may be acceptable to disconnect the router that connects to the Internet in one firm, this could lead to serious liability in another firm, such as an ISP. It is beyond this work to detail all forms of policy regarding Incident Response. The footnote443 will take you to a page supported by Fred Cohen who has more than a half dozen links to specific policies from the Naval Research Lab to generic templates to be filled in.
One of the most important things to say about incident response policies is, have one before you need it. Decide before youre faced with a computer security incident, how you are going to handle it, who will be involved, what their duties will be, etc. This enables you not to waste valuable time deciding these things during an actual incident.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.