Incident Response

Amazon.com Amazon.com Review (ISBN 0596001304, Paperback)

Unusually management-oriented for a book from O'Reilly & Associates, Incident Response takes a very high-level look at the tools, techniques, and practices associated with the question of what to do when an intrusion or other attack on information systems has been detected. Systems administrators used to seeing loads of hard-core technical details in O'Reilly books will find this one disappointing, but managers eager for an introduction to incident response with a fair bit of hand-holding and jargon-glossing will put it down happier. On the other hand, even managers will find portions of this book disappointing, as sentences like, "Just about every computer has a 1.44 MB floppy disk drive nowadays" have no place in modern professional literature.

Authors Kenneth van Wyk and Richard Forno do a good job of introducing modes of attack and methods of response to their readers, and take care to explain all potentially unusual terms as they pop up. They also do a good job of explaining the organization and function of the professional, governmental, and ad hoc groups that exist to respond to attacks and disseminate information about them. Much ink is devoted to the considerations managers have to account for as they decide how much money to spend on people, services, and tools associated with incident response. --David Wall

Topics covered: Tools and strategies hackers use to break into systems illegally, and mechanisms and procedures for dealing with such attacks. Emphasis falls on the business considerations associated with incident preparedness and response.