cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Incident Response Checklist

I was wondering if anyone had a good security incident checklist they would be willing to share? I am a one person shop where I work and assistance would be greatly appreciated. Thanks.

4 Replies
Community Champion

Re: Incident Response Checklist

> lmsaeb (Newcomer I) posted a new topic in Tech Talk on 03-05-2019 11:04 AM in

> I was wondering if anyone had a good security incident checklist they would be
> willing to share? I am a one person shop where I work and assistance would be
> greatly appreciated.

The Vancouver Chapter/Vancouver Security SIG was once asked to draw up one
such. We worked on it for some time before determining that we simply could not
cover all possible contigencies.

(I *do* have a one-page incident response *planning* chart that I use as a
handout for a seminar on the subject ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
When cryptography is outlawed, bayl bhgynjf jvyy unir rapelcgvba.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Contributor I

Re: Incident Response Checklist

A couple of good resources:

 

Blue Team Handbook.  Can get off Amazon.  You'll want vol1, as vol2 is about SOCs.  Website for it http://www.blueteamhandbook.com/  (hope this link works)

 

From NIST, the Computer Security Incident Handling Guide, SP800-61R2, which you can find here:  https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final   

 

The BTH may be more useful.  Gives checklists and the like for the 6 steps of incident response from SANS and most other groups.  NIST basically compresses three of the steps as 1.

 

    

 

 

Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
Newcomer I

Re: Incident Response Checklist

Thank you. 

Highlighted
Newcomer I

Re: Incident Response Checklist

Thanks. I ordered the book.