cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Incident Response Checklist

I was wondering if anyone had a good security incident checklist they would be willing to share? I am a one person shop where I work and assistance would be greatly appreciated. Thanks.

4 Replies
Community Champion

Re: Incident Response Checklist

> lmsaeb (Newcomer I) posted a new topic in Tech Talk on 03-05-2019 11:04 AM in

> I was wondering if anyone had a good security incident checklist they would be
> willing to share? I am a one person shop where I work and assistance would be
> greatly appreciated.

The Vancouver Chapter/Vancouver Security SIG was once asked to draw up one
such. We worked on it for some time before determining that we simply could not
cover all possible contigencies.

(I *do* have a one-page incident response *planning* chart that I use as a
handout for a seminar on the subject ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
When cryptography is outlawed, bayl bhgynjf jvyy unir rapelcgvba.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Contributor II

Re: Incident Response Checklist

A couple of good resources:

 

Blue Team Handbook.  Can get off Amazon.  You'll want vol1, as vol2 is about SOCs.  Website for it http://www.blueteamhandbook.com/  (hope this link works)

 

From NIST, the Computer Security Incident Handling Guide, SP800-61R2, which you can find here:  https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final   

 

The BTH may be more useful.  Gives checklists and the like for the 6 steps of incident response from SANS and most other groups.  NIST basically compresses three of the steps as 1.

 

    

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
Newcomer I

Re: Incident Response Checklist

Thank you. 

Newcomer I

Re: Incident Response Checklist

Thanks. I ordered the book.