Last Updated: 2008-10-14 15:06:02 UTC
by Jason Lam (Version: 1)
For the third day of Cyber Security Awareness Month we will look at the practice of building checklists for use in incident handling. If you are part of a response team and have any anecdotes you can share please send them to us via our contact page. Here are some questions that frame what we are looking for:
- What are some useful checklists to be used in incident handling?
- What are some good resources on the Internet for checlists?
- How tightly or loosely do you follow the checklist?
- How to handle incidents that are not covered by checklist?
Checklists are essential to incident handling. During an incident, the stress level are high and a million things can happen in short period time. Checklists can help incident handlers to ensure all essential incident process are covered, keeping the incident handlers on the right track. SANS SCORE project provides various checklist and incident handling forms that are useful for incident handlers.
We will update this diary with your comments and thoughts throughout the day, so start sending them in.
A reader - GaryK, wrote in and pointed us some helpful resources on this topic,
- incident handling checklist at cert.org
- Incident Handling Steps at Texas A&M University
- Many good links on this page, specifically relevant to this topic is the Sun Microsystem Blueprint online, Securityfocus.com incident articles.