fills a need that's existed in the security book market for some time. The authors--a pair of accomplished incident response experts, not merely researchers--have converted to book form their accumulated wisdom on the question of how to respond to an attack on computer systems. Their expertise is only partly technical; much of what Eugene Schultz and Russell Shumway have written has to do with legal questions and policy decisions. It's a reasonable balance, considering that the state of the art in network intrusion (and defence against it) changes frequently and security administrators are better armed with concepts and strategies than with "click this, type that" instructions. The explicit technical material that does
appear here is nicely balanced between Windows and Unix systems, and clearly explains networking details of interest to security people and their managers. The explanation of how a spanning port can make a switch work like a hub for purposes of packet monitoring--nearly entirely prose--is one example of high-quality technical coverage that will remain valuable as operating systems and other network details change over time.
Unlike many books about computers, this one deserves to be read cover-to-cover. The authors have points to make, and they generally build on their earlier thoughts as they go. Some material in these pages seems somewhat obvious--the advice to dress nicely for a media interview, for example--but it all fits with the authors' goal of showing their readers how to react (in all respects) to security problems when they happen. Read this, be prepared for trouble, and know how to educate others about incident response. --David Wall
Topics covered: how an organisation should react--organisationally, technically, legally and in terms of public relations--to incidents of unauthorised access (originating both internally and externally) to its computer systems.
From the Back Cover
The increasing complexity and diversity of systems, applications, and networks has made them more difficult to defend. As companies continue to experience losses due to security breaches, security professionals must take a new approach in protecting their assets. By using monitoring and detection measures with prompt intervention, you can reduce the magnitude of incidents. This book gives you the information you need to develop an effective incident response strategy. Providing specific security plans from internationally recognized experts on the topic, illustrated through case studies showing real-world application, Incident Response provides comprehensive coverage of all phases of incident response, from pre-incident conditions and considerations to post-incident analysis. Dr. E. Eugene Schultz and Russell Shumway (along wiht a contribution by Dr. Terry Gudaitis) teach you security principles that help you minimize information loss and system disruption.