Incident Handling 101

Every day we see new exploits and old, patches and vulnerabilities, DOS and DDOS.  As the newest member of the Internet Storm Center, I am in data gathering mode.  Even though I have been a GCIH (#50) since 2000, we as handlers have to start learning the incident handling process all over again every time we join a new team.  As a new handler, my question was where is the contact list?  The first step in the Incident Handling process is preparation, so let’s do it.  Let’s get this list updated.

By the way, if you need to know how to prepare for an incident, SANS has great Incident Handling Forms as a part of SCORE (Security Consensus Operational Readiness Evaluation).  SCORE is “dedicated to providing a community consensus minimum standard of procedures, and checklists for overall infrastructure security."  There is no need to reinvent the wheel, so check out the forms and prepare your team for an incident.

So we ask, if you are on a CIRT team and would like for us to have your team’s contact information in case we see activity you should know about, please send it to us on our contact page.  We look forward to hearing from you.

Fair Winds, Mari


Mari Nichols

76 Posts
Nov 15th 2007

Sign Up for Free or Log In to start participating in the conversation!