Friday, April 15, 2005

Five Mistakes of Incident Response

InfosecWriters has a short but sweet paper by Anton Chuvakin, entitled Five Mistakes of Incident Response. It's a quick, easy read that I wholeheartedly recommend. In fact, I would have added a mistake #0: Panicking. Keeping your cool is always the most important thing in Incident Response. Still, this paper is a great summary of the other top five mistakes to avoid.

1 comment:

Anonymous said...

Excellent paper, sums up the issue quite nicely. I would combine reason #0 and #1, and say, simply, "Not being prepared." This would include lack of a plan and/or policies, as well as lack of knowledge, training, etc.

The simple fact is that incidents *will* happen.


H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com