Thanks for your thoughts on this. I'm already sketching out the process before I go too far on deciding on a tracking tool. Without know what we need to do, selecting a tool is problematic at best. Your points definitely underscored that requirement.
One of my requirements is that tracking and timestamping of activities must be solid and easily viewable. Have you implemented a similar requirement and how has that gone for you? Thanks again. Jason On Thu, Jan 7, 2010 at 5:49 AM, <helli...@knology.net> wrote: > *On Thu 10/01/07 6:00 AM , pauldotcom-requ...@mail.pauldotcom.com sent: > * > > Re: Pauldotcom Digest, Vol 16, Issue 7 > > To those who have a system in place for incident handling, what are your > thoughts? What have you found works for you and why? What would you do > different if you could? > > We have an online system for many of the reasons you cite. It has its > problems, but it also serves us reasonably well. We are also in the process > of completely rewriting it after objectively evaluating our process. Our > main focus is a system that supports handoff of the event from one part of > the IR team to another. IA staff receive the incident and enter it into the > system, then the techs pick it up and work on it - for example, determining > the internal IP, the person(s) involved, correlating firewall or server logs > with the event etc This really is not possible with a spiral notebook > unless you are willing to do a lot of phone calling, emailing, note-taking > etc. > > My advice to you is to focus on the PROCESS, then pick a tool (or design > one) that supports your process. DO NOT start with a tool (notebook or > automated) then figure out how to live within that tool. This is > essentially what we did wrong, and we now have a tool that has not grown > with our procedural evolution. Spend time flowcharting a process, > determining what data must be tracked and what reports are desired, what > statuses will be demanded by management etc, roles played within the > process, writing policies (if required) and procedures to support the > process, collect the data in your paper format if desired, evolve the > process, and *then* build a tool that supports the process. > > > Herndon Elliott > Madison, Al > > CNSNEWS.COM REPORTER: "Madame Speaker, where specifically does the > Constitution grant Congress the authority to enact an individual health > insurance mandate?" > > SPEAKER OF THE HOUSE NANCY PELOSI, D-CALIF.: "Are you serious? Are you > serious?" > > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.pauldotcom.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com
_______________________________________________ Pauldotcom mailing list Pauldotcom@mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
