Hi Bruce, the talk was based on the following references: ISO17799:2005 Code of Practice for Information Security Management ISO18044 Information Security Incident Management ISO20000-2 Information Technology - Service Management Part 2 SANS Computer Security Incident Handling Guide RFC2350 Expectations for Computer Security Incident Response NIST SP800-61 Computer Security Incident Handling Guide NIST SP800-53 Recommended Security Controls for Federal Information Systems NIST SP800-3 Establish and Incident Response Capability CERT-CC CMU/SEI-98-HB-001 Handbook for Computer Security Incident Response Teams COBIT 4.0 ... others as required (PCI-DSS, SoX, HIPPA, ...)
Talk all of the relevant controls or requirements, matrix, and prioritize them. Best advice I ever heard with regards to situational awareness: get all of the information you can, triage and evaluate as much as possible, and pay attention. Cheers, Adrien On Mon, May 2, 2011 at 12:50 PM, Bruce Barnett <[email protected]> wrote: > Thanks, Adrien. > > Some of our industrial customers are looking for advice and "Best > Practices." > > This will be helpful. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
