Skip to content

Computer Incident Response Planning Handbook Executable Plans for Protecting Information at Risk

Spend $50 to get a free DVD!

ISBN-10: 007179039X

ISBN-13: 9780071790390

Edition: 2012

Authors: N. K. McCarthy, Jeff Klaben, Matthew Todd

List price: $60.00
Shipping box This item qualifies for FREE shipping.
Blue ribbon 30 day, 100% satisfaction guarantee!
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


Based on proven, rock-solid computer incident response plansThe Computer Incident Response Planning Handbookis derived from real-world incident response plans that work and have survived audits and repeated execution during data breaches and due diligence. The book provides an overview of attack and breach types, strategies for assessing an organization, types of plans, and case examples. Tips for keeping data contained, reputations defended, and recognizing and handling the magnitude of any given threat are included.The Computer Incident Response Planning HandbookContains ready-to-implement incident response plans with guidelines for ongoing due diligence, all based on actual, working, and…    
Customers also bought

Book details

List price: $60.00
Copyright year: 2012
Publisher: McGraw-Hill Education
Publication date: 8/7/2012
Binding: Paperback
Pages: 240
Size: 7.40" wide x 9.10" long x 0.50" tall
Weight: 1.188
Language: English

N.K. McCarthy, CISSP, has more than twenty years of information technology experience and currently manages information security operations/threat and vulnerability management for Safeway Corporation, where he manages an international staff and around-the-clock event monitoring. He has also managed information security operations and threat and vulnerability management for a Fortune 50 corporation as well as roles in IT that include systems programming, consultant, technical management and sales. He is a thirty year Marine Corps reservist holding the rank of Lieutenant Colonel and is currently assigned to U.S. Cyber Command. Post-9/11, he served as an Information Warfare Officer at the…    

The Threat Landscape
Introduction to Planning and Crisis
The Absence of Planning
Key Concepts
The OODA Loop
Fog of War
Center of Gravity
Unity of Command
Maintaining the Initiative
Tactical, Operational, and Strategic Perspectives
Requirements-Driven Execution
End State
Military Decision-Making Process
A Plan Is Preparation Manifested
Anticipation: Objectives and Requirements
Collaboration: Socialization and Normalization
Research: The Availability of Relevant Information
The Ad Hoc Organization for Time of Crisis
The Value of Documentation
Cyber Due Diligence in an Era of Information Risk
Gramm-Leach-Bliley Act (Financial Services Modernization Act of 1999)
The Health Insurance Portability and Accountability Act of 1996
Sarbanes-Oxley Act of 2002
State Breach Requirements
Industry Standards
Federal/State Enforcement
Contractual Enforcement
What Standards?
ISO/IEC 27000 Series
Service Organization Controls
Shared Assessments
How Do I Know that I'm Doing the Right Thing?
Independent Review
Internal Audit
Tabletop Exercises
How Do I Keep It Up?
ISO/IEC 27005 (Information Security Risk Management)
Bringing It Together
Top-Down Approval
Procedures and Controls
Measurement and Monitoring
Calendar for Testing Processes and Controls
Independent Review
Internal Oversight
Planning for Crisis
Getting More Out of Your Plans
Proactively Using Plans During Period of Heightened Risk
Understanding How Your ISOC Works
Building Relationships Outside of IT
Leveraging Your CIRP to Develop Relationships with Law Enforcement
Using Plans to Augment Your Current ERM Efforts
Writing Your Computer Incident Response Plan
What Problem Are You Solving?
Don't Bother if You Don't Have an Executive Sponsor
Using an Advisory Committee: My Plan vs. Our Plan
Understanding Your Audiences
Leveraging the Table of Contents
Plan Introduction
Incident Preparation
Incident Detection, Analysis, and Declaration
Incident Response
Plan Maintenance/Post Incident
Development of an Ad Hoc Organization to Respond to Crisis
Plan Development: Data Breach
Your Data Breach CIRP: Incident Preparation
Plan Introduction
Plan Objective
Plan Scope and Assumptions
Plan Execution and Command Topologies
Plan Structure
Updating and Synchronization
Incident Preparation
Statutory/Compliance Framework
Sensitive Data
ISOC Threat Portfolio (PCI) (Tab B) "RESTRICTED**
PCI Log Data (Tab C)
Third-Party (Payment) Connections (Tab D)
Third-Party Services
PCI Forensic Investigator (PFI)
Identity Protection Services
Compromise Notification Fulfillment
Sources of Precursors and Indicators
Incident Thresholds
Data Threshold
Compromise Threshold
Incident Analysis
Technical Impact
Business Impact
Incident Categories
Priority 1
Priority 2
Incident Declaration
Incident Notification and Mobilization
Incident Documentation
Your Data Breach CIRP: Plan Execution
Plan Execution
Organization and Roles
Process and Rhythm
Synchronization and Decision-Making
Status Reports
Mandatory Reporting/Notification(s)
Payment Card Industry Data Security Standard (PCI DSS)
Release of "Public-Facing Documents"
Draft/Approve/Release Process
Public-Facing Documents Participants
Evidence Discovery and Retention
Criminal Prosecution
Civil Litigation
Managing Evidence
Liaison with Local Law Enforcement
XYZ Loss Prevention (LE Liaison)
Law Enforcement Points of Contact (POC) (Tab I)
Incident Containment, Eradication, and Recovery
The XYZ (Data Compromise) CIRP SWAT Team
Eradication and Recovery
Compensating Controls
Disaster Recovery/Business Continuity
CIRP Roles and Responsibilities
Human Resources
Your Data Breach CIRP: Post Incident Planning and Maintenance
Post-Incident Activity
Incident Termination
Plan Maintenance
Regular Updates
Verification/Updates of Perishable Data
Annual Testing of the Plan
Plan Development: Malware
Your Malware Outbreak CIRP: Incident Preparation
Plan Introduction
Plan Objective
Plan Execution and Command Topologies
Plan Ownership
Supporting Documentation
Incident Preparation
Isolation Points within the XYZ Enterprise
Business Impact Overlay of Isolation Points
ISOC Threat Portfolio
Third-Party Support Services
PCI Forensics Investigator (PFI)
BXD Long Sight Threat Management System
Incident Detection, Analysis, and Declaration
Sources of Precursors and Indicators
ISOC Monitoring Feeds
Field Services Responding to Malware Calls
NOC, Service Desk, and Other Internal Sources of Detection
Incident Threshold
Incident Analysis
Technical Impact
Business Impact
Incident Declaration
Incident Notification and Mobilization
Incident Documentation
Your Malware Outbreak CIRP: Plan Execution
Plan Execution
Organization and Roles
Operational Sequencing
Operational Priorities
Operational Resources
Synchronization and Decision Making
Your Malware Outbreak CIRP: Post Incident Planning and Maintenance
Incident Termination
Criteria for Terminating an Incident
Plan Maintenance
Quarterly Updates
Annual Testing of the Plan
Closing Thoughts
New Age for InfoSec Professionals
Paradigm #1: The New Consciousness of the Zero-Day Attack
Paradigm #2: The Need for Transparent Due Diligence
Paradigm #3: Consequence-Based Information Security
Paradigm #4: The Constant Challenge of Change
Paradigm #5: While We're All Focusing on the Silicon-Based Systems, the Bad Guys Are Targeting the Carbon-Based Ones
Useful Online Resources
Computer Incident Response Plan (CIRP) Management Checklist