For example the systems should be removed from both

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: se team is a hybrid of the virtual and permanent models. Certain core members are permanently assigned to the team whereas others are called in as needed. The incident response team should have the following basic items available: • A list of outside agencies and resources to contact or report to. • Roles and responsibilities outlined. • A call tree to contact these roles and outside entities. • A list of computer or forensics experts to contact. • Steps on how to secure and preserve evidence. • A list of items that should be included on a report for management and potentially the courts. • A description of how the different systems should be treated in this type of situation. (For example, the systems should be removed from both the Internet and the network and powered down.) When a suspected crime is reported, the incident response team should follow a set of predetermined steps to ensure uniformity in their approach and make sure no steps are skipped. First, the incident response team should investigate the report and determine that an actual crime has been committed. If the team determines that a crime has been carried out, senior management should be informed immediately. If the suspect is an employee, a human resources representative must be called right away. The sooner the documenting of events begins, the better. If someone is able to document the starting time of the crime, along with the company employees and resources involved, it would provide a good foundation for evidence. At this point, the company must decide if it wants to conduct its own forensics investigation or call in the big guns. If experts are going to be called in, the system that was attacked should be left alone in order to try and preserve as much evidence of the attack as possible. If the company decides to conduct its own forensics investigation, it must deal with many issues and address tricky elements. (Forensics will be discussed later in this chapter.) Computers networks...
View Full Document

This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.

Ask a homework question - tutors are online