Resources
I had a lot of people see a post of mine on Ethicalhacker.net pertaining to IH/IR and I wanted to put together a coherent list of links for IH/IR. Whether you are just starting a IR team, or are looking to refine your methods, there should be a few items for everyone. This is not all my information, some of it was gathered by me, some by gracious Ethicalhacker.net forum members. I will continually update it if you guys would like to add something! Please, please, please help me add to this =)
Level I – Incident Response / Incident Handling
These are very good top level (they don’t stay that way for long) documents describing IH/IR.
NIST SP 800-61: Computer Security Incident Handling Guide (148 pages)
Computer and Network Security Task Force IR/IH page
Level II – Specifics
SANS offers a lot to the security community, so there it is really no surprise that their reading room and their instructors offer some of the best resources around.
SANS InfoSec Reading Room – Incident Handling
Initial Security Incident Questionnaire for Responders
Security Incident Survey Cheat Sheet for Server Administrators
Network DDoS Incident Response Cheat Sheet
Incident Reverse-Engineering Cheat Sheet
CERT Virtual Training related to IH/IR
tssci-security Web application security incident handling insights
Reporting
When it comes to Advanced Threats there is some argument on reporting, if you chose to The [url=http://isc.sans.org/]Internet Storm Center[/url] and Shadowserver Foundation are good places to start.
Certification
We all want ways to distinguish ourselves, right? Below are the ways to go for certification, albeit not always the cheapest options.
CERT®-Certified Computer Security Incident Handler
SANS/GIAC Certified Incident Handler
Resources
Incident Report Templates
Gideon T. Rasmussen’s Incident Report Template
SANS Incident Identification Form
SANS Incident Survey Form
SANS Incident Containment Form
SANS Incident Eradication Form
SANS Incident Communication Log Form
Melissa Guenther’s Incident Report Form
US-CERT Incident Reporting System
CERT/CC Incident Reporting Guidelines