BKINCRES.RVW 20011001 "Incident Response", Kenneth R. van Wyk/Richard Forna, 2001, 0-59600-130-4, U$34.95/C$52.95 %A Kenneth R. van Wyk ken@incidentresponse.com %A Richard Forna rick@incidentresponse.com %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2001 %G 0-59600-130-4 %I O'Reilly & Associates, Inc. %O U$34.95/C$52.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596001304/robsladesinterne %P 214 p. %T "Incident Response" Incident response has, in the past, received short shrift in security literature. It is also a rather vague term: what type of an incident are we talking about? how big? What type of response are we considering? protective? defensive? offensive? The authors have provided us a starting point for consideration and the benefit of some years of experience, but this work is, unfortunately, less detailed than it might have been. Chapter one does not do a good job of defining incident response: the examples are instructive, but the material wanders through a number of topics without developing any central focus. There is an examination of the strengths and shortcomings of various types of response teams, such as those internal to companies, related to vendors, or established by security management companies, in chapter two. Planning, in chapter three, has some good points to consider, but doesn't offer a lot of guidance. Chapter four, entitled "Mission and Capabilities," seems to be the core of the book, touching on staff, positions, training, legal considerations, procedures, and other issues. A wide-ranging list of attack types, albeit with very terse descriptions, is given in chapter five. The incident handling model presented in chapter six is vague but reasonable. Chapter seven contains quick overviews of a number of detection tools, mostly software. A few resources, generally Web sites, are given in chapter eight. This book is the result of considerable background and practice. While there are no obvious errors and the material presents good advice, it is hard to be excited about the result. Overall, the book seems to lack direction, and fails to present a structured and clear guide to the preparations necessary for dealing with computer incidents. However, in the absence of other material it is better than nothing, and does raise the issues to be addressed. In response to the first draft of this review, one of the authors has responded that the intent of the book was not to address the techniques of incident response, but to provide management with an understanding of the subject. That statement fits with the text, but is in some opposition to the assertion in the preface that the book is aimed at all would need to respond to incidents, including systems administrators and other technical people. copyright Robert M. Slade, 2001 BKINCRES.RVW 20011001