Day 18 - Containing Other Incidents
Last Updated: 2008-10-18 22:52:46 UTC
by Rick Wanner (Version: 1)
I want to thank all the readers for all of the great ideas and feedback you have provided during the month
so far and especially this week.
So far this week you have addressed:
12 Gathering Evidence That Can be Used in Court
13 Containment on Production Systems Such as a Web Server
14 Containing a Personal IdentityTheft Incident
15 Containing the Damage From a Lost or Stolen Laptop
16 Containing a Malware Outbreak
17 Containing a DNS Hijacking
The comments and ideas from this week have been exceptional. Great work!
But as anyone who does incident handling knows, any incident you are familiar with or have planned
for is a lot easier than one you haven't. While this list addresses issues that are hot topics for today,
the list is barely a drop in the bucket for potential incidents.
Which brings us to today's question...containing other incidents?
Which incidents are on your radar and what plans do you have to contain them?
What other incidents have you run into in the last year or two, and what methods did you use to contain them?
Reader Scott sent in this insightful comment...
"As I was reading the article on containing other incidents, I was reminded of some advice pertaining to facility disaster plans. Do not create plans for every conceivable disaster. You could fill the library of congress with disaster plans for each disaster and still not cover all possibilities. Instead, create specific plans for disasters with high likelihood and create a general disaster plan to cover the unanticipated. In the general plan you must include reminders of specific unique attributes to your facilities so disaster commanders can make the snap decisions required. Write your plans for your successor, not yourself. You do plan to move on to bigger and better things, Right?"
-- Rick Wanner - rwanner at isc dot sans dot org