Rating: 
Summary: Excellent incident response book
Review: When a person calls 9-1-1 about a crime taking place, there is a level of confidence that the local police can competently respond and handle the incident. But when the incident moves from the neighborhood to inside a corporate computer or data line, there is often no equivalent of 9-1-1 to dial. And even when organizations have a computer-emergency response capability, they do not always handle the incident judiciously and with dispatch. That is the quandary that Incident Response and Computer Forensics solves. While firewalls may keep most intruders out of a network, when hackers do get in, the issue becomes how to minimize damage and ensure that these trespassers' activities can be used against them in a court of law. Incident Response is a valuable book that shows how to determine whether an attack has really occurred when an alert goes out (false positives, where an intruder alert is issued erroneously, are a major problem). It also discusses what to do once an incident is deemed to be real. The authors list numerous procedures to follow in handling an incident, all with the goal of identifying attacks, minimizing damage, and preserving evidence. The book's greatest strength is that it is hands-on and practical. Whether the topic is collecting data from various operating systems, handling evidence, conducting interviews, or making forensic copies of a hard drive, the authors show how minor differences in approach can make big differences in the success or failure of mitigation and preservation efforts. Scores of software and hardware tools are referenced, as are many command-line scripts. It is apparent that the authors write not from academic experience but from the computer security battlefield. Armed with their lessons, security professionals stand a better chance of winning the war against cybercrime.
Rating:
Summary: An Eye Opener on How Vulnerable Our Systems Are
Review: Wow! I read this book cover to cover. Can't say I understood all of the technology, but the thoroughness of the subject matter was awesome. Are these guys experts or what? The authors have the talent to mix heavy technical information with actual incidents of how your data can be compromised and what you can do about it. As a IS manager, I lost sleep after reading this book. You should too if you haven't dealt with the issues put forth in this excellent book. The level of detail, the case studies, the insights, the recommendations, make it a must read not only for computer professionals concerned with network security, but also businessmen who are concerned their proprietary information remains proprietary. I highly recommend it.
| 
