Computer Incident Response and Forensics Team Management
Author: Leighton Johnson
In this day and age, it’s only a matter of time when an organization’s systems and networks will be breached by cyber attackers. Having an internal security incident response team (SIRT) should a no-brainer (if the budget allows, of course). This book aims to teach how to manage such a team, help you decide when it’s the time to had over the investigation to a forensics team, and how to manage that team, as well.
About the author
Leighton Johnson is the CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT), a provider of computer security, forensics consulting and certification training.
Inside the book
The tome is divided in three parts, and it starts with a section containing definitions the reader will encounter in it.
The first part of the book deals with the specialized management of incident response teams – the requirements for team members, the incident response methods, processes, tools, policies, procedures and legal considerations. The second one addresses the same things in regards to forensics team management.
You will discover all the things that a SIR&FT manager needs to think about, control, evaluate and report.
The last part concentrates on the relationship the managers of these teams have with the corporate management, the IT department and the other department within the organization and, finally, with outside consultants, agencies and experts.
I believe that the main problem is that this book has been written for too wide an audience. The subject might be too advanced for beginners, and unnecessary definitions and explanations of things that experienced infosec practitioners (should) already know will likely annoy them.
Nevertheless, the book is thorough, and proves to be a good read for practitioners who are tasked with setting up a SIRT and a forensics team within an enterprise. It will teach them what to look for in team members and how to manage them and, most importantly, how to make it all work in relation with the rest of the firm, and in regards to laws and regulations.
Computer security and forensics students can also benefit from reading this book, in order to gain a better understanding of what their future managers (and perhaps, at a later date, themselves will) have to contend with.