October is Cyber Security Awareness Month and this year the SANS Internet Storm Center is going to focus on incident handling areas. As per SANS, there are six steps to incident handling. SANS ISC plans to offer daily tips on each of those six areas according to the following schedule:

     Preparation: October 1-4
     Identification: October 5-11
     Containment: October 12-18
     Eradication: October 19-25
     Recovery: October 26-31
     Lessons Learned: November 1-3

Marcus Sachs, Director of SANS Internet Storm Center, announces the daily topics for this month (listed by week and day):

1. Preparation
    1 Policies, Management Support, and User Awareness
    2 Building a Response Team
    3 Building Checklists
    4 What Goes Into a Response Kit

2. Identification
    5 Events versus Incidents
    6 Network-based Intrusion Detection Systems
    7 Host-based Intrusion Detection Systems
    8 Global Incident Awareness
    9 Log and Audit Analysis
    10 Using Your Help Desk to Identify Security Incidents
    11 Other Methods of Identifying an Incident

3. Containment
    12 Gathering Evidence That Can be Used in Court
    13 Containment on Production Systems Such as a Web Server
    14 Containing a Personal IdentityTheft Incident
    15 Containing the Damage From a Lost or Stolen Laptop
    16 Containing a Malware Outbreak
    17 Containing a DNS Hijacking
    18 Containing Other Incidents

4. Eradication
    19 Forensic Analysis Tools – What Happened?
    20 Eradicating a Rootkit
    21 Removing Bots, Keyloggers, and Spyware
    22 Wiping Disks and Media
    23 Turning off Unused Services
    24 Cleaning Email Servers and Clients
    25 Finding and Removing Hidden Files and Directories

5. Recovery
    26 Restoring Systems From Backups
    27 Validation via Vulnerability Scanning
    28 Avoiding Finger Pointing and the Blame Game
    29 Should I Switch Software Vendors?
    30 Applying Patches and Updates
    31 Legal Awareness (Regulatory, Statutory, etc.)

6. Lessons Learned (November)
    1 What Should I Make Public?
    2 Working With Management to Improve Processes
    3 Feeding The Lessons Learned Back to the Preparation Phase

Last year’s summary is available here.

You can find the current topic each day in the ISC’s diary.

Tags: incident response, sans, security awareness