Who should attend: System and network administrators, security staff, and management responsible for the security of networks and connected systems. Basic knowledge of modern operating systems and networking is recom mended because it will help in understanding the example incidents, procedures, and counter measures.

What you will learn: How your organization can prepare for and respond to computer security incidents.

Are you prepared to handle a security incident at your site? Responding to computer security incidents is a requirement for all organizations in which computer networks are an important part of the infrastructure. You will find out how to prepare for and handle computer and network security incidents with step-by-step information and examples from real-world incidents.

Incident handling ranges from the mundane, yet critical, details of preparing your management and modifying policy to working with an incident in progress and correctly handling evidence. We will explain the types of incidents that typically occur, and how to gain management support in building an incident response team. You will hear about real-life examples of incident handling and the steps involved in recovering from an incident.

You will learn about the need for comprehensive computer security incident handling capability, how to communicate that need to management and the user community, how to investigate an incident (as a handler, not as law enforcement), and how to build and maintain that capability. You will also learn how to adapt policy and the incident handling capability to each other, how to staff an incident response team, and how to establish links and communicate with other teams and law enforcement agencies. Even if you are the only person tasked with security, this tutorial will help you prepare yourself and your organization for an inevitable computer security incident.

Jim Duncan is manager of network and information systems and principal system administrator for Pennsylvania State University's Applied Research Laboratory. He is a contributor to RFC 1244, the Site Security Policy Handbook, and has developed numerous policies, guidelines, and presentations on systems and network administration, computer security, incident handling, and ethics. Jim is an active member of the Penn State CERT team and has primary responsibility for incident handling at the Applied Research Lab.

Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security and System Administrator's Guide to System V. Farrow writes two columns for ;login:, and a network security column for Network magazine.

Tutorials at-a-Glance     Tutorial Instructors