Tutorial 2

Date/Time: Monday October 17th, 2011 2:00pm -- 5:00pm
Duration: 3 hours
Title: Developing Standardized Processes for Incident Response: Challenges and Opportunities

Presenters: Dr. Jim Yuill and Dr. Martin Nystrom


This tutorial focuses on developing standardized processes for incident response (IR). For a computer security organization, such processes are essential for training, operations, and management. This tutorial presents principles and guidelines for developing effective standardized processes. For most professions, creating effective processes is difficult, and it requires skills that are developed through years of study and experience. With IR, creating standardized processes is especially difficult due to the nature of investigation and the adversarial relationship with hackers. IR poses inherent difficulties for process development, but there are also opportunities. This tutorial explores the fundamental nature of standardized processes and of investigation, and from them, it gives practical principles and guidelines for IR process-development. The material presented is based on the authors' process-development experience in incident response, and it draws from process-development work in related fields of quality, security engineering, software engineering, military theory and operations, and jurisprudence.

Bio of Dr. Yuill

Dr. Jim Yuill is a computer-security researcher. His PhD is in computer security from North Carolina State University. Much of his research has been for the U.S. Department of Defense, and he has presented at IEEE, ACM, and DoD conferences. Before attending grad school, Jim worked for IBM in operating systems development.


Bio of Dr. Nystrom

Dr. Martin Nystrom works at Cisco Systems, where is an InfoSec Investigations Manager for their Computer Security Incident Response Team (CSIRT). He leads the global security monitoring team and provides guidance for incident response and security initiatives. He is a co-author of the O'Reilly book "Security Monitoring".


Last modified: 2011-09-29 23:24:53 EDT