Organizations increasingly recognize the urgent importance of effective, cohesive, and efficient security incident response. The speed and effectiveness with which a company can respond to incidents has a direct impact on how devastating an incident is on the company’s operations and finances. However, few have an experienced, mature incident response (IR) team. Many companies have no IR teams at all; others need help with improving current practices. In this book, leading Cisco incident response expert Damir Rajnovi´c presents start-to-finish guidance for creating and operating effective IR teams and responding to incidents to lessen their impact significantly.

Drawing on his extensive experience identifying and resolving Cisco product security vulnerabilities, the author also covers the entire process of correcting product security vulnerabilities and notifying customers. Throughout, he shows how to build the links across participants and processes that are crucial to an effective and timely response.

This book is an indispensable resource for every professional and leader who must maintain the integrity of network operations and products—from network and security administrators to software engineers, and from product architects to senior security executives.



-Determine why and how to organize an incident response (IR) team

-Learn the key strategies for making the case to senior management

-Locate the IR team in your organizational hierarchy for maximum effectiveness

-Review best practices for managing attack situations with your IR team

-Build relationships with other IR teams, organizations, and law enforcement to improve incident response effectiveness

-Learn how to form, organize, and operate a product security team to deal with product vulnerabilities and assess their severity

-Recognize the differences between product security vulnerabilities and exploits

-Understand how to coordinate all the entities involved in product security handling

-Learn the steps for handling a product security vulnerability based on proven Cisco processes and practices

-Learn strategies for notifying customers about product vulnerabilities and how to ensure customers are implementing fixes