[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security Incident Response Testing To Meet Audit

To: Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
From: Charles Polisher <cpolish@xxxxxxxxx>
Date: Fri, 10 Dec 2010 20:52:22 -0800

Adam Behnke wrote:
> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
> on tools to ensure maximum readiness for incident response teams, including
> drill tactics. PCI-DSS audits often require IR testing validation; drill
> quarterly and be ready next audit cycle.
>
> http://resources.infosecinstitute.com/incident-response-and-audit-requirements/
>
> Please let me know your thoughts.

  "Remember that you're playing with binaries that will likely cause
   antivirus to fire."

I take issue with this statement. Tonight I tested $VENDOR's
up-to-date anti-virus against 10 day-old malware samples captured
from the wild - the detection rate was abysmal (225/539).
Maybe your AV is better than mine.

--
Charles Polisher

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
  - From: Christian Sciberras
- Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
  - From: Jeffrey Walton

Prev by Date: Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
Next by Date: Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
Previous by thread: [Full-disclosure] Godaddy´s workspace <= 5.3 XSS
Next by thread: Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
Index(es):
- Date
- Thread