First response is often the most important. For this reason, it is critical that established procedures are adopted. This section will attempt to develop these are part of the Open Guide project.

Initially, we will examine the potential issues, before looking at procedures.

Please do feel free to contribute.

— Presence of volatile evidence on the system?

— Continued presence of intruder on the system?

— Possible ‘booby traps’?

— Impact of system compromise on continued operations?

— Are you competent in this scenario?

— Should law enforcement be involved?

— Protect the system and resources;

— Contain the intrusion.

— Preserve the evidence (logs, files, etc) in a legally acceptable way

— Notify Managment, Incidence Response, etc