[Alberts 02]

Alberts, Christopher & Dorofee, Audrey. Managing Information Security Risks: The OCTAVE Approach. Reading, MA: Addison-Wesley, 2002.

[Allen 99]

Allen, Julia, et al. State of the Practice of Intrusion Detection Technologies (CMU/SEI-99-TR-028). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1999

[Allen 01]

Allen, Julia H. The CERT Guide to System and Network Security Practices. Reading, MA: Addison-Wesley, 2001.

[Allgeier 00]

Allgeier, Michael. "Digital Media Forensics." SecurityFocus Online (2000).

[APEC 03]

Asia-Pacific Economic Cooperation (APEC). (2003).

[APECTELWG 04]

Asia-Pacific Economic Cooperation (APEC) Telecommunications and Information Working Group (2003).

[Arvidsson 01]

Arvidsson, J.; Cormack, A.; Demchenko, Y.; & Meijer, J. TERENA's Incident Object Description and Exchange Format Requirements (February 2001).

[Arvidsson 03]

Arvidsson, Jimmy, ed. "Taxonomy of the Computer Security Incident related terminology." TERENA Incident Taxonomy and Description Working Group  

[AusCERT 01]

Australian Computer Emergency Response Team. The Methodology of Incident Handling (http://www.mncc.com.my/infosec2k1/panel4-3.pdf) (2001).

[AusCERT 03]

Australian Computer Emergency Response Team (AusCERT). http://www.auscert.org.au/ (2003).

[Australia 02]

AusCERT; Deloitte Touche Tohmatsu; & The New South Wales Police. "2002 Australian Computer Crime and Security Survey" (2002).

[Australia 03]

AusCERT, Australian Federal Police; Queensland Police, South Australian Police, Western Australian Police. "2003 Australian Computer Crime and Security Survey" (2003).

[Berinato 01]

Berinato, Scott. "Coming Up ROSI." cso online.com, October 26, 2001.

[Berinato 02a]

Berinato, Scott. "Finally, a Real Return on Security Spending." CIO Magazine, February 15, 2002.

[Berinato 02b]

Berinato, Scott. "The Security Spending Mystery." cso online.com, April 25, 2002.

[Brezinski 02]

Brezinski, D. & Killalea, T. "Guidelines for Evidence Collection and Archiving" (RFC 3227). Internet Engineering Task Force (2002).

[Brownlee 98]

Brownlee, N. & Guttman, E. Expectations for Computer Security Incident Response (1998).

[Caloyannides 01]

Caloyannides, Michael A. Computer Forensics and Privacy. Norwood, MA: Artech House, Inc., 2001.

[CanCERT 03]

CanCERT.

[CERIAS 03]

CERIAS Incident Response Database (2003).

[CERT 02a]

CERT Coordination Center. "Dealing with External Computer Security Incidents" (2002).

[CERT 02b]

CERT Coordination Center. Overview of Attack Trends (2002).

[CERT 02c]

CERT Coordination Center. "Creating a Computer Security Incident Response Team: A Process for Getting Started" (2002).

[CERT 02d]

CERT Coordination Center. "Computer Security Incident Response Team (CSIRT) Frequently Asked Questions (FAQ)" (2002).

[CERT-NL 03]

SURFnet Computer Security Incident Response Team (CERT-NL) (2003).

[CHIHT 03]

CHIHT - Clearing House for Incident Handling Tools (2003).

[CIO 02]

CIO Magazine. CIO Cyberthreat Response & Reporting Guidelines (2002).

[CSIRT 02]

CSIRT Development Team, CERT/CC. Computer Security Incident Response Team (CSIRT) Frequently Asked Questions (FAQ) December 2002.

[Curry 03]

Curry, D. & Debar, H. Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) (http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-10.txt) (January 2003).

[CXO 02]

CXO Media. "Fundamentals of Security." cso online.com (2002).

[CXO 03]

CXO Media Inc. CIO Focus Guide, "Securing Information Assets: Planning, Prevention and Response" (2003).

[DHS 2003]

U.S. Department of Homeland Security, Information Analysis Infrastructure Protection (2003) (previously available from the National Infrastructure Protection Center).

[Dittrich 02]

Dittrich, David A. "Developing an Effective Incident Cost Analysis Mechanism." SecurityFocus (2002).

[DShield 03]

Distributed Intrusion Detection System, DShield.org. (2003).

[Duffy 01]

Duffy, Daintry. "Don't Press the Panic Button." Darwin (2001).

[eCSIRT 03]

The European CSIRT Network (2004).

[EISPP 03]

European Information Security Prevention Programme (EISPP). (2003).

[FCC 01]

"FCC Computer Security Incident Response Guide," Federal Communications Commission (2001).

[Ferreira 96]

Ferreira, Joao Nuno; Hansen, Alf; Klobucar, Tomaz; Kossakowski, Klaus-Peter; Medina, Manuel; Rajnovic, Damir; Schjelderup, Olaf; & Stikvoort, Don. TERENA Task Force: CERTs in Europe, final report (updated version). 1996.

[FIRST 03]

Forum of Incident Response and Security Teams. FIRST Member Information (2003).

[Fraser 97]

Fraser, B., Editor "Site Security Handbook," RFC 2196, Internet Engineering Task Force. (1997).

[Frisch 91]

Frisch, A. Essential System Administration, 2nd ed. Sebastopol, CA: O'Reilly & Associates, Inc., 1995.

[Gamertsfelder 02]

Gamertsfelder, L.; McMillan, Handelsmann, & Hourigan. E-commerce: The Implications for the Law (Report 4 - E-security). Lawbook Company, 2002 (2003).

[Garfinkel 91]

Garfinkel, Simson & Spafford, Gene. Practical UNIX Security. Sebastopol, CA: O'Reilly & Associates, Inc., 1996.

[HB171 03]

Standards Australia International Ltd. Guidelines for the Management of IT Evidence (HB 171-2003) (2003).

[Honeynet 03]

The Honeynet Project (2003).

[Howard 97]

Howard, John D. "An Analysis of Security Incidents on the Internet 1989-1995." PhD Thesis, Carnegie Mellon University (1997).

[Howard 98]

Howard, John D. & Longstaff, Thomas A. A Common Language for Computer Security Incidents (SAND98-8667). Livermore, CA: Sandia National Laboratories, October 1998.

[Inch 02]

Extended Incident Handling (inch) (2002).

[Incidents 03]

Internet Storm Center (2003).

[ISS 01]

Internet Security Systems. "Computer Security Incident Response Planning, Preparing for the Inevitable." Atlanta, GA, 2001.

[Ito 03]

Ito, Yurie. "Introduction of the APCERT, New Forum for CSIRTs in Asia Pacific." Presentation, JPCERT/CC 2003. (Copies of this presentation can be obtained by sending a request to info@jpcert.or.jp)

[JANET-CERT 03]

JANET-CERT. "Case Studies: The Costs of Incidents" (2003).

[Kaplan 02]

Kaplan, Simone. "Criteria for Determining the Cost of a Breach." CSO Magazine (2002).

[Kessler 02]

Kessler, Gary C. & Schirling, Michael. "Cracking the Cracking." Information Security Magazine. (April 2002).

[Kossakowski 94a]

Kossakowski, Klaus-Peter. The DFN-CERT Project: The First 18 Months (1994).

[Kossakowski 94b]

Kossakowski, Klaus-Peter. The Funding Process: A Challenging Task (1994).

[Kossakowski 96]

Kossakowski, Klaus-Peter & Stikvoort, Don. "Incident Response Teams: the European Perspective". Proceedings, 8th Workshop on Computer Security Incident Handling. San Jose, CA: FIRST, July 1996.

[Kossakowski 00]

Kossakowski, Klaus-Peter & Stikvoort, Don. "A Trusted CSIRT Introducer in Europe: An Empirical Approach Towards Trust Inside the European Incident Response Scene--The Replacement of Trust by Expectations." Amersfoort, NL: M&I/Stelvio, 2000. (Commissioned by TERENA.)

[Kruse 02]

Kruse, Warren G., II & Heiser, Jay G. Computer Forensics, Incident Response Essentials. Reading, MA: Addison-Wesley, 2002.

[Lundberg 01]

Lundberg, Abbie. "Effective Responses to Security Incidents" (2001).

[Mandia 01]

Mandia , Kevin & Prosise, Chris. Incident Response: Investigating Computer Crime. Berkeley, CA: Osborne/McGraw-Hill, 2001.

[Marcella 02]

Marcella, Albert J. & Greenfield, Robert S., Ed. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes. Boca Raton, FL: CRC Press LLC, 2002.

[McGlashan 01]

McGlashan, Matthew. "The Methodology of Incident Handling." InfoSecurity 2001 Conference Program. Malaysian National Computer Confederation, 2001 (http://www.mncc.com.my/infosec2001-detail6.html) (2001).

[Mendell 01]

Mendell, Ronald L. "Incident Management with Law Enforcement." SecurityFocus Online (2001).

[MyCERT 03]

Malaysia CERT (MyCERT).

[Navy 96]

Department of the Navy. Computer Incident Response Guidebook, Module 19 (NAVSO P-5239-19) (1996).

[Nebraska 02]

State of Nebraska. "Incident Response and Reporting Procedure for State Government" (Draft). Nebraska Information Technology Commission, April 2002.

[OCIPEP 03]

Office of Critical Infrastructure Protection and Emergency Preparedness (2003).

[Oppenheimer 97]

Oppenheimer, David L.; Wagner, David A.; & Crabb, Michele D. "System Security: A Management Perspective." Short Topics in System Administration, Thousand Oaks, CA: SAGE Publications, Inc., 1997.

[Potter 02]

Potter, C. & Smith, G. "Information Security Breaches Survey 2002, Executive Summary." Available from http://www.security-survey.gov.uk/ (2002).

[Power 02]

Power, Richard. 2002 CSI/FBI Computer Crime and Security Survey. Computer Security Institute (2002).

[Rand 03]

Rand Europe. Computer Security Incident Response Team Handbook of Legislative Procedures (http://www.iaac.org.uk/csirt.htm) (2003).

[Rezmierski 98]

Rezmierski, V.; Carroll, A.; & Hine, J. "Incident Cost Analysis and Modeling Project (ICAMP)" (1998).

[Rezmierski 00]

Rezmierski, V.; Carroll, A.; & Hine, J. "ncident Cost Analysis and Modeling Project (ICAMP) II" (2000).

[Richardson 03]

Richardson, Robert. 2003 CSI/FBI Computer Crime and Security Survey (2003).

[Riptech 02]

Riptech, Inc. Riptech Internet Security Threat Report, Volume II (2002).

[Rothke 02]

Rothke, Ben. "Parts of the Plan." InfoSecurity News Magazine 13, 8 (2002).

[SANS 98]

The SANS Institute. Computer Security Incident Handling Step-by-Step. The SANS Institute, October, 1998.

[SANS 03]

The SANS Institute. Computer Security Incident Handling Step-by-Step. The SANS Institute, October, 2003. Information on how to acquire this guide is available at http://store.sans.org.  

[Scalet 02]

Scalet, Sarah. "Risk: A Whole New Game." CSO Magazine (2002).

[Schiffman 01]

Schiffman, Mike. Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios. Berkeley, CA: Osborne/McGraw Hill, 2001.

[Schultz 90]

Schultz, E. Eugene, Jr.; Brown, David S.; & Longstaff, Thomas A. "Responding to Computer Security Incidents (ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.txt.gz)." Livermore, CA: Lawrence Livermore National Laboratory (1990).

[Schultz 02]

Schultz, Eugene & Shumway, Russell. Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Indianapolis, IN: New Riders Publishing, 2002.

[SEI 03]

Software Engineering Institute. "U.S. Department of Homeland Security Announces Partnership with Carnegie Mellon's CERT Coordination Center" (press release) (2003).

[Shirey 00]

Shirey, R. Internet Security Glossary (Network Working Group FYI 36, RFC 2828) (2000).

[SingCERT 03]

Singapore Computer Emergency Response Team (SingCERT) (2003).

[Smith 94]

Smith, Danny. "Forming an Incident Response Team." Proceedings of the FIRST Annual Conference. University of Queensland, Brisbane, Australia, July 1994.

[Sokol 00]

Sokol, Marc S. & Curry, David A. Security Architecture and Incident Management for E-business (http://www.iss.net/support/documentation/whitepapers/technical.php)." Atlanta, GA: Internet Security Systems, 2000.

[Steele 02]

Steele, Gordon. "Information Systems Security Incident Response." IANewsletter 5, 1 (Spring 2002): 14-22.

[Swanson 02]

Swanson, Marianne; Wohl, Amy; Pope, Lucinda; Grance, Tim; Hash, Joan; & Ray, Thomas. "Contingency Planning Guide for Information Technology Systems." NIST Special Publication 800-34, National Institutes of Standards and Technology (http://csrc.nist.gov/publications/nistpubs/800-34/sp800-3.pdf) (2002).

[Symantec 01]

Symantec Corp. "Advance Planning for Incident Response and Forensics." Cupertino, CA: Symantec Corp., November 2001.

[Symantec 02]

Symantec Corp. Symantec Internet Security Threat Report, Volume II (2002).

[Taylor 02]

Taylor, Laura. "Incident Response Planning and Management." Intranet Journal (2002).

[TERENA 03]

TERENA Task Force. "CSIRT Coordination for Europe" (2003).

[TI 03]

Trusted Introducer (TI) for CSIRTs in Europe. (2003).

[US-CERT 03]

United States Computer Emergency Response Team (US-CERT) (2003).

[USSS 01]

United States Secret Service. "Cyber Threat/Network Incident Report," Secret Service Form 4017 (2001).

[van Wyk 01]

van Wyk, Kenneth R. & Forno, Richard. Incident Response. Sebastopol, CA: O'Reilly & Associates, Inc., 2001.

[Vermont 01]

State of Vermont. Incident Response Procedure (http://www.cio.state.vt.us/pdfs/sov_intrusion_procedures.pdf) (2001).

[Villano 01]

Villano, Matt. "I.T. Autopsy." CIO.com. (2001).

[Wack 91]

Wack, John P. "Establishing a Computer Security Incident Response Capability (CSIRC)." NIST Special Publication 800-3, National Institutes of Standards and Technology.
(1991).

[West-Brown 03]

West-Brown ,Moira J.; Stikvoort, Don; Kossakowski, Klaus-Peter; Killcrece, Georgia; Ruefle, Robin; & Zajicek, Mark. Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003.

[Wood 01]

Wood, Charles Cresson. Information Security Policies Made Easy. San Jose, CA: NetIQ Corp., 2001.

[Wright 01]

Wright, Timothy E. "How to Design a Useful Incident Response Policy." SecurityFocus Online. (2001).

[Zeichner 03]

Zeichner, Lee & Almosd, Robert. "State Implementation of Federal Cyber-Security Requirements." Zeichner Risk Analytics, 2003.