- Authors bring years of CIRT experience to writing this book
- Good coverage of info without being too cumbersome or technical
- Appendices filled with useful information to help manage incident response
- Primarily targeted at forming and managing team- not technical response
- Provides knowledge you need to help define the roles and scope of your CIRT
- Good overview of the Carnegie Mellon CERT agency and its formation and operational functions
- Great high-level overview. People tasked with actually handling incidents may need more tech info
- Provides references to a number of valuable tools that you can use for your CIRT
The Effective Incident Response Team begins with a brief history of computer incidents and incident response teams and a short overview of the grandmother of all CIRT's- the Carnegie Mellon CERT (computer emergency response team). To this day the Carnegie Mellon CERT remains as one of the primary sources of reliable information and one of the key resources that many rely on when creating their own CIRT processes.
The book goes on to define the scope and some of the roles and responsibilities you will need to consider in creating your own incident response team. It does so in relatively plain English and at a fairly high level. Again, the goal is to help a manager define and form a team- not to provide the level of technical expertise required to actually be on the team.
For managers who have been tasked with forming or leading a CIRT or defining their incident response process this book can be a great start. For those looking for more technical depth you may want to refer to books like Incident Response by Douglas Schweitzer.