Most helpful critical review
Some great points, but also a lot of filler
on April 3, 2014
Why is there an entire chapter on computer forensics? This book should entirely consist of how to write policy for actions to carry out in the event of a disaster. If an incident involves something that will require forensic intervention, it's usually handed off to the authorities.
There are a couple of things that irked me about the way that Whitman described the incident response planning process. Whitman says that prevention comes before everything else when writing your incident response plan. I have to disagree and say that the first thing you want to find in your incident response plan is the reaction stage which tells you what to do when fecal matter is hitting the proverbial turbine. Then comes containment, then comes the process of correcting and preventing anything from happening again. After that is your plan maintenance, but that is a given.
Good book. Thankfully, I have a great instructor who just so happens to be using it. So, most of it is supplementary. I'd still pick it up and read it. You're bound to learn something useful.