"Dedicated to providing community consensus minimum standard of procedures, and checklists for overall infrastructure security."
For Incident Handlers and Other Information Security Professionals
Version 1.0 - Updated January 15, 2004
If we are going to turn the tide against computer attacks, the entire information security community must cooperate more effectively than ever before. The private sector, government agencies, and law enforcement must cooperate in responding to computer attacks. Yet, many security personnel aren't familiar with how to engage law enforcement effectively. For example, when should you call local or national law enforcement to help handle a case? How can you develop communication channels with law enforcement? This FAQ addresses these questions and more, with the goal of helping to foster communication with the law enforcement community. This project was developed as part of the SANS Institute's Cyber Defense Initiative (CDI). Each year, SANS polls the security community for ideas about CDI collaborative projects we can all use to help improve our security. Volunteers from around the world pour enormous amounts of effort to bring these projects to fruition, including this FAQ.
Although it is crucial for international cooperation with law enforcement, this document focuses on laws inside the United States. Work is ongoing regarding legal issues outside the US.
This document should not be construed as legal advice. It is designed to help incident handling, but does not supplant the need for solid legal counsel.
Charles Hornat, Project Lead
Richard Salgado, Project Lead
Anthony Teelucksingh, Project Coordinator
Ed Skoudis, Project Coordinator