Incident Response: What to do when There is a problem?

Houston, We've had a problem here.” With those words, the late Jack Swigert, Apollo 13's Command Module Pilot told Houston Control that something abnormal had happened aboard the spacecraft.

Incidents are inevitable. How one responds to an incident determines the impact of the situation on the organization and its people.

Today, business depends on systems and data. What should you do when you receive a report that something is amiss about one of the firm's computers? Not the routine missing patch or update, but possible involvement in a violation of policy, improper dealings, harassment, inappropriate explicit material, or worse, a criminal situation such as child pornography.

Responding correctly protects everyone's interests: the organization, the employees, and the potential prosecution. Conversely, the wrong response can create an imbroglio from which no one benefits. In the worst case, responding incorrectly can lead to civil liability.


Robert Gezelter has over 30 years of experience consulting on Information Technology matters and is a Contributing Editor of the upcoming Computer Security Handbook, 5th Edition, scheduled for release in February. In addition to his technical practice, he has been consulted on computer-related issues in civil and criminal litigation by attorneys for over 20 years.

Mr. Gezelter has also spoken and published extensively on operating systems, networks, performance, security, tools, and similar areas. Since 1985, he has spoken worldwide for organizations including ACM, Connect (previously Encompass/DECUS), ISSA, ISACA, and IEEE. He was appointed to the IEEE Computer Society's Distinguished Visitors Program for a three-year term in 2004. He is an EnCase® Certified Examiner (Guidance Software) and holds other industry certifications. Mr. Gezelter holds BA and MS degrees in Computer Science from New York University.

He was also a Contributing Editor to the Computer Security Handbook, 4th Edition (2002), the 3rd Edition (1995), and contributed to the Handbook of Information Security (2005).

Mr. Gezelter is in private practice, with clients ranging from the Fortune 10 to small businesses, both locally and internationally. He maintains his offices in Flushing, New York. He can be contacted via his firm's www site at

Sponsors: New York Enterprise Windows User Group
Venue: Microsoft Customer Briefing Center
1290 Avenue of the Americas, 6th Floor
New York, New York
Date: Thursday, March 5, 2009
Time: 6:00 PM
Press Release:
Admission: No Charge. Advance Registration Required. Event Registration at:
Attendee Gift: All attendees will receive information on how to purchase the Computer Security Handbook, 5th Edition from John Wiley & Sons at a 10% discount.
Session Notes:
Picture of Robert Gezelter, CDP