At 06:18 PM 03/09/2000 -0800, Sean Donelan wrote:
The problem is with providers without famous people and too many people, so they don't know each other. If you don't already know someone at, for example, NTT or BT or Qwest, navigating through their public contacts usually doesn't get you too far.
What may be interesting is looking at how other industries handle the problem.
Interestingly enough, there are a couple of very useful documents which have come out of the IETF GRIP (Guidelines and Recommendations for Security Incident Processing) Working Group: RFC2350 (BCP21): "Expectations for Computer Security Incident Response", N. Brownlee, E. Guttman, June 1998. http://www.ietf.org/rfc/rfc2350.txt "Security Expectations for Internet Service Providers", draft-ietf-grip-isp-expectations-03.txt, T. Killalea, February 2000. http://www.ietf.org/internet-drafts/draft-ietf-grip-isp-expectations-03.txt "Security Checklist for Internet Service Provider (ISP) Consumers", draft-ietf-grip-user-02.txt, T. Hansen, June 1999. http://www.ietf.org/internet-drafts/draft-ietf-grip-user-02.txt "Site Security Handbook Addendum for ISP's", draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis, August 1999. http://www.ietf.org/internet-drafts/draft-ietf-grip-ssh-add-00.txt In fact, draft-ietf-grip-isp-expectations-03 just went to Last Call in the IETF prior to being advanced as a BCP. - paul