System Monitoring

This is as much for my own edification and future self as anything else. Three system / health monitoring tools of which I’m aware are:
Nagios and the unfortunately-named but always excellent companion nagiosexchange.
Lighter-weight tools are monit and mon. A friend of mine tried the latter and proclaimed it Good, although the names for both of those are pretty crap, especially mon. At least give it a cute tagline or something. Software authors should always google the names they’re considering; think of somebody who sort of remembers the name but maybe not quite, but wants to find it again. If the mighty GOOG returns 10,000 hits, maybe your name isn’t so good after all.

Starting an IH/R program

Andrew Hay started a good discussion of how to get started with an incident handling / incident response program over at the Security Catalyst forums.
There’s lots of good information in there. As poster Dave Hull notes, academia is good for practising your IR stuff. There are both lots of intrusions, and lots of weird things that look like intrusions, but aren’t.
Like some of the posters there, I’ve taken the SANS 504 course, although I’m not sure that I would characterize it as an in-depth introduction to incident handling. It is as much about how to avoid doing the handling in the first place as anything else, although there is definitely some good stuff in there on IR/IH.
I haven’t checked out the NIST publications yet, although that’s not the first place I’ve seen reference to them.