The IT Law Wiki

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 5: Line 5:
 
== Overview ==
 
== Overview ==
   
  +
This publication provides guidelines for [[incident handling]], particularly for analyzing [[incident]]-related [[data]] and determining the appropriate response to each [[incident]]. The guidelines can be followed independently of particular [[hardware platform]]s, [[operating system]]s, [[protocol]]s, or [[application]]s.
This publication provides guidance on how to establish and operate an [[incident response]] capability. The guide provides [[information]] on developing procedures for performing [[incident handling]] and reporting, for structuring a team, staffing, and training. The guide defines an [[incident response]] [[life cycle]] encompassing four phases: preparation, [[detection]] and [[analysis]], containment [[eradication]] and recovery, and post-incident activity.
 
   
  +
This document assists organizations in establishing [[computer security]] [[incident response]] capabilities and handling [[incident]]s efficiently and effectively.
Although the [[NIST]] [[incident handling]] guide focuses primarily on how to handle [[incident]]s within a single organization, it also provides high-level guidance on how a [[CSIRT]] may [[interact]] with outside parties, such as coordinating centers, [[Internet Service Provider]]s, owners of attacking [[system]]s, victims, other [[CSIRT]]s, and [[vendor]]s.
 
 
This guidance focuses primarily on understanding team-to-team relationships, [[data sharing|sharing]] [[agreement]]s, and the role that [[automation]] techniques may play in the coordination of [[incident response]].
 
 
[[Category:Publication]]
 
[[Category:Publication]]
 
[[Category:Security]]
 
[[Category:Security]]

Please note that all contributions to the The IT Law Wiki are considered to be released under the CC-BY-SA

Cancel Editing help (opens in new window)