The IT Law Wiki
Tag: sourceedit
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
   
[[NIST]], Computer Security Incident Handling Guide ('''NIST Special Publication 800-61''') (Rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (Rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]).
+
[[National Institute of Standards and Technology]], Computer Security Incident Handling Guide ('''NIST Special Publication 800-61''') (Rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (Rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]).
   
 
== Overview ==
 
== Overview ==
Line 12: Line 12:
 
[[Category:Publication]]
 
[[Category:Publication]]
 
[[Category:Security]]
 
[[Category:Security]]
  +
[[Category:2008]]
  +
[[Category:2012]]

Latest revision as of 15:14, 1 July 2015

Overview[]

National Institute of Standards and Technology, Computer Security Incident Handling Guide (NIST Special Publication 800-61) (Rev. 1) (Mar. 2008) (full-text); (Rev. 2) (Jan. 2012) (full-text).

Overview[]

This publication provides guidance on how to establish and operate an incident response capability. The guide provides information on developing procedures for performing incident handling and reporting, for structuring a team, staffing, and training. The guide defines an incident response life cycle encompassing four phases: preparation, detection and analysis, containment eradication and recovery, and post-incident activity.

Although the NIST incident handling guide focuses primarily on how to handle incidents within a single organization, it also provides high-level guidance on how a CSIRT may interact with outside parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

This guidance focuses primarily on understanding team-to-team relationships, sharing agreements, and the role that automation techniques may play in the coordination of incident response.