The IT Law Wiki
(Created page with "== Overview == NIST, Computer Security Incident Handling Guide (NIST Special Publication 800-61, rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-…")
 
Tag: sourceedit
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
   
[[NIST]], Computer Security Incident Handling Guide ([[NIST Special Publication 800-61]], rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]).
+
[[National Institute of Standards and Technology]], Computer Security Incident Handling Guide ('''NIST Special Publication 800-61''') (Rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (Rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]).
   
 
== Overview ==
 
== Overview ==
   
  +
This publication provides guidance on how to establish and operate an [[incident response]] capability. The guide provides [[information]] on developing procedures for performing [[incident handling]] and reporting, for structuring a team, staffing, and training. The guide defines an [[incident response]] [[life cycle]] encompassing four phases: preparation, [[detection]] and [[analysis]], containment [[eradication]] and recovery, and post-incident activity.
This publication provides guidelines for [[incident handling]], particularly for analyzing [[incident]]-related [[data]] and determining the appropriate response to each [[incident]]. The guidelines can be followed independently of particular [[hardware platform]]s, [[operating system]]s, [[protocol]]s, or [[application]]s.
 
   
  +
Although the [[NIST]] [[incident handling]] guide focuses primarily on how to handle [[incident]]s within a single organization, it also provides high-level guidance on how a [[CSIRT]] may [[interact]] with outside parties, such as coordinating centers, [[Internet Service Provider]]s, owners of attacking [[system]]s, victims, other [[CSIRT]]s, and [[vendor]]s.
This document assists organizations in establishing [[computer security]] [[incident response]] capabilities and handling [[incident]]s efficiently and effectively.
 
  +
  +
This guidance focuses primarily on understanding team-to-team relationships, [[data sharing|sharing]] [[agreement]]s, and the role that [[automation]] techniques may play in the coordination of [[incident response]].
 
[[Category:Publication]]
 
[[Category:Publication]]
 
[[Category:Security]]
 
[[Category:Security]]
  +
[[Category:2008]]
  +
[[Category:2012]]

Latest revision as of 15:14, 1 July 2015

Overview[]

National Institute of Standards and Technology, Computer Security Incident Handling Guide (NIST Special Publication 800-61) (Rev. 1) (Mar. 2008) (full-text); (Rev. 2) (Jan. 2012) (full-text).

Overview[]

This publication provides guidance on how to establish and operate an incident response capability. The guide provides information on developing procedures for performing incident handling and reporting, for structuring a team, staffing, and training. The guide defines an incident response life cycle encompassing four phases: preparation, detection and analysis, containment eradication and recovery, and post-incident activity.

Although the NIST incident handling guide focuses primarily on how to handle incidents within a single organization, it also provides high-level guidance on how a CSIRT may interact with outside parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

This guidance focuses primarily on understanding team-to-team relationships, sharing agreements, and the role that automation techniques may play in the coordination of incident response.