No edit summary |
m (→Overview) Tag: sourceedit |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Overview == |
== Overview == |
||
| − | [[ |
+ | [[National Institute of Standards and Technology]], Computer Security Incident Handling Guide ('''NIST Special Publication 800-61''') (Rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (Rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]). |
== Overview == |
== Overview == |
||
| + | This publication provides guidance on how to establish and operate an [[incident response]] capability. The guide provides [[information]] on developing procedures for performing [[incident handling]] and reporting, for structuring a team, staffing, and training. The guide defines an [[incident response]] [[life cycle]] encompassing four phases: preparation, [[detection]] and [[analysis]], containment [[eradication]] and recovery, and post-incident activity. |
||
| − | This publication provides guidelines for [[incident handling]], particularly for analyzing [[incident]]-related [[data]] and determining the appropriate response to each [[incident]]. The guidelines can be followed independently of particular [[hardware platform]]s, [[operating system]]s, [[protocol]]s, or [[application]]s. |
||
| + | Although the [[NIST]] [[incident handling]] guide focuses primarily on how to handle [[incident]]s within a single organization, it also provides high-level guidance on how a [[CSIRT]] may [[interact]] with outside parties, such as coordinating centers, [[Internet Service Provider]]s, owners of attacking [[system]]s, victims, other [[CSIRT]]s, and [[vendor]]s. |
||
| − | This document assists organizations in establishing [[computer security]] [[incident response]] capabilities and handling [[incident]]s efficiently and effectively. |
||
| + | |||
| + | This guidance focuses primarily on understanding team-to-team relationships, [[data sharing|sharing]] [[agreement]]s, and the role that [[automation]] techniques may play in the coordination of [[incident response]]. |
||
[[Category:Publication]] |
[[Category:Publication]] |
||
[[Category:Security]] |
[[Category:Security]] |
||
| + | [[Category:2008]] |
||
| + | [[Category:2012]] |
||
Latest revision as of 15:14, 1 July 2015
Overview[]
National Institute of Standards and Technology, Computer Security Incident Handling Guide (NIST Special Publication 800-61) (Rev. 1) (Mar. 2008) (full-text); (Rev. 2) (Jan. 2012) (full-text).
Overview[]
This publication provides guidance on how to establish and operate an incident response capability. The guide provides information on developing procedures for performing incident handling and reporting, for structuring a team, staffing, and training. The guide defines an incident response life cycle encompassing four phases: preparation, detection and analysis, containment eradication and recovery, and post-incident activity.
Although the NIST incident handling guide focuses primarily on how to handle incidents within a single organization, it also provides high-level guidance on how a CSIRT may interact with outside parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.
This guidance focuses primarily on understanding team-to-team relationships, sharing agreements, and the role that automation techniques may play in the coordination of incident response.