The IT Law Wiki

NIST Special Publication 800-61

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

National Institute of Standards and Technology, Computer Security Incident Handling Guide (NIST Special Publication 800-61) (Rev. 1) (Mar. 2008) (full-text); (Rev. 2) (Jan. 2012) (full-text).

Overview Edit

This publication provides guidance on how to establish and operate an incident response capability. The guide provides information on developing procedures for performing incident handling and reporting, for structuring a team, staffing, and training. The guide defines an incident response life cycle encompassing four phases: preparation, detection and analysis, containment eradication and recovery, and post-incident activity.

Although the NIST incident handling guide focuses primarily on how to handle incidents within a single organization, it also provides high-level guidance on how a CSIRT may interact with outside parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

This guidance focuses primarily on understanding team-to-team relationships, sharing agreements, and the role that automation techniques may play in the coordination of incident response.

Also on Fandom

Random Wiki