This bulletin summarizes NIST Special Publication 800-61, Computer Security Incident Handling Guide, provides practical guidance to help organizations establish an effective incident response program, analyze and respond to information security incidents, and reduce the risks of future incidents. It contains useful information for computer security incident response teams (CSIRTs), system and network administrators, security staff, technical support staff, chief information officers (CIOs), and computer security program managers who are responsible for handling security incidents. Topics discussed include the need for and the organization of incident response teams, and how to manage the incident handling process. Specific recommendations are provided for handling five types of incidents: denial of service (DoS), malicious code, unauthorized access, inappropriate usage, and multiple component incidents.
This bulletin summarizes NIST Special Publication 800-61, Computer Security Incident Handling Guide, provides practical guidance to help organizations establish an effective incident response program, analyze and respond to information security incidents, and reduce the risks of future incidents. It...
See full abstract
This bulletin summarizes NIST Special Publication 800-61, Computer Security Incident Handling Guide, provides practical guidance to help organizations establish an effective incident response program, analyze and respond to information security incidents, and reduce the risks of future incidents. It contains useful information for computer security incident response teams (CSIRTs), system and network administrators, security staff, technical support staff, chief information officers (CIOs), and computer security program managers who are responsible for handling security incidents. Topics discussed include the need for and the organization of incident response teams, and how to manage the incident handling process. Specific recommendations are provided for handling five types of incidents: denial of service (DoS), malicious code, unauthorized access, inappropriate usage, and multiple component incidents.
Hide full abstract
Keywords
computer security incident; incident handling; incident response; security threats