Date Published: March 2008
Supersedes:
SP 800-61 (01/16/2004)
Author(s)
Karen Scarfone (NIST), Tim Grance (NIST), Kelly Masone (BAH)
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. Topics covered include organizing a computer security incident response capability, handling incidents from initial preparation through the post-incident lessons learned phase, and handling specific types of incidents.
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is necessary for rapidly detecting incidents,...
See full abstract
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. Topics covered include organizing a computer security incident response capability, handling incidents from initial preparation through the post-incident lessons learned phase, and handling specific types of incidents.
Hide full abstract
Keywords
computer security incident; incident handling; incident response; threats; vulnerabilities
Control Families
None selected