Incident Reponse

Hacking 2009. 3. 30. 07:59

Incident Response Programs

NIST SP 800-61: Computer Security Incident Handling Guide (148 pages)
This NIST publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.

Handbook for Computer Security Incident Response Teams (CSIRTs) - CERT/CC (233 pages)
This document provides guidance on forming and operating a computer security incident response team (CSIRT). It details the functions that make up the CSIRT, how to handle sensitive information and the tools, procedures, and roles necessary to implement the program. In addition, operational and technical issues are covered, such as equipment, security, and staffing considerations.

Computer Security Incident Response Team (CSIRT) FAQs - CERT/CC
This frequently asked questions page provides a good primer for those interested in the basics of computer incident response.

6 Phases of Incident Handling - Texas A&M University
Computer security incident handling can be divided into six phases: preparation, identification, containment, eradication, recovery, and follow-up. Understanding these stages, and what can go wrong in each, facilitates responding more methodically and avoids duplication of effort.

Recovering from an Incident - CERT/CC
If you believe that your site may have suffered a break-in or other type of incident, the CERT/CC has some documents that can help you.

CSIRT Case Classification (Example for enterprise CSIRT) - FIRST
This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. This information will be entered into the Incident Tracking System (ITS) when a case is created. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. In addition, the classifications will provide CSIRT IM’s with proper case handling procedures and will form the basis of SLA’s between the CSIRT and other Company departments.
Posted by CEOinIRVINE
l