Below is an outline NIST Special Publication 800-61 (Revision 2) Computer Security Incident Handling Guide. If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.
- Click HERE to log into the library (Members only).
- Folder: Books and Guides > Security Docs
If you are having issues logging in, please check the following help guide, HERE.
Purpose and Scope
Organizing a Computer Security Incident Response Capability
Events and Incidents
Need for Incident Response
Incident Response Policy, Plan, and Procedure Creation
Sharing Information With Outside Parties
Incident Response Team Structure
Team Model Selection
Incident Response Personnel
Dependencies within Organizations
Incident Response Team Services
Handling an Incident
Preparing to Handle Incidents
Detection and Analysis
Signs of an Incident
Sources of Precursors and Indicators
Containment, Eradication and Recovery
Choosing a Containment Strategy
Evidence Gathering and Handling
Identifying the Attacking Hosts
Eradication and Recovery
Using Collected Incident Data
Incident Handling Checklist
Coordination and Information Sharing
Sharing Agreements and Reporting Requirements
Information Sharing Techniques
Granular Information Sharing
Business Impact Information
Appendix A - Incident Handling Scenarios
Appendix B - Incident-Related Data Elements
Basic Data Elements
Incident Handler Data Elements
Appendix C - Glossary
Appendix D - Acronyms
Appendix E - Resources
Appendix F - Frequently Asked Questions
Appendix G - Crisis Handling Steps
Appendix H - Change Log
Figure 2-1 Communications with Outside Parties
Figure 3-1 Incident Response Life Cycle
Figure 3-2 Incident Response Life Cycle Detection and Analysis
Figure 3-3 Incident Response Life Cycle Containment Eradication and Recovery
Figure 3-4 Incident Response Life Cycle Post-Incident Activity
Figure 4-1 Incident Response Coordination
Table 3-1 Common Sources of Precursors and Indicators
Table 3-2 Functional Impact Categories
Table 3-3 Information Impact Categories
Table 3-4 Recoverability Effort Categories
Table 3-5 Incident Handling Checklist
Table 4-1 Coordination Relationships
- To access (Members only), please click HERE to log into the library.
- Apply for membership at caribbeancspa.org/apply. If you're not already a member.
- You view our list of Members at caribbeancspa.org/members.
This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA.