Home Page Submissions Content About the Founder Contact Us
Secure Your Computer
Personal Security
Disaster Preparedness
Homeland Security
Security Awareness Tips
Security Awareness Program
Security Awareness Training
INFOSEC Professional
INFOSEC Auditing
Risk Management
Insider Threat
Incident Response
Free Resources
Security Awareness Day


Incident Response

Incident Response Programs

NIST SP 800-61: Computer Security Incident Handling Guide (148 pages)
This NIST publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.

Handbook for Computer Security Incident Response Teams (CSIRTs) - CERT/CC (233 pages)
This document provides guidance on forming and operating a computer security incident response team (CSIRT). It details the functions that make up the CSIRT, how to handle sensitive information and the tools, procedures, and roles necessary to implement the program. In addition, operational and technical issues are covered, such as equipment, security, and staffing considerations.

Computer Security Incident Response Team (CSIRT) FAQs - CERT/CC
This frequently asked questions page provides a good primer for those interested in the basics of computer incident response.

6 Phases of Incident Handling - Texas A&M University
Computer security incident handling can be divided into six phases: preparation, identification, containment, eradication, recovery, and follow-up. Understanding these stages, and what can go wrong in each, facilitates responding more methodically and avoids duplication of effort.

Recovering from an Incident - CERT/CC
If you believe that your site may have suffered a break-in or other type of incident, the CERT/CC has some documents that can help you.

CSIRT Case Classification (Example for enterprise CSIRT) - FIRST
This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. This information will be entered into the Incident Tracking System (ITS) when a case is created. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. In addition, the classifications will provide CSIRT IM’s with proper case handling procedures and will form the basis of SLA’s between the CSIRT and other Company departments.

Incident Report Templates

· Gideon T. Rasmussen's Incident Report Template
· SANS Incident Identification Form
· SANS Incident Survey Form
· SANS Incident Containment Form
· SANS Incident Eradication Form
· SANS Incident Communication Log Form
· Melissa Guenther's Incident Report Form
· US-CERT Incident Reporting System
· CERT/CC Incident Reporting Guidelines

Copyright 2003 - 2008 - USSecurityAwareness.org - All rights reserved - Legal Notices