计算机安全事故处置指南（NIST800-61）

NIST

NIST Incident 事故

This publication seeks to help both established and newly formed incident response teams. This document assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. More specifically, this document discusses the following items:

• Organizing a computer security incident response capability
• Establishing incident response policies and procedures
• Structuring an incident response team, including outsourcing considerations
• Recognizing which additional personnel may be called on to participate in incident response.
• Handling incidents from initial preparation through the post-incident lessons learned phase
• Handling specific types of incidents
• Denial of Service (DoS)—an attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources
• Malicious Code—a virus, worm, Trojan horse, or other code-based malicious entity that infects a host
• Unauthorized Access—a person gains logical or physical access without permission to a network, system, application, data, or other resource
• Inappropriate Usage—a person violates acceptable computing use policies
• Multiple Component—a single incident that encompasses two or more incidents; for example, a malicious code infection leads to unauthorized access to a host, which is then used to gain unauthorized access to additional hosts.