-
作者NIST
-
简介
This publication seeks to help both established and newly formed incident response teams. This document assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. More specifically, this document discusses the following items:
- Organizing a computer security incident response capability
- Establishing incident response policies and procedures
- Structuring an incident response team, including outsourcing considerations
- Recognizing which additional personnel may be called on to participate in incident response.
- Handling incidents from initial preparation through the post-incident lessons learned phase
- Handling specific types of incidents
- Denial of Service (DoS)—an attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources
- Malicious Code—a virus, worm, Trojan horse, or other code-based malicious entity that infects a host
- Unauthorized Access—a person gains logical or physical access without permission to a network, system, application, data, or other resource
- Inappropriate Usage—a person violates acceptable computing use policies
- Multiple Component—a single incident that encompasses two or more incidents; for example, a malicious code infection leads to unauthorized access to a host, which is then used to gain unauthorized access to additional hosts.
-
提示本站仅做资料的整理和索引,转载引用请注明出处
相关推荐
-
2016-03-16 04:49:23
-
2016-03-13 13:37:01
-
2018-03-09 14:08:51
-
2016-02-24 16:25:03
附件下载
-
计算机安全事故处置指南(NIST800.61).pdf