The National Institute of Standards and Technology published the final version of its guide for managing computer security incidents that is based on best practices from government, academic and business organizations.
The revised NIST guide, Computer Security Incident Handling Guide, provides step-by-step instructions for new, or well-established, incident response teams to create a proper policy and plan. NIST recommends that each plan should have a mission statement, strategies and goals, an organizational approach to incident response, metrics for measuring the response capability, and a built-in process for updating the plan as needed.
The guide recommends reviewing each incident afterward to prepare for future attacks and to provide stronger protections of systems and data.
"This revised version encourages incident teams to think of the attack in three ways," said co-author Tim Grance. "One is by method—what's happening and what needs to be fixed. Another is to consider an attack's impact by measuring how long the system was down, what type of information was stolen and what resources are required to recover from the incident. Finally, share information and coordination methods to help your team and others handle major incidents."