Revising Way to Handle Computer Incidents

NIST's Computer Security Incident Handling Guide Gets Rewrite
Revising Way to Handle Computer Incidents
Threats change, and how organizations respond to computer security incidents changes, too.

In March 2008, when the National Institute of Standards and Technology issued Special Publication 800-61: Computer Security Incident Handling Guide, threats tended to be short-lived, fast-paced and comparatively easier to detect. Today's threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to loss of sensitive data.

See Also: OnDemand | Realities of Choosing a Response Provider

NIST is working on a revision of the guide, and seeks from industry, government agencies and academia best practices that could be included in the updated guidance.

The revised guide is designed to help incident response teams in and out of government to create an incident response policy and plan. The plan should have a mission, strategies and goals; an organizational approach to incident response; metrics for measuring the response capability; and a built-in process for updating the plan as needed.

NIST encourages organizations to review an incident immediately after it happens because that practice will help them to prepare for future incidents and provide stronger protection for systems and data.

SP 800-61 lead author Paul Cichonski says the revised guidance encouarges incident teams to think of the attack in two ways. "One is by method: what's happening and what needs to be fixed," he says. "The other is to consider an attack's impact by measuring how long the system was down, what type of information was stolen and what resources are required to recover from the incident."

Recommendations to the guidance must be submitted by March 16 to with "Comments SP 800-61" in the subject line.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.