Incident Management Resources
These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.
Abstract
Incident management involves recognizing, analyzing, and responding to incidents (e.g., an adverse event that affects the security of computer systems or networks, violation of a security policy) to limit the damage and lower the cost of recovery. When computer security incidents occur, organizations must respond quickly and effectively.
The following publications provide a collection of information about incident management that is broad and detailed:
Collection Contents
-
CSIRT Resources
September 16, 2014 • Collection
These resources help Computer Security Incident Response Teams (CSIRTs) and those forming these teams.
view -
NatCSIRT Resources
September 18, 2014 • Collection
This collection contains information that governments can use to develop a National Computer Security Incident Response Team (NatCSIRT).
view -
Building an Incident Management Body of Knowledge
September 7, 2012 • White Paper
By Dave Mundie, Robin Ruefle
In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.
read -
Defining Incident Management Processes for CSIRTs: A Work in Progress
October 1, 2004 • Technical Report
By Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
read -
Handbook for Computer Security Incident Response Teams (CSIRTs)
April 1, 2003 • Handbook
By Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.
read -
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
May 30, 2014 • Technical Note
By Christopher J. Alberts, Audrey J. Dorofee, Robin Ruefle, Mark Zajicek
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
read -
Incident Management Capability Assessment
December 19, 2018 • Technical Report
By Audrey J. Dorofee, Robin Ruefle, Mark Zajicek, David McIntire, Samuel J. Perl, Christopher J. Alberts, Carly L. Huth, Pennie Walters
The capabilities presented in this report provide a benchmark of incident management practices.
read -
The MAL: A Malware Analysis Lexicon
February 1, 2013 • Technical Note
By Dave Mundie, David McIntire
In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
read -
Competency Lifecycle Roadmap: Toward Performance Readiness
September 1, 2012 • Technical Note
By Sandra Behrens, Christopher J. Alberts, Robin Ruefle
In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.
read -
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
June 19, 2008 • Brochure
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
read