Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Collection - Related Assets

Incident Management Resources

  • These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.
  • Incident Management CSIRTs
  • Publisher: CERT Division
  • Incident management involves recognizing, analyzing, and responding to incidents (e.g., an adverse event that affects the security of computer systems or networks, violation of a security policy) to limit the damage and lower the cost of recovery. When computer security incidents occur, organizations must respond quickly and effectively.

    The following publications provide a collection of information about incident management that is broad and detailed:

  • CSIRT Resources September 2014 Author(s): These resources explain how to create and maintain a Computer Security Incident Response Team (CSIRT).
  • NatCSIRT Resources September 2014 Author(s): This collection contains information that governments can use to develop a National Computer Security Incident Response Team (NatCSIRT).
  • Building an Incident Management Body of Knowledge September 2012 Author(s): Dave Mundie, Robin Ruefle In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.
  • Defining Incident Management Processes for CSIRTs: A Work in Progress October 2004 Author(s): Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek In this report, the authors present a prototype best practice model for performing incident management processes and functions.
  • Handbook for Computer Security Incident Response Teams (CSIRTs) April 2003 Author(s): Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.
  • An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) May 2014 Author(s): Christopher J. Alberts, Audrey J. Dorofee, Robin Ruefle, Mark Zajicek The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
  • Incident Management Capability Metrics Version 0.1 April 2007 Author(s): Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek In this report, the authors present metrics to provide a baseline or benchmark of incident management practices.
  • The MAL: A Malware Analysis Lexicon February 2013 Author(s): Dave Mundie, David McIntire In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
  • Competency Lifecycle Roadmap: Toward Performance Readiness September 2012 Author(s): Sandra Behrens, Christopher J. Alberts, Robin Ruefle In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.