Incident Management Resources
These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.
Incident management involves recognizing, analyzing, and responding to incidents (e.g., an adverse event that affects the security of computer systems or networks, violation of a security policy) to limit the damage and lower the cost of recovery. When computer security incidents occur, organizations must respond quickly and effectively.
The following publications provide a collection of information about incident management that is broad and detailed:
These resources help Computer Security Incident Response Teams (CSIRTs) and those forming these teams.
This collection contains information that governments can use to develop a National Computer Security Incident Response Team (NatCSIRT).
In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.
In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.