search menu icon-carat-right cmu-wordmark

Incident Management Resources

These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.

Publisher:

CERT Division

Incident management involves recognizing, analyzing, and responding to incidents (e.g., an adverse event that affects the security of computer systems or networks, violation of a security policy) to limit the damage and lower the cost of recovery. When computer security incidents occur, organizations must respond quickly and effectively.

The following publications provide a collection of information about incident management that is broad and detailed:

CSIRT Resources

September 2014

These resources help Computer Security Incident Response Teams (CSIRTs) and those forming these teams.

NatCSIRT Resources

September 2014

This collection contains information that governments can use to develop a National Computer Security Incident Response Team (NatCSIRT).

Building an Incident Management Body of Knowledge

September 2012

In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.

Defining Incident Management Processes for CSIRTs: A Work in Progress

October 2004

In this report, the authors present a prototype best practice model for performing incident management processes and functions.

Handbook for Computer Security Incident Response Teams (CSIRTs)

April 2003

In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.

An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)

May 2014

The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.

Incident Management Capability Assessment

December 2018

Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.

The MAL: A Malware Analysis Lexicon

February 2013

In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.

Competency Lifecycle Roadmap: Toward Performance Readiness

September 2012

In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.

FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide

June 2008

This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.