U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Computer Security Incident Handling Guide

Published

Author(s)

Timothy Grance, Karen Kent, Brian Kim

Abstract

[Superseded by SP 800-61 Rev. 1 (March 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51289] NIST Special Publication 800-61, Computer Security Incident Handling Guide, assists organizations in mitigating the potential business impact of information security incidents by providing practical guidance on responding to a variety of incidents effectively and efficiently. Specifically, this document discusses the following items: 1) establishing a computer security incident response capability, including policy, procedure, and guideline creation; 2) selecting appropriate staff and building and maintaining their skills; 3) emphasizing the importance of incident detection and analysis throughout the organization; 4) maintaining situational awareness during large-scale incidents; and 5) handling incidents from initial preparation through the post-incident lessons learned phase, including specific advice on five common categories of incidents. While the guide is rather technical in nature, all guidance is independent of particular hardware platforms, operating systems, and applications.
Citation
Special Publication (NIST SP) - 800-61
Report Number
800-61
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs
Supercedes Publication
Establishing a Computer Security Incident Response Capability (CSIRC)
Superceded By Publication
Computer Security Incident Handling Guide

Keywords

computer security incident, CSIRT/CIRT, denial of service, incident handling, incident response, incident types, log analysis, malicious code, unauthorized access
Cybersecurity

Citation

Grance, T. , Kent, K. and Kim, B. (2004), Computer Security Incident Handling Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed December 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created January 16, 2004, Updated May 4, 2021