7 Steps to Improve Security Incident Handling

New NIST Guidance Targets Computer Incident Response
7 Steps to Improve Security Incident Handling
Establishing an effective incident response program is a key component of an information risk management strategy. And, the National Institute of Standards and Technology has issued draft guidelines to help organizations implement such a program.

NIST Wednesday announced it's seeking public comment on draft Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, which updates an earlier revision released in 2008.

See Also: Strengthening Defenses with ISO/IEC 27001 Standards: The Frontier of Canadian Cybersecurity

The rapidly changing threat environment requires new approaches to IT security, and NIST says the revised guidance does that:

"Unlike most threats several years ago, which tended to be short-lived and easy to notice, many of today's threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to exfiltration of sensitive data and other negative impacts. Identifying these threats in their early stages is key to preventing subsequent compromises, and sharing information among organizations regarding the signs of these threats is an increasingly effective way to identify them."

The draft guidance offers seven key actions organizations should execute to handle effectively computer incidents:

  1. Create, provision and operate a formal incident response capability. For federal agencies, this is required by the Federal Information Security Management Act. Agencies must also report incidents to the United States Computer Emergency Readiness Team.
  2. Reduce the frequency of incidents by effectively securing networks, systems and applications.
  3. Document their guidelines for interactions with other organizations regarding incidents.
  4. Prepare to handle any type of incident and more specifically to handle common incident types.
  5. Emphasize the importance of incident detection and analysis throughout the organization.
  6. Create written guidelines to prioritize incidents.
  7. Use the lessons-learned process to gain value from incidents.

NIST requests comments on the draft guidance be submitted by March 16 to 800-61rev2-comments@nist.gov with "Comments SP 800-61" in the subject line.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.