NIST - Handling an Incident Template

This playbook contains the phases to handling an incident as described in the 'Handling an Incident' section of NIST - Computer Security Incident Handling Guide. Handling an incident - Computer Security Incident Handling Guide https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

NIST · 24 tasks · 0 inputs · 0 outputs

Flowchart

Start Start 3.1 - Preparation 3.1 - Preparation Preparing to Handle Incidents Preparing to Handle Incid... Preventing Incidents Preventing Incidents 3.2 - Detection and Analysis 3.2 - Detection and Analysis Attack Vectors Attack Vectors Signs of an Incident Signs of an Incident Sources of Precursors and Indicators Sources of Precursors and... Incident Analysis Incident Analysis Incident Documentation Incident Documentation Incident Prioritization Incident Prioritization Incident Notification Incident Notification Detection Detection Analysis Analysis 3.3 - Containment, Eradication, and Recovery 3.3 - Containment, Eradic... Choosing a Containment Strategy Choosing a Containment St... Evidence Gathering and Handling Evidence Gathering and Ha... Identifying the Attacking Hosts Identifying the Attacking... Eradication and Recovery Eradication and Recovery 3.4 - Post-Incident Activity 3.4 - Post-Incident Activity Using Collected Incident Data Using Collected Incident ... Evidence Retention Evidence Retention Done Done NIST - Lessons Learned - NIST - Lessons Learned NIST - Lessons Learned NIST - Lessons Learned