The National Institute of Standards and Technology (NIST) has published for public comment a draft update to a guide for organizations managing their responses to computer security incidents such as hacking attacks. The Guide notes that computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently.
NIST acknowledges that performing incident response effectively is a complex undertaking. Establishing a successful incident response capability requires substantial planning and resources. The Guide is intended to help both established and newly formed incident response teams. Unlike most threats several years ago, which tended to be short-lived and easy to notice, many of today’s threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time.
The Guide discusses seven (7) requirements and recommendations to enhance the efficient and effective incident response activities.
1. Create, provision, and operate a formal incident response capability.
2. Reduce the frequency of incidents by effectively securing networks, systems, and applications.
3. Document guidelines for interactions with other organizations regarding incidents.
4. Be prepared to handle any type of incident, and particularly common incident types.
5. Emphasize the importance of incident detection and analysis throughout the organization.
6. Create written guidelines for prioritizing incidents.
7. Use the lessons learned process to gain value from incidents.
While the Guide is directed to Federal departments and agencies, the recommendations throughout the Guide are instructive and useful for private businesses as well. Having a well-designed security breach incident response plan to use during and after an attack provides guidance and structure to what is often a complex situation. Well-drafted incident response plans can assist in minimizing loss and theft of sensitive information, and service disruptions after an attack is identified.