Incident Management Resources
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Incident management involves recognizing, analyzing, and responding to incidents (e.g., an adverse event that affects the security of computer systems or networks, violation of a security policy) to limit the damage and lower the cost of recovery. When computer security incidents occur, organizations must respond quickly and effectively.
The following publications provide a collection of information about incident management that is broad and detailed:
Collection Items
CSIRT Resources
• Collection
By Software Engineering Institute
These resources help Computer Security Incident Response Teams (CSIRTs) and those forming these teams.
Learn More
NatCSIRT Resources
• Collection
By Software Engineering Institute
This collection contains information that governments can use to develop a National Computer Security Incident Response Team (NatCSIRT).
Learn More
Building an Incident Management Body of Knowledge
• White Paper
By Dave Mundie, Robin Ruefle
In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.
Read
Defining Incident Management Processes for CSIRTs: A Work in Progress
• Technical Report
By Christopher J. Alberts, Audrey J. Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
Read
Handbook for Computer Security Incident Response Teams (CSIRTs)
• Handbook
By Moira West Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek
In this 2003 handbook, the authors describe different organizational models for implementing incident handling capabilities.
Read
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
• Technical Note
By Christopher J. Alberts, Audrey J. Dorofee, Robin Ruefle, Mark Zajicek
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
Read
Incident Management Capability Assessment
• Technical Report
By Audrey J. Dorofee, Robin Ruefle, Mark Zajicek, David McIntire, Samuel J. Perl, Christopher J. Alberts, Carly L. Huth, Pennie Walters
The capabilities presented in this report provide a benchmark of incident management practices.
Read
The MAL: A Malware Analysis Lexicon
• Technical Note
By Dave Mundie, David McIntire
In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
Read
Competency Lifecycle Roadmap: Toward Performance Readiness
• Technical Note
By Sandra Behrens, Christopher J. Alberts, Robin Ruefle
In this report, the authors describe the Competency Lifecycle Roadmap (CLR), a preliminary roadmap for understanding and building workforce readiness.
Read
FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide
• Brochure
By Software Engineering Institute
This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.
Learn MorePart of a Collection
CSIRT Resources