tailieunhanh - Defining Incident Management Processes for CSIRTs: A Work in Progress

Incident management capabilities1 can take many forms—they can be an ad hoc group that is pulled together in a crisis, they can be a defined set of procedures that are followed when an incident occurs, or they can be a designated group of people assigned explicit responsibility for handling computer security incidents, generically called a computer security incident response team, or In our work, we are often asked for a “roadmap” or set of processes and templates that can be used by an organization to guide the development of their incident management capability. Correspondingly, we are asked how best to evaluate and measure the success and. | TECHNICAL REPORT CMU SEI-2004-TR-015 ESC-TR-2004-015 Defining Incident Management Processes for CSIRTs A Work in Progress Chris Alberts Audrey Dorofee Georgia Killcrece Robin Ruefle Mark Zajicek October 2004 Carnegie Mellon Software Engineering Institute Pittsburgh PA 15213-3890 Defining Incident Management Processes for CSIRTs A Work in Progress CMU SEI-2004-TR-015 ESC-TR-2004-015 Chris Alberts Audrey Dorofee Georgia Killcrece Robin Ruefle Mark Zajicek October 2004 Networked Systems Survivability Program Unlimited distribution subject to the .