Tuesday, February 25, 2020

Руководство по реагированию на инциденты, связанные с информационной безопасностью

10/06/2010 Автор: mkozloff · View Comments · 251 views · Сохранить ·

Сводный документ Computer Security Incident Handling Guide и Guide to Integrating Forensic Techniques into Incident Response от Guidance Software Inc. основывается на рекомендациях National Institute of Standards and Technology (NIST) и описывает рекомендуемые действия в случаях обнаружения и нарушения информационной безопасности.

Думаю, что многим будет полезен. Краткие выдержки для прояснения смысла.

The Federal Information Security Management Act (FISMA) of 2002 requires Federal agencies to establish incident response capabilities. Each Federal civilian agency must designate a primary and secondary point of contact (POC) with FedCIRC, report all incidents, and internally document corrective actions and their impact. Each agency is responsible for determining specific ways in which these requirements are to be fulfilled.

Establishing an incident response capability should include the following actions:

  • Creating an incident response policy
  • Developing procedures for performing incident handling and reporting, based on the incident response policy
  • Setting guidelines for communicating with outside parties regarding incidents
  • Selecting a team structure and staffing model
  • Establishing relationships between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law
    enforcement agencies)
  • Determining what services the incident response team should provide
  • Staffing and training the incident response team.

Organizations should reduce the frequency of incidents by effectively securing networks, systems, and applications.

Organizations should document their guidelines for interactions with other organizations regarding incidents.

Organizations should emphasize the importance of incident detection and analysis throughout the organization.

Organizations should create written guidelines for prioritizing incidents.

Organizations should use the lessons learned process to gain value from incidents.

Organizations should strive to maintain situational awareness during large-scale incidents.

  • /blogs/mkozloff/archive/2010/06/10/107638.aspx Блог о развитии бизнеса и ИТ-решениях для бизнеса

    Руководство по реагированию на инциденты, связанные с информационной безопасностью…

    Документ Computer Security Incident Handling Guide от Guidance Software Inc. основывается на рекомендациях……

blog comments powered by Disqus
©1999-2010, Михаил Козлов · Работает на WordPress · Войти