Cyber security incident management guide
The European Network and Information Security Agency (ENISA) has issued a new guide on good practice, practical information and guidelines for the management of network and information security incidents by CERTs.
Recent reports of increased cyber attacks has made the need for and use of the Agency report on how to fight cyber attacks even more topical and current.
The good practice guide for incident management focuses on the incident handling process. Incident handling is the core service carried out by most CERTs. This involves the detection and registration of incidents, followed by so called ‘triage’ (classifying, prioritizing and assigning incidents), incident resolution, closing and post-analysis.
Other topics covered by the guide include:
- Basics of a CERT
- Its mission, constituency and authority
- Organizational framework
- Roles within a CERT
- Workflows
- Internal policies
- Cooperation with external parties
- Outsourcing
- How to present the work to the management.