Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Computer Security Incident Handling Guide

Published

Author(s)

Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone

Abstract

Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. Topics covered include organizing a computer security incident response capability, handling incidents from initial preparation through the post-incident lessons learned phase, and handling specific types of incidents. [Supersedes SP 800-61 Rev. 1 (March 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51289]
Citation
Special Publication (NIST SP) - 800-61 Rev 2
Report Number
800-61 Rev 2

Keywords

computer security incident, incident handling, incident response, threats, vulnerabilities
Created August 6, 2012, Updated November 10, 2018