The National Institute of Standards and Technology ("NIST") released the final version of its revised guidance document on handling computer security incidents "efficiently and effectively." The final guide reiterates the NIST's recommendation that companies create an incident response plan, staff an incident response team, and conduct a thorough review of each incident after it occurs. In response to comments, the guide adds a section on coordination and information sharing with other organizations, including trusted partners, law enforcement, internet service providers, constituents and customers. The guide highlights the way coordination can expand a small organization's ability to respond to suspicious activity with more resources and (potentially) more information about the incident.
NIST has also released the initial draft of three other guidance documents – the guides cover intrusion detection and prevention systems, malware incident prevention, and a "Common Misuse Scoring System" for assessing the risk of software feature misuse (i.e., malicious email attachments or links). NIST is accepting comments on these documents.
Tip: The NIST's guidance regarding computer security incidents is non-binding, but may serve as a useful tool for implementing or reevaluating your existing corporate data security program.