NIST, the National Institute of Standards and Technology, is currently revising its guidelines for how computer security incidents are handled in both the business and government sectors. The original guide was published in March of 2008 and was classed as Special Publication 800-61. At the time of its publication, the threat environment was very different from the one businesses must confront today. Then, attacks tended to be short and much easier to detect.
Today's threat environment is characterized by stealth and a much larger amount of patience on the part of hackers, who may release a malware program that is designed to spread in a slow, steady manner, gathering data over weeks or even months. In order to help businesses better handle incidents of computer security in this new threat environment, NIST is soliciting advice from private business IT managers as well as experts working for the government or at the nation's institutions of higher learning.
The new guide is aimed at helping businesses to develop robust incidence response plans of their own. According to NIST, these plans should contain not just the overall mission, but also the strategies and techniques the organization will take to fulfill that mission. In addition, NIST believes that businesses should debrief themselves on incidents immediately whenever they happen, as that is the best way to adopt proactive measures that can ward away future incidents.
Private businesses will find that a managed programs approach is ideal for following the final guideline since the skilled IT support personnel that visit to maintain systems will be able to provide valuable insight into how the attack affected the systems and programs these staff manage.