- Author
-
Wack, J. P.
- Title
- Establishing a Computer Security Incident Response Capability (CSIRC).
- Coporate
- National Institute of Standards and Technology, Gaithersburg, MD
- Report
-
NIST SP 800-3
November 1991
44 p.
- Distribution
- Available from Government Printing Office
- Keywords
-
computers
|
risk analysis
|
risks
- Identifiers
- crackers; ahackers; incident handling; threats; unauthorized users; viruses; vulnerabilities
- Abstract
- Government agencies and other organizations have begun to augment their computer security efforts because of increased threats to computer security. Incidents involving these threats, including computer viruses, malicious user activity, and vulnerabilities associated with high technology, require a skilled and rapid response before they can cause significant damage. These increased computer security efforts, described here as Computer Security Incident Response Capabilities (CSIRCs), have as a primary focus the goal of reacting quickly and efficently to computer security incidents. CSIRC efforts provide agencies with a centralized and cost-effective approach to handling computer security incidents so that future problems can be efficiently resolved and prevented. While the risks to computer security have increased, agencies have also become more dependent on computers. Many systems in widespread use today do not contain safeguards to guarantee protection from these threats. Additionally, as systems become more complex, they are more prone to vulnerabilities that can increase the risk of malicious exploritation. Due to greater availability of computers, users are often de facto system managers, however many have neither the requisite skills nor time to manage their systems effectively. These factors make it clear that agencies need to augment their computer security capabilities before they suffer from serious computer security problems that can harm their missions, result in significant expense, and tarnish their images. A CSIRC can help agencies resolve computer security problems in a way that is both efficient and cost-effective. Combined with policies for centralized reporting, a CSIRC can reduce waste and duplication while providing a better posture against potentially devastating threats. A CSIRC is a proactive approach to computer security, one that combines reactive capabilities with active steps to prevent future incidents from occurring.