Citation[edit | edit source]
Overview[edit | edit source]
In today's active threat environment, incident detection and response is an ongoing challenge for many organizations. This publication assists organizations in establishing computer security incident response capabilities that leverage the collective knowledge, experience, and abilities of their partners by actively sharing threat intelligence and ongoing coordination. This publication provides guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident-related data.
This publication expands upon the guidance introduced in Section 4, Coordination and Information Sharing of NIST Special Publication 800-61, "Computer Security Incident Handling Guide" and explores information sharing, coordination, and collaboration as part of the incident response life cycle.