The National Institute of Standards and Technology (NIST) Special Publication 800–61 Revision 2 (NIST.SP 800-61 Revision 2) is 79 pages worth of recommendations by the NIST on the subject of computer security incident handling. A link to the original source document is listed in the Further reading section.

Planning for incident response is an important function of any organization's cybersecurity function, and is the responsibility of everyone within the organization (including organizational management and the end user) to comply with the plan. This will require education programs, but also appropriate restrictions to prevent users from operating outside the plan.

At each of the four stages of incident response (as described in NIST.SP 800-61 Revision 2), different individuals and teams have different responsibilities. It is important to know this to minimize the duplication of effort and prevent gaps in protection.

The following topics will be covered in this chapter:

• The incident response plan
• The stages of an incident
• Incident response teams