On August 8, 2012, The National Institute of Standards and Technology (NIST) released a revised version of the Computer Security Incident Handling Guide (Security Guide) addressing the management of computer security incidents. The purpose of the Security Guide is to “assist organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently.” The revisions to the Security Guide address evolving threats to the computer networks of government agencies and includes a new section focusing on the practice of coordination and information sharing among agencies. Noting that no preventative system can avert all security incidents, NIST emphasizes the importance of developing protocols for “rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring IT Services” and provides step-by step instructions in the Security Guide for new or existing incident response teams to create adequate policies and plans.
In related news, on July 25, 2012, NIST released an updated Guide to Intrusion Detection and Prevention Systems (Intrusion Guide) and an updated Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Malware Guide). The Intrusion Guide, which was first proposed in 2006, details the characteristics of intrusion detection systems and provides recommendations for designing, implementing, configuring, securing, monitoring and maintaining such systems, with a particular emphasis on the protection of mobile technologies.
Although many agencies and companies are going mobile, NIST notes that “it is still critical to protect desktops and laptops” and devotes the Malware Guide to providing information on the primary categories of malware that affect desktop and laptop computers. In addition, the Malware Guide offers practical advice on how to prevent malware incidents and how to respond when a system is infected. A further revised version of the Malware Guide is expected to be published later this year.
Also on July 25, 2012, NIST released The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities (Misuse Guide), which is a new publication describing a scoring system for computer security managers to assess and develop strategies for managing risks arising from software feature misuse. NIST notes that while attention often focuses on software flaws or systemic failure, accidental or intentional misuses of software features also pose critical risks, including data leakage, data corruption or reduced system availability.