Enisa issues security incident response guidelines

The European Network and Information Security Agency (Enisa) has issued a new guide to managing network and information security incidents for computer emergency response teams.

The EU cyber security agency said that the Good Practice Guide for Incident Management offers best practice advice and practical information in response to increased cyber attacks during 2010.

"Reports show that incidents are becoming more advanced and targeted. Although some targets will be more popular than others, there are no safe hideouts," said Enisa in the report.

The guide focuses on the incident handling process, which is one of the core tasks carried out by computer emergency response teams (Certs). This involves the detection and registration of incidents, followed by the classifying, prioritising and assigning of incidents, along with resolution, closing and post-analysis.

Other topics covered include workflows, outsourcing, organisational frameworks and how to present work to the management.

Enisa called for every EU member state to establish a Cert, and described the guide as a useful tool to "boost Europe's defences against cyber attacks" and support the European Commission's proposed EU Internal Security Strategy (PDF).

The guide has been designed for security staff working for national and governmental departments, and includes key information on organisational frameworks, workflows and internal policies.

Enisa said any group or team that handles information or network security incidents could also benefit from following its guidelines.