NSTSpecial Publication 800-61Revision 2National Institute ofStandards and TechnologyU.S.Department of CommerceComputer SecurityIncident Handling GuideRecommendations of the National Instituteof Standards and TechnologyPaul CichonskiTom MillarTim GranceKaren Scarfonehttp://dx.doi.org/10.6028/NIST.SP.800-61r2NIST Special Publication 800-61Computer Security Incident HandlingRevision 2GuideRecommendations of the NationalPaul CichonskiComputer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyTom MillarUnited States Computer Emergency Readiness TeamNational Cyber Security DivisionDepartment of Homeland SecurityTim GranceComputer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyGaithersburg,MDKaren ScarfoneScarfone Cybersecurityhttp://dx.doi.org/10.6028/NIST.SP.800-61r2COMPUTERAugust 2012STATES OFU.S.Department of CommerceRebecca Blank,Acting SecretaryNational Institute of Standards and TechnologyPatrick D.Gallagher,Under Secretary of Commerce for Standards and Technologyand DirectorCOMPUTER SECURITY INCIDENT HANDLING GUIDEReports on Computer Systems TechnologyThe Information Technology Laboratory (ITL)at the National Institute of Standards and Technology(NIST)promotes the U.S.economy and public welfare by providing technical leadership for the Nation'smeasurement and standards infrastructure.ITL develops tests,test methods,reference data,proof ofconcept implementations,and technical analyses to advance the development and productive use ofinformation technology.ITL's responsibilities include the development of management,administrative,technical,and physical standards and guidelines for the cost-effective security and privacy of other thannational security-related information in Federal information systems.The Special Publication 800-seriesreports on ITL's research,guidelines,and outreach efforts in information system security,and itscollaborative activities with industry,government,and academic organizations.