An Incident Taxonomy

One of the best definitions and explanations of the type of activity that should be included in an incident was written by John D. Howard and Thomas A. Longstaff of Sandia National Laboratories. Together the two investigated several incident reports and worked closely with the CERT CC to understand and define a complete incident taxonomy. Their report was released in October 1998 and can be obtained from the CERT CC Web site. The taxonomy was further expanded and published as part of the Computer Security Handbook, fourth edition (copyright 2002). The update, written by John Howard and Pascal Meunier, provides more information regarding the process used to develop the taxonomy, defines additional terms used to classify and ...

Get Effective Incident Response Team, The now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.