SANS Institute’s Incident Handler’s Handbook

Author: Patrick Kral

One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc (Bejtlich, 2005). The scope of this document is limited to the six phases of the incident handling process (“Incident handling step-by-step,” 2011) and providing the basic information necessary as to what each step entails. Its overall purpose is to provide the basic foundation for IT professionals and managers to be able to create their own incident response policies, standards, and teams within their organizations. This document will also include an incident handler’s checklist (template) that one can use to ensure that each of the incident response steps is being followed during an incident.

Download the handbook here:

https://www.sans.org/reading-room/whitepapers/incident/paper/33901