Explore how NIST SP800-61 r2 is used to process an incident event and the recommended incident handling process. Examine evidence handling, as documented in NIST SP800-86 and how to apply VERIS schema categories to incident handling events.
Learning Objectives
SECOPS: Handling Incident Events and Evidence
- use NIST SP800-61 r2 incident handling to process an incident event and describe the recommended incident handling process
- describe evidence handling as documented in NIST SP800-86 and its importance in forensics
- describe how to apply VERIS schema categories to incident handling events