New draft guidance is giving agencies some help in responding to the ever-changing landscape of cyber threats.
The National Institute of Standards and Technology revises its computer security incident handling guide. It outlines seven capabilities every agency plan should have, including guidelines for communications with Congress, citizens and the media. It also provides a team structure and staffing model.
The guide also defines several common methods of attack such as fake emails or links and infected thumb drives or other removable media.
NIST says today’s threats tend to be more steath, slow to spread and gather information over a longer period of time.