From the course: Cybersecurity Foundations: Incident Response
Join today to access over 25,300 courses taught by industry experts.
Comparing SANS and NIST frameworks
From the course: Cybersecurity Foundations: Incident Response
Comparing SANS and NIST frameworks
- [Instructor] All good IR programs hinge on a framework. Today, most organizations use NIST or SANS to establish their framework. NIST and SANS are proven playbooks in our industry that keep teams aligned in vocabulary, approach, and process. So that's why today, we're looking at two of the most widely used frameworks in incident response. NIST Special Publication 800-61 and the SANS Institute Incident Handler's Handbook. We'll break down how they compare so you can decide which is a better fit for your organization or how to blend the strengths of both. Let's start with NIST 800-61. Think of it as an encyclopedia of incident handling. It's comprehensive, 48 pages long, and incredibly detailed, covering everything from preparation to post-incident review. NIST organizes incident lifecycle into four key phases, preparation, detection analysis, containment, and eradication and recovery. What sets NIST apart is its…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.