Name of the model | Phases |
Donaldson et al. (2015): Incident Response Process | Identify, investigate, collect, report, contain, repair, remediate, validate, report conclusions and resume normal IT operations |
CREST (2014): Cyber security incident management capability | Prepare, respond and follow up |
NIST (2012): The Incident Response Life Cycle | Preparation; detection & analysis, containment; eradication & recovery and post-incident activity |
ISACA (2012): Incident Management Life Cycle | Planning and preparation; detection, triage and investigation; containment, analysis, tracking and recovery; postincident assessment and incident closure |
SANS (2011): Incident handling step-by-step | Preparation, identification, containment, eradication, recovery and lessons learned |
ISO/IEC 27035 (2011): Information Security Incident Management | Plan and prepare; detection and reporting; assessment and decision; responses and lessons learnt |
ENISA (2010): Incident handling process | Report, registration, triage, incident resolution, incident closure and post-analysis |
Kennedy (2008): Modified small business approach for incident handling | Develop a security policy, protect computer equipment, keep data safe, use Internet safely, protect the network, secure line of business applications and training |
CERT/CC (2003) Incident handling life-cycle process | Report, analyze, obtain contact information, provide technical assistance, coordinate information & response and provide resolution |