1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Framework and processes
7 Discovery
7.1 Collection of applications and attack reports
7.2 Analysis of infected terminals and known malicious software
7.3 Analysis of new malicious software
8 Governing
8.1 Governing measures
8.2 Prevention
8.3 Restriction
9 Information sharing
Bibliography