Rec. ITU-T X.1216 (09/2020) Requirements for collection and preservation of cybersecurity incident evidence
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview of cybersecurity incident evidence
     6.1 General procedure for incident response and investigation
     6.2 Data sources of cybersecurity incidents
          6.2.1 Host devices
          6.2.2 Network security devices
          6.2.3 Networks and network devices
7 Requirements for collection of cybersecurity incident data
     7.1 Cybersecurity incident data collection from host devices
     7.2 Cybersecurity incident data collection from network security devices
     7.3 Cybersecurity incident data collection from networks and network devices
8 Requirements for preservation of cybersecurity incident data
9 Requirements for collection and preservation tool to ensure reliability