Skip to content
Log in

Framework blending

Definition

The practice of combining elements of multiple IR frameworks: for example, using NIST as the strategic backbone, SANS phase names in operational playbooks, ISO/IEC 27035 for audit documentation, and CREST guidelines when procuring external IR services.

Related terms

CREST
A UK-based not-for-profit professional body that publishes practitioner-focused incident response guidelines and operates accreditation schemes for IR service providers. CREST guidance emphasises...
ISO/IEC 27035
An international standard for information security incident management. Part 1 covers principles and concepts; Part 2 covers planning and preparation. It defines...
NIST SP 800-61
The US National Institute of Standards and Technology's Computer Security Incident Handling Guide. It defines a four-phase IR lifecycle: Preparation; Detection and...
Phase granularity
The number and specificity of discrete steps a framework defines within the IR lifecycle. Higher granularity, as in SANS PICERL's six steps...
SANS PICERL
A six-step incident response model developed through SANS Institute training: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. PICERL breaks NIST's combined response...

Explained in

  • Comparing Incident Response FrameworksThe practice of combining elements of multiple IR frameworks: for example, using NIST as the strategic backbone, SANS phase names in operational playbooks, ISO...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account