本书主要针对网络**专业的从业者、学生、爱好者，概述了网络**应急响应方面国外的应对举措、以及我国应急响应体系及机构建设、法律法规解读，并对应急响应所涉及的基础理论和关键技术进行了**研究及阐释，帮助从业人员全面了解国际国内应急响应**的法律、法规、行业标准及规范、关键技术原理及应用，本书注重理论阐释和实践在操作相结合的原则，通过案例分析和工具使用，一是加强对理论的理解，同时也有助于提高读者的动手操作能力。

第1章 网络**应急响应业务的发展简史 ············································.1 1.1 网络**应急响应业务的由来 ·······························································.1 1.2 国际网络**应急响应组织的发展 ·························································.2 1.2.1 FIRST 介绍 ···············································································.2 1.2.2 APCERT 介绍 ············································································.2 1.2.3 **级 CERT 情况······································································.2 1.3 我国网络**应急响应组织体系的发展简介 ·············································.3 第2章 网络**应急响应概述 ·································��·························.5 2.1 网络**应急响应相关概念 ··································································.5 2.2 网络**与信息** ···········································································.5 2.3 产生网络**问题的原因分析 ·······························································.6 2.3.1 技术方面的原因 ·········································································.6 2.3.2 管理方面的原因 ·········································································.8 第3章 网络**应急响应法律法规 ·····················································.9 3.1 我国网络**应急响应相关法律法规、政策 ·············································.9 3.2 《网络**法》的指导意义 ·································································.10 3.2.1 建立网络**监测预警和信息通报制度 ·········································.10 3.2.2 建立网络**风险评估和应急工作机制 ·········································.11 3.2.3 制定网络**事件应急预案并定期演练 ·········································.12 3.3 《信息**技术 信息**应急响应计划规范》（GB/T24363—2009） ··················.13 3.3.1 应急响应需求分析和应急响应策略的确定 ······································.14 3.3.2 编制应急响应计划文档 ······························································.14 3.3.3 应急响应计划的测试、培训、演练 ···············································.14 3.3.4 应急响应计划的管理和维护 ························································.14 3.4 信息**事件分类分级 ·······································································.15 3.4.1 分类分级规范的重要意义 ···························································.15 3.4.2 信息**事件分类原则 ······························································.16 3.4.3 信息**事件分级原则 ······························································.16 第4章 网络**应急响应的常用模型 ················································.18 4.1 网络杀伤链与反杀伤链模型 ·································································.18 4.2 钻石模型 ··························································································.19 4.3 自适应**框架 ················································································.21 4.4 网络**滑动标尺模型 ·······································································.22 第5章 应急响应处置流程 ·······························································.24 5.1 准备阶段 ··························································································.24 5.1.1 准备的目的 ··············································································.24 5.1.2 准备的实施 ··············································································.25 5.2 检测阶段 ··························································································.27 5.2.1 检测的目的 ··············································································.27 5.2.2 检测的实施 ··············································································.27 5.3 遏制阶段 ··························································································.28 5.3.1 遏制的目的 ··············································································.28 5.3.2 遏制的实施 ··············································································.29 5.4 根除阶段 ··························································································.30 5.4.1 根除的目的 ··············································································.30 5.4.2 根除的实施 ··············································································.30 5.5 恢复阶段 ··························································································.31 5.5.1 恢复的目的 ··············································································.31 5.5.2 恢复的实施 ········