第1章 网络**应急响应业务的发展简史 ············································.1 1.1 网络**应急响应业务的由来 ·······························································.1 1.2 国际网络**应急响应组织的发展 ·························································.2 1.2.1 FIRST 介绍 ···············································································.2 1.2.2 APCERT 介绍 ············································································.2 1.2.3 **级 CERT 情况······································································.2 1.3 我国网络**应急响应组织体系的发展简介 ·············································.3 第2章 网络**应急响应概述 ·································��·························.5 2.1 网络**应急响应相关概念 ··································································.5 2.2 网络**与信息** ···········································································.5 2.3 产生网络**问题的原因分析 ·······························································.6 2.3.1 技术方面的原因 ·········································································.6 2.3.2 管理方面的原因 ·········································································.8 第3章 网络**应急响应法律法规 ·····················································.9 3.1 我国网络**应急响应相关法律法规、政策 ·············································.9 3.2 《网络**法》的指导意义 ·································································.10 3.2.1 建立网络**监测预警和信息通报制度 ·········································.10 3.2.2 建立网络**风险评估和应急工作机制 ·········································.11 3.2.3 制定网络**事件应急预案并定期演练 ·········································.12 3.3 《信息**技术 信息**应急响应计划规范》(GB/T24363—2009) ··················.13 3.3.1 应急响应需求分析和应急响应策略的确定 ······································.14 3.3.2 编制应急响应计划文档 ······························································.14 3.3.3 应急响应计划的测试、培训、演练 ···············································.14 3.3.4 应急响应计划的管理和维护 ························································.14 3.4 信息**事件分类分级 ·······································································.15 3.4.1 分类分级规范的重要意义 ···························································.15 3.4.2 信息**事件分类原则 ······························································.16 3.4.3 信息**事件分级原则 ······························································.16 第4章 网络**应急响应的常用模型 ················································.18 4.1 网络杀伤链与反杀伤链模型 ·································································.18 4.2 钻石模型 ··························································································.19 4.3 自适应**框架 ················································································.21 4.4 网络**滑动标尺模型 ·······································································.22 第5章 应急响应处置流程 ·······························································.24 5.1 准备阶段 ··························································································.24 5.1.1 准备的目的 ··············································································.24 5.1.2 准备的实施 ··············································································.25 5.2 检测阶段 ··························································································.27 5.2.1 检测的目的 ··············································································.27 5.2.2 检测的实施 ··············································································.27 5.3 遏制阶段 ··························································································.28 5.3.1 遏制的目的 ··············································································.28 5.3.2 遏制的实施 ··············································································.29 5.4 根除阶段 ··························································································.30 5.4.1 根除的目的 ··············································································.30 5.4.2 根除的实施 ··············································································.30 5.5 恢复阶段 ··························································································.31 5.5.1 恢复的目的 ··············································································.31 5.5.2 恢复的实施 ········