FBI Director Robert Mueller says the bureau will apply the methods it uses to combat terrorism along with old-fashioned gumshoe practices such as infiltration of criminal networks to battle cybercriminals.
"The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," says NIST's Ron Ross.
With the threat landscape significantly different since it issued its guidance four years ago, NIST sets out to revise Special Publication 800-61, Computer Security Incident Handling Guide, with help from industry, government agencies and academia.
"People appreciate being contacted when particular transactions look risky," says Peter Tapling, President and CEO of Authentify. "Out-of-band authentication provides the opportunity to do that in real-time, at very low cost to the institutions."
No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.