Mell, P., Kent, K., and Nusbaum, J. (2005). Guide to Malware Incident Prevention and Handling. (NIST SP 800-83.) National Institute of Standards and Technology, U.S. Department of Commerce.
The authors provide recommendations that can help an organization prevent, prepare for, respond to, and recover from malware incidents, especially widespread ones. Several types of malware are addressed (e.g., worms, viruses, and Trojan horses) and Appendix B provides malware incident handling scenarios that can help identify strengths and gaps in a facility’s cybersecurity plans.