CSIRT

Search:

Advanced Search

CSIRT Reporting an Incident

Security incidents may arise at any time. Attacks are often launched during non-business hours in an attempt to maximize the potential damage.

CSIRT provides 24x7 Computer Security Incident Response Services to any user, company, government agency or organization. CSIRT provides a reliable and trusted single point of contact for reporting computer security incidents worldwide.

--- To Report An Incident - Click on the link below ---

Report an Incident to CSIRT

 

 

Definition of an Incident

An event which changes the security posture of an organization or circumvents security polices developed to prevent financial loss and/or the destruction, theft, or compromise of proprietary information. Also, an event investigated by an organization due to unusual activity, that cannot be explained as a consequence of normal operations.

Some possible classifications for security incidents are:

• Unauthorized Electronic Monitoring
• Misuse of Systems (internal or external)
• Website Defacement. Probe/Scan
• Denial of Service. Distributed Denial of Service
• Malicious Code (virus, worm)
• Intrusion/Hack
• Virus Attacks (Unable to clean, rename, or delete)
• Denial of Service Attacks
• IDS alert notifications (false positives possible)
• Automated scanning tools and probes
• External/Internal threats (espionage)
• Unauthorized accesses to information systems
• Theft of intellectual property
• Extortion

Checklist Doc's

• The Intruder Detection Checklist
• Windows NT Intruder Detection Checklist
• Steps for Recovering from a UNIX or NT System Compromise
• UNIX Root Compromise
• The UNIX Configuration Guidelines

Incident Info from other Organizations

• Incidents.org - SANS Institute
• Dshield.org 
• MyNetwatchman.com
• ARIS - Securityfocus.com