Cert-In - Home Page

Report & Contribute to a SECURE & SAFE DIGITAL INDIA

Reporting of a Security Incident

A computer security incident is any adverse event whereby some aspect of a computer system is threatened viz. loss of confidentiality, disruption of data or system integrity, denial of service availability.

Any organisation or corporate using computer systems and networks may be confronted with security breaches or computer security incidents.

By reporting such computer security incidents to CERT-In the System Administrators and users will receive technical assistance in resolving these incidents. This will also help the CERT-In to correlate the incidents thus reported and analyse them; draw inferences; disseminate up-to-date information and develop effective security guidelines to prevent occurrence of the incidents in future.

Reporting of an incident

System Administrators can report an adverse activity or unwanted behaviour which they may feel as an incident to CERT-In. They may use the following channels to report the incident.

E-mail : incident@cert-in.org.in
Helpdesk : +91-1800-11-4949
Fax : +91-1800-11-6969

Contents of Incident Report

The following information (as much as possible) may be given while reporting the incident.

Time of occurrence of the incident
Information regarding affected system/network
Symptoms observed
Relevant technical information such as security systems deployed, actions taken to mitigate the damage etc.

For details please refer the incident reporting form

Verification

CERT-In will verify the authenticity of the report.

Triage :

CERT-In will then analyse the information provided by the reporting authority and identify the existence of an incident. In case it is found that an incident has occurred, a tracking number will be assigned to the incident. Accordingly, the report will be acknowledged and the reporting authority will be informed of the assigned tracking number. CERT-In will designate a team as needed.

Incident Response :

The designated team will assist the concerned System Administrator in following broad aspects of incident handling:

Identification: to determine whether an incident has occurred, if so analyzing the nature of such incident, identification and protection of evidence and reporting of the same.
Containment: to limit the scope of the incident quickly and minimise the damage
Eradication: to remove the cause of the incident
Recovery: taking steps to restore normal operation

CERT-In will provide support to the System Administrators in identification, containment, eradication, and recovery during the incident handling in the form of advice. CERT-In will not physically deploy or send any member for attending the incident response activity at the site of occurrence. The priority of assisting in responding to the incidents will be decided by CERT-In keeping in view the severity of incident and availability of resources.

Security Incident Reporting Form

Note: The information provided by CERT-In website is available in Portable Document Format (PDF).
To view this information conveniently, download the Adobe Acrobat Reader here.

"Install genuine and updated software
to strengthen your online safety and security"