Report vulnerabilities to CERT-In

What is a Security Incident

A computer security incident is any adverse event whereby some aspect of a computer system is threatened viz. loss of confidentiality, disruption of data or system integrity, denial of service availability.

Why should you report it to CERT-In

Any organisation or corporate using computer systems and networks may be confronted with security breaches or computer security incidents. By reporting such computer security incidents to CERT-In the System Administrators and users will receive technical assistance in resolving these incidents. This will also help the CERT-In to correlate the incidents thus reported and analyse them; draw inferences; disseminate up-to-date information and develop effective security guidelines to prevent occurrence of the incidents in future.

What should you report

System Administrators can report an adverse activity or unwanted behaviour which they may feel as an incident to CERT-In.

Contents of Incident Report

The following information (as much as possible) may be given while reporting the incident.

• Time of occurrence of the incident
• Information regarding affected system/network
• Symptoms observed
• Relevant technical information such as security systems deployed, actions taken to mitigate the damage etc.
• For details please refer the incident reporting form 

To whom should you report

The following channels may be used to report the incident to CERT-In.

• E-mail : incident@cert-in.org.in
• Helpdesk : +91-1800-11-4949
• Fax : +91-1800-11-6969

Verification by CERT-In

CERT-In will verify the authenticity of the report.

Triage

CERT-In will then analyse the information provided by the reporting authority and identify the existence of an incident. In case it is found that an incident has occurred, a tracking number will be assigned to the incident. Accordingly, the report will be acknowledged and the reporting authority will be informed of the assigned tracking number. CERT-In will designate a team as needed.

Incident Response 

The designated team will assist the concerned System Administrator in following broad aspects of incident handling:

• Identification: to determine whether an incident has occurred, if so analyzing the nature of such incident, identification and protection of evidence and reporting of the same.
• Containment: to limit the scope of the incident quickly and minimise the damage
• Eradication: to remove the cause of the incident
• Recovery: taking steps to restore normal operation

CERT-In will provide support to the System Administrators in identification, containment, eradication, and recovery during the incident handling in the form of advice. CERT-In will not physically deploy or send any member for attending the incident response activity at the site of occurrence. The priority of assisting in responding to the incidents will be decided by CERT-In keeping in view the severity of incident and availability of resources.

Source : CERT-In