Discover a new worm? Uncover a previously unseen bug in Windows? Identify a malicious spammer? Where do you call the cybercops?
The US Department of Homeland Security, which considers cybersecurity among its duties, has issued an incident response handbook intended to answer all that. Called The Incident Response and Reporting Guidelines, the publication should be available now from the Department of Homeland Security.
The laminated booklet contains suggestions on identifying and responding to suspicious computer behaviour. It is published as a Homeland Security initiative to educate the public on cyber threats. Unlike other efforts, it is designed to make it easy for people to report problems.
The booklet provides a list of symptoms of a possible threat, such as unexplained modification or deletion of data, finding new files or unfamiliar file names and unauthorised or suspicious system entries.
The Federal Computer Incident Response Center (FedCIRC), part of the National Cyber Security Division within the Homeland Security Department, offers online and telephone alert hotlines.
“Remain calm” is the first instruction on responding to an incident.
The second direction is to ask questions and take good notes. The guidelines remind readers to log the four W’s — what, where, when, who — in relation to their problem. It also encourages them to record any observations and time stamps.
The third step is to determine the priority of the threat and then to report it to officials. Pass along the information you gathered. Remember to include the name of your organization and your contact information when reporting a cyber threat.