How to report a cyber incident?

What is a Security Incident?

A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. This includes interference with information technology operation and violation of campus policy, laws or regulations.

Examples of security incidents include:

  • Computer system breach

  • Unauthorized access to, or use of, systems, software, or data

  • Unauthorized changes to systems, software, or data

  • Loss or theft of equipment storing institutional data

  • Denial of service attack

  • Interference with the intended use of IT resources

  • Compromised user accounts

It is important that actual or suspected security incidents are reported as early as possible so that campus can limit the damage and cost of recovery. Include specific details regarding the system breach, vulnerability, or compromise of your computer and we will respond with a plan for further containment and mitigation.

How to report a security incident?

If the purpose of communication is a cyber security incident report contact CERT-In Incident Response Help Desk.


Email: incident@cert-in.org.in


PGP Key Details:

User ID: incident@cert-in.org.in

Key ID: 0xB620D0B4

Key Type: RSA

Expires: 2021-08-31

key Size: 4096/4096

Finger Print: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

Phone: +91-11-24368572

Toll Free Phone: +91-1800-11-4949

Toll Free Phone: +91-1800-11-6969


Postal Address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan 6, CGO Complex, Lodhi Road,

New Delhi -110 003.

India.


Information to include in the report:

  • Your name

  • Department

  • Email address

  • Telephone number

  • Description of the information security problem

  • Date and time the problem was first noticed (if possible)

  • Any other known resources affected

What should I do if I suspect a serious Security Incident?

A security incident is considered serious if the campus is impacted by one or more of the following:

  • potential unauthorized disclosure of sensitive information

  • serious legal consequences

  • severe disruption to critical services

  • active threats

  • is widespread

  • is likely to raise public interest

Sensitive information is defined in the UCB Data Classification Standard and includes personally identifiable information that is protected by laws and regulations, as well as confidential research protected by data use agreements, such as:

  • Social security number

  • Credit card number

  • Driver's license number

  • Student records

  • Protected health information (PHI)

  • Human subject research

If you know or suspect that the compromised system contains sensitive data, please take these steps:

  • Do not attempt to investigate or remediate the compromise on your own

  • Instruct any users to stop work on the system immediately

  • Do not power down the machine

  • Remove the system from the network by unplugging the network cable or disconnecting from the wireless network

  • Report the incident using the instructions above

In the case of a serious incident, please be aware that continued interaction with a compromised machine can severely affect later forensic analys