How to Appropriately Report a Cybersecurity Incident?
In order to appropriately report a security incident, one should first know what a security incident is, or the meaning of a security incident is. A security incident also popularly called as a security breach is an attempt or factual unauthorised, illegal and offensive access to the protected information and data that are stored in a computer or other internet-enabled devices and networks. The cyber attackers either attempt to perform or cause security incidents and use the targeted information and data for their criminal purposes and often disclose or modify or damage or delete the information and data.
The security incidents can be categorised into several broad sections for easy understanding but not limited to the categories such as breach of computer systems, unauthorised and offensive access and use of data, information, and software, illegally bring about changes in the system, software, data and information, data theft, theft or loss of equipment stored in the data, DoS or denial of services etc.In this context, when such security incidents take place or attempts of security incidents are suspected should be appropriately reported within an appropriate time so that the damages can be controlled and recovered at an earliest.
Some of the very important and essential information to incorporate while reporting the security incidents are name of the reporting person, the name of the department where the security incident took place, the email and addresses including the telephone contact number of the victim of security incident, date and time of the security incident, and description of the security incident. The informer can incorporate any other information which may be useful to examine and study the security vulnerabilities of the system.
Before reporting about a security incident, one should determine how serious the security incident is. The seriousness of a certain security incident can be determined based on the level of the sensitivity of the information that is stolen by the hackers andbased on the legal consequences of damages caused by the security incident. The seriousness of the security incident can be also determined by the severity of disruption it caused to critical services of the targeted security incident, based on the active threats and how much public interest the security incident will raise.
Some of the essential steps while reporting a security incident are not attempting to investigate and trying to compromise by the reporter. Similarly, the reporter should also inform all other users to immediately put off the systems and disconnect the affected system from any type of internet connections.