Home      Settings 
RSS English Slovensky

Zahraničné zdroje
Nahlásené incidenty
1.1.2019 - 31.12.2019


How to report security incident

You can report a security incident by sending an e-mail to incident (at) csirt.gov.sk. You may add an attachment and use the file File TXT PGP key (6,25 kB) if encryption is necessary (you may use free GNU GPG tool).

For incident reporting the following rules apply:

  • It is necessary to give the correct email address, which will serve as the primary contact.
  • The description of the incident has to be unambiguous.
  • Please indicate as much information as possible for further analysis and proceedings and subsequent processing. Even seemingly useless information may be very useful.

Description of the incident should contain the following:

  • Information about the reporter of the incident:
    • title / position,
    • name of organization, type of organization (government, private, educational, ...),
    • other affected organizations;
  • Information about the incident:
    • start time of the incident (if known),
    • time and way of finding,
    • is this is an ongoing incident? (yes/no/maybe),
    • any known vulnerabilities were abused? (yes/no/maybe),
    • what countermeasures were made,
    • detailed description - description of the course of the incident, what types of attacks have been used, where was the attack coming from, what controls were implemented (firewall, antivirus, ...), were they breached, etc.,
    • regarding spam - please attach the full header and body of the email message,
    • regarding virus - please add affected file to protected ZIP archive and secure it using password „incident“,
    • regarding phishing or pharming - please attach complete URL,
    • regarding network scanning or denial of service (DoS) type of attack - please attach time stamps, time zone, source and destination IP (or MAC) addresses and ports, protocol type (TCP, UDP, ICMP, ...), and samples of captured packets (using Wireshark or other packet analyzer) if possible;
  • Information on affected devices and impacts:
    • type and function of device,
    • IP address, hostname,
    • destination protocol and port,
    • description of hardware,
    • operating system (type, version),
    • affected software or files,
    • is it critical device in terms of business continuity?,
    • is affected device still in use?,
    • contact person responsible for providing access to affected device,
    • o does the device contain nonpublic information?

How to identify the type of incident?