Services

Incident Response

GOVCERT.LU is authorised to handle and to address all types of information security incidents - involving both classified and unclassified information - which occur or threaten to occur in the constituency’s networks, systems and services that fall within its mandate.

GOVCERT.LU supports the members of its constituency with a set of reactive and proactive services in the field of ICT security.

GOVCERT.LU coordinates all activities related to incident response within its constituency, and provides support, help, and advice all along the different stages of incident management:

• Incident Triage

  • Investigating whether an incident has indeed occurred.
  • Determining the extent of the incident.

• Incident Coordination

  • Determining the initial cause of the incident (vulnerability exploited).
  • Contact with other sites which may be involved.
  • Encourage contact with the constituency and/or appropriate law enforcement officials, if necessary.
  • Coordinating response to (Distributed) Denial of Service incidents.
  • Send a report to other CSIRTs.
  • If necessary, alert users.

• Incident Resolution

  • Removing vulnerabilities.
  • Safeguarding the security of the system and protecting it against possible side effects of the incident.
  • Evaluating whether certain actions are likely to yield results in proportion to their cost and risk, in particular those actions aimed at an possible prosecution or disciplinary action: collection of evidence after the fact, observation of an incident in progress, setting traps for intruders, etc.
  • Collecting statistics concerning incidents which affect or involve its constituency, thereafter distribute relevant information in the community in order to assist its protection against known attacks.
  • Collecting, preserving, documenting, and analysing evidence from a compromised computer system in order to determine necessary changes to the system and to assist in the reconstruction of events leading up to the incident.