Incident handling

Education, counselling and support

Posted on 2 August 2017

Similar to an offline terror attack, even when no one suffers physical harm cyber attacks cause immediate anxiety, stress and raised cortisol levels. In the longer term they can instil fear and affect psychological wellbeing, e.g. the disclosure of confidential data can cause significant distress and can affect personal and work relationships. Again, similar to offline terrorism, education and counselling can aid recovery and help individuals to become resilient to cyber threats, but in extreme cases psychological interventions may be necessary.

List of organisations and services

www.victimsupport.org.uk:

If you’ve been affected by crime and would like support, please send us your details and someone from your local victim care team will contact you within three working days. Victim Support will always protect your confidentiality and will not pass on your personal details or any other information that could identify you without your permission, unless we believe you or someone else is at risk of harm.

Local support for each county – victim care team in Dorset on 0300 3030 163

www.actionfraud.police.uk:

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crim.

ECVCU is team of specialist advocates working within the City of London Police that supports people who have fallen victim to fraud and cyber crime, with the aim being to make them feel safer and reduce the possibility of them becoming a repeat victim.

voic.org.uk:

Victims of Internet Crime (mainly dating/image sharing/stalking)

Reporting an Incident

Posted on 29 July 2017

Timeliness and accuracy of information is of paramount importance when reporting an incident. No matter how trivial it may seem, a system “glitch” sometimes could be an indication of a major incident. Even when you think that something could be a minor failure, it always helps to be suspicious and dig a bit deeper. After all, prevention is better than cure.

What to report?

Each organisation has its own priorities, context and focus and this can be reflected into their reporting form. We strongly believe that standardisation in reporting is important as it promotes a better cyber situational awareness since standardisation can act as an enabler of information sharing. As such, we subscribe to Carnegie Mellon University’s standard:

Contact information for reporter:	name, organisation, sector type, e-mail address, telephone number.
Details of affected machine (may be repeated for multiple victims):	hostname and IP address, timezone, purpose or function.
Source of attack (may be repeated for multiple sources):	hostname or IP, timezone, has contact been established?
Estimated cost of incident.
Description of the incident:	including dates, methods of intrusion, intruder tools involved, software versions and patch levels, intruder tool output, details of vulnerabilities exploited, source of attack, or any other relevant information.

Incident handling process

Posted on 28 July 2017

IT Services Incident Handling is based on the process of

Identification: Potential security incidents are investigated by the IT Services Information Security Team
Assessment: When a potential problem has been identified, IT Services will analyse the information provided e.g. speaking with the affected user, AV logs etc. This will determine the likelihood that a security incident has occurred and what level of threat it poses to the BU network.
Contain and Eradicate: The IT Services Teams will work towards containment and eradication e.g. isolation of the affected device. This will prevent harm from spreading further throughout the network
Recovery Process: The nature and effect of the incident will help dictate recovery
Review: This gives the opportunity to learn and if required to modify procedures and operations to mitigate the likelihood of the incident reoccurring.