Incident Handling
CERT-MU uses a predefined process for handling of computer security related incidents.
The incident handling process has several phases. The initial phase involves establishing and training an incident response team, and acquiring the necessary tools and resources. During preparation, the organisation also attempts to limit the number of incidents that will occur by selecting and implementing a set of controls based on the results of risk assessments. However, residual risk will inevitably persist after controls are implemented.
Detection of security breaches is thus necessary to alert the organisation whenever incidents occur. In keeping with the severity of the incident, the organisation can mitigate the impact of the incident by containing it and ultimately recovering from it. During this phase, activity often cycles back to detection and analysis, for example, to see if additional hosts are infected by malware while eradicating a malware incident.
After the incident is adequately handled, the organisation issues a report that details the cause and cost of the incident and the steps the organisation should take to prevent future incidents.
To report an incident, please go on the MAUCORS website