All reported incidents are triaged by the Security Operations Center which has 24/7 occupation. In case of emergency, the Security Operations Center calls the KPN-CERT’s watch service. All reports are rated based on risk, impact and priority and handled accordingly.
During the resolution of an incident, several steps may be taken, including:
· Determining the initial cause of the incident (vulnerability exploited).
· Facilitating contact with other sites which may be involved.
· Facilitating contact with law enforcement.
· Alerting other CERT/CSIRT teams.
· Composing announcements to users (other parties).
· Escalation and/or crisis management.
KPN-CERT is the main point of contact for resolution coordination of security incidents, enforcing a mitigation strategy and the lead in forensic information investigations.
The CERT acts as a proactive organ in gathering risk intelligence and, where necessary, distribution of that intelligence throughout the organization and beyond when applicable.