Incident response

Incident Triage

All reported incidents are triaged by the Security Operations Center which has 24/7 occupation. In case of emergency, the Security Operations Center calls the KPN-CERT’s watch service. All reports are rated based on risk, impact and priority and handled accordingly.

Incident Coordination

During the resolution of an incident, several steps may be taken, including:

·         Determining the initial cause of the incident (vulnerability exploited).

·         Facilitating contact with other sites which may be involved.

·         Facilitating contact with law enforcement.

·         Alerting other CERT/CSIRT teams.

·         Composing announcements to users (other parties).

·         Escalation and/or crisis management.

Incident Resolution

KPN-CERT is the main point of contact for resolution coordination of security incidents, enforcing a mitigation strategy and the lead in forensic information investigations.

Proactive Activities

The CERT acts as a proactive organ in gathering risk intelligence and, where necessary, distribution of that intelligence throughout the organization and beyond when applicable.