Incident Reporting
Incidents should be reported by the Departmental Security Officer, or equivalent (or an individual authorised by the DSO). In the first instance, contact should be made by telephone (on the above number) where an initial assessment will be made. This should be followed up by completing
the incident report template (doc) and emailing it to:
During office hours (0830-1700) enquiries or incidents will be handled by GovCertUK staff. Outside office hours, at weekends, and on public holidays a duty officer will monitor correspondence and respond to telephone calls, supported by on-call GovCertUK staff.
As much supporting information as possible should be supplied with an incident response template, such as log files, internal/external IP addresses, affected operating systems, software patching policy etc.
Malware samples
If advised by GovCertUK to submit a malware sample, follow this process:
- All samples should be renamed to <original file name>.<original file extension>.txt
- All samples should then be zipped and password protected using a password of 'infected'
- It is recommended to, PGP encrypt the message (and attachments) with the GovCertUK Public Key (text file opens in new window).
- The email subject line should read 'MALWARE SAMPLE'
- Send the message to samples@govcertuk.gov.uk
WARPs
If you are a Public Sector organisation and not a member of a WARP please contact
enquiries@warp.gov.uk and you will be advised if there is an active Public Sector WARP in your area and, if not, assistance can be given in setting up a trial.
To see the current active WARPs, please visit the
WARP directory (external link).