Introduction | Spirit | History | Technology | Human Resource | Formation |
Responding to ongoing events that threaten security
Incident response
Incident response is at the core of CSIRT activities, and supporting incident response is the starting point of our activities. At JPCERT/CC, we study and analyze incident reports and other information provided from around the world each day, mainly to assess incidents related to stakeholders in Japan. We also provide technical assistance and conduct coordination necessary for incident response, with the aim of containing the damage caused by an incident and preventing its recurrence.
What is incident response?
Incident response refers to activities aimed at responding to incidents overall. More specifically, it consists of a diverse range of activities including identifying incidents, collecting necessary information and data, handling emergency situations, determining the extent of impact and cause, coordinating with relevant parties, and recovery.
Incidents we are called on to address also come in many types. From phishing and website defacement to malware infection, DDoS attacks, and targeted attacks, we need to prioritize and respond to various incidents that occur on a daily basis.
For instance, different approaches are required in responding to malware infections in which online banking account information is stolen and in which the malware is specially designed to carry out a targeted attack to steal critical information unique to a specific organization. Similarly, responses vary in dealing with phishing cases in which an organization's brand is misused, in which a phishing site is created on a website administered by an organization, and in which an organization's user is redirected to a phishing site.
Of course, there are no national boundaries in Internet-based incidents, and incident response is rarely completed within a single organization. Accordingly, setting up a point of contact for external communication is also an important point in incident response.
JPCERT/CC's incident response support services
Figure 1: We coordinate between stakeholders in an incident and take measures to thwart attacks and prevent recurrence.
JPCERT/CC serves as a point of contact for incident reports concerning organizations within Japan. In this function, we support incident response work, assess the situation, analyze methods used, and consider and propose recurrence prevention measures.
Based on analysis of incoming incident reports and other matters, if there is a concern that the same types of incidents may occur across a wide area, we issue security alerts and other information to call for action.
When people identify an incident that concerns their own organization or organizations within Japan, they can file an incident report with JPCERT/CC to receive consultation on how to handle the incident or request coordination for solving the problem. At JPCERT/CC, we coordinate not only with related organizations in Japan but also with overseas organizations through our international CSIRT partnerships to help solve problems. We sometimes coordinate with domestic organizations and provide technical assistance based on requests from overseas.
Incidents related to organizations are often recognized only after being contacted by us.
Please refer to this page for the details of incident coordination request.
Introduction | Spirit | History | Technology | Human Resource | Formation |