Critical infrastructures and other companies with reporting obligations: manage an incident, report, inform, prevent
I have an incident. What should I do?
The following documents will help you in the initial stages of an IT security incident.
The Organisational Checklist and Technical Checklist guide you through the first steps in dealing with an IT security incident. The ' Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2' provides extensive details on these steps and is optimised for printing.
Remember any reporting obligations or make a voluntary report. See also: I must or want to report an incident
Do you urgently need support from an IT service provider?
- Details of qualified DDoS mitigation and APT service providers
- and certified IT security service providers
plus information on various topics (DDoS, Emotet, APT, ICS,..) and useful tips are available on our topic pages.
First aid in the event of a serious IT security incident
Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 [First aid in the event of a serious IT security incident]
This document serves as an emergency document for IT security officers, CISOs and system administrators of SMEs and smaller authorities in the event of a serious IT security incident. Step by step, we guide you through the most important steps of incident response.
It is updated from time to time to incorporate new insights and the latest experience.
Safeguard packages
The following safeguard packages give you a clear overview of the most important measures and can be used as handouts.
The IT emergency card "Verhalten bei IT-Notfällen' [What to do in IT emergencies] is the new information sign, similar to the familiar format "What to do in the event of a fire". It provides employees in organisations with important instructions on how to behave in all kinds of IT emergencies. The measures listed enable organisations to make the right decisions right from the start. The emergency card should be placed in central locations and makes an immediate contribution to security awareness in your organisation.
The overview of the 'TOP 12 Maßnahmen bei Cyber-Angriffen' [Top 12 measures in the event of cyber attacks] provides concise and clear initial impetus and assistance in responding to an IT security incident. It is aimed at IT managers and administrators -- primarily in small and medium-sized enterprises.
The 'Maßnahmenkatalog zum Notfallmanagement' [safeguard catalogue for emergency management] is primarily aimed at managing directors and IT managers in small and medium-sized enterprises -- regardless of the extent of their existing IT expertise. It provides an effective starting point for emergency management. Additional resources and contact options are also highlighted -- in case you need support to manage IT emergencies.