Cyber Security Incident Reporting

Download ASD Protect: Cyber Security Incident Reporting (PDF), January 2018
First published January 2018

Introduction

  1. The Australian Cyber Security Centre (ACSC) is responsible for monitoring and responding to sophisticated cyber threats targeting Australian interests. The ACSC’s Cyber Security Incident Reporting (CSIR) scheme assists with this role.
  2. Reporting cyber security incidents to the ACSC ensures that the ACSC can provide timely assistance tailored to specific incidents. This may be in the form of investigations, analysis and/or remediation advice.

When should I report a cyber security incident?

  1. A cyber security incident is a single or series of unwanted or unexpected events that have a significant probability of compromising an organisation’s business operations. Cyber security incidents can impact the confidentiality, integrity or availability of a system and the information that it stores, processes or communicates.
  2. The types of cyber security incidents that should be reported to the ACSC include:
    1. suspicious system and network activities
    2. compromise of sensitive information
    3. unauthorised access or attempts to access a system
    4. emails with suspicious attachments or links
    5. denial of service attacks
    6. suspected tampering of electronic devices.
  3. The following are examples of suspicious system and network activities:
    1. domain administrator accounts being locked out due to failed authentication attempts
    2. unusual authentication events on remote access systems such as users being logged in from local workstations and a VPN simultaneously or a number of log-in attempts from geographically disparate or overseas locations within a short timeframe
    3. service accounts communicating with internet-based infrastructure.

How do I report a cyber security incident?

  1. Cyber security incidents should be reported to the ACSC via an organisation’s Information Technology Security Adviser (ITSA) or equivalent information security manager.
  2. Organisations are encouraged to submit incident reports via the ACSC website.
  3. Once an incident report is submitted to the ACSC, it is recorded and triaged. At this time the priority and extent of assistance that is necessary to respond to the cyber security incident is determined.

Further information

  1. The Australian Government Information Security Manual (ISM) assists in the protection of information that is processed, stored or communicated by organisations' systems.
  2. The Strategies to Mitigate Cyber Security Incidents complement the advice in the ISM.
  3. Further information on preparing to respond to cyber security incidents can be found in Preparing for and Responding to Cyber Security Incidents.

Contact details

  1. Organisations or individuals with questions regarding this advice can contact the ACSC by emailing asd.assist@defence.gov.au or calling 1300 CYBER1 (1300 292 371).