Saturday December 21, 2024

A Computer Security Incident is an adverse network event in an information system or network or the threat of the occurrence of such an event.

The NCC-CSIRT is the Computer Security Incident Response Team for the Nigerian telecommunications industry, an initiative of the Nigerian Communications Commission (NCC) in line with its mandate from the Nigerian Communications Act 2003.

The NCC-CSIRT serves as a trusted contact point to provide the coordination and necessary support between parties involved in the handling of incidents within the Nigerian telecommunications sector. These parties and stakeholders include the affected organizations, Mobile Network Operators (MNOS), Internet Service Providers (ISPs), Law Enforcement Agencies (LEAs), Ministries, Departments & Agencies of Government (MDAs) and/or other sector CSIRTs.

The NCC-CSIRT shall operate on the basis of call-to-respond; meaning all constituent incident response activities shall be triggered by an Incident Report from the constituency or from the CSIRT member community.

Incident
Reporting

  1. The preferred method of Incident Reporting to the CSIRT are as follows in the order of preference:
    • Email Messages: (for incident reporting only).
    • Web Report Form: Click here.
    • Telephone Line: +234-9-624-4000 (for incident reporting only).
  2. Incident Reports by the constituency shall include a description of the incident or event, using the appropriate categorisation taxonomy (see incident categorization tab), and as much of the following information:
    1. Constituent/Organisation name
    2. CPOC (Constituent Point of Contact) information including name, telephone number and email address
    3. Incident category (Click here)
    4. Incident date and time
    5. Incident details i.e. description
    6. Location and name (IP address) of the system(s) involved in the incident
    7. Method used to identify the incident (i.e. HIDS, NIDS, Audit log, etc.)
    8. Actions done (date, time, and result)
    9. Perceived Impact
    10. Resolution
    11. Criticality of the system (i.e. critical infrastructure, classified systems, etc.)
  3. Cases will be assigned to Incident Handlers who may correspond with the CPOC and/or Reporter to gather more evidence to qualify the case and/or launch further investigations.
  4. The CPOC chooses the initial categorization of the incident that fits best. However, during the identification phase and the triaging process, the categorisation may be changed and/or other categories added, which may lead to the creation of child tickets or splitting of the case ticket.

 

These incidents can be classified into numerous types, including but not limited to;

  • Website Defacement
  • Extortion/Ransomware
  • Malicious Code (Malware)
  • Misuse of Systems
  • Intrusion/Hack
  • Denial of Service
  • Unauthorized Electronic Monitoring
  • Automated scanning tools and probes
  • Denial of Service Attacks
  • Theft of intellectual property