Incident management

CERT Australia works with its partners to build resilience to cyber security threats. To complement this proactive approach, we also work with our partners to provide hands-on support when they experience a cyber security incident.

We recommend businesses have a tried and tested incident management plan in place to help limit damage, improve recovery time, and help safeguard your business.

Steps in incident management

  • To provide accurate advice partners can act on, we ensure we have a strong understanding of an organisation’s operating environment, including the information it holds, the architecture and management of its network, applications and users.
  • To help mitigate the effects of an incident, we provide detail around the known tools, tactics, and procedures of malicious actors. With this knowledge, our partners can prioritise the highest value activities.
  • We work closely with our partners to identify and remove the vector of compromise – that is the different ways an attack can be used to compromise systems – and identify the exposure of sensitive information.
  • During significant incidents we coordinate the government’s response with industry and provide an initial point of contact and coordination for threats with an international dimension.