OBJECTIVES

Improve the general effectiveness of the reaction to cyber security incidents in Portugal, facilitating the sharing of relevant information, coordinating mitigation and resolution actions among the multiple entities involved and liaising with the remaining national and international authorities.

SERVICE DESCRIPTION

The complexity and transnationality of a good number of cyber security incidents require an aggregated vision and coordinated action between the various entities involved.

Incident response coordination includes:

• The triage of incident notifications and the technical and forensic analysis thereof;
• The liaison with national and international entities involved;
• The production of recommendations for mitigation and/or resolution of the incident;
• The coordination of the response to incidents may start at the CNCS's initiative, for example in a large-scale incident situation, or be requested through the channels designated for this purpose. In case of need or force majeure, the CNCS coordinates its actions with the other national authorities.

REPORT

You can REPORT the incident to Cyberprotech using the following means:

• Email: csirt@cyberprotech.org

To inform our team in the best possible way, you should try to describe the incident with some information, such as a description of what happened, the start date, the systems and/or people affected, as well as the files and/or URLs compromised.

You must REPORT the incident to CERT.PT using one of the following methods:

• Form on the CNCS website: here.
• Email: cert@cert.pt
  • To share sensitive information, CERT.PT advises the use the PGP (Pretty Good Privacy) key, available here.

FOLLOW

You must FOLLOW THE RECOMMENDATIONS indicated by Cyberprotech professionals. For example, deleting a fraudulent email, changing the password of a compromised account, performing system updates, among other possible actions aimed at the type of cybersecurity incident in question.