भाग 13.3: Incident Reporting | CCL मॉड्यूल 13 | साइबर लॉ अकादमी

13.3.1 Reportable Incidents

CERT-In Directions में 20+ प्रकार के Cyber Security Incidents को Report करना अनिवार्य है।

Incident Categories

S.No.	Incident Type	Description (Hindi)
1	Targeted Scanning	Critical/Network Systems का लक्षित Scanning
2	Compromise of Critical Systems	Critical Systems का Compromise होना
3	Unauthorized Access	IT Systems में अनधिकृत पहुंच
4	Website Defacement	Website का Defacement
5	Malicious Code Attacks	Malware, Ransomware, Spyware आदि
6	Attacks on Servers/Applications	Server और Application पर हमला
7	Identity Theft/Phishing	पहचान चोरी, Spoofing, Phishing
8	DoS/DDoS Attacks	Denial of Service हमले
9	Attacks on Critical Infrastructure	CII पर हमले
10	Data Breach	Data Leak या Breach
11	Data Leak	Personal/Sensitive Data का Leak
12	Attacks on IoT/OT	IoT, SCADA, OT Systems पर हमले
13	Unauthorized Crypto Mining	अनधिकृत Cryptocurrency Mining
14	Attacks affecting e-Governance	e-Governance Services पर प्रभाव
15	Supply Chain Attacks	Supply Chain पर हमले
16	Fake Mobile Apps	Fake Mobile Applications

13.3.2 Reporting Timeline - 6 Hours

6 Hour Rule

Starting Point: जब Incident का Notice हो (Noticing the Incident)
Deadline: Notice होने के 6 घंटे के भीतर Report
Mode: Email, Phone, या CERT-In Portal
Follow-up: Additional Information बाद में दे सकते हैं

Notice vs Occurrence

6 घंटे की गिनती Incident Notice होने से शुरू होती है, न कि Incident Occur होने से। यानी जब आपको पता चले कि Incident हुई है, उसके 6 घंटे के भीतर Report करें।

Global Comparison

Jurisdiction	Reporting Timeline
India (CERT-In)	6 Hours
EU (GDPR)	72 Hours
USA (Various)	24-72 Hours
Singapore	72 Hours

13.3.3 Reporting Format

Report में आवश्यक जानकारी

Organization Details: Name, Address, POC
Incident Details: Type, Date/Time, Description
Affected Systems: IPs, Hostnames, Services
Impact: Severity, Affected Users/Data
Initial Actions: Containment Steps Taken

Reporting Channels

Email: incident@cert-in.org.in
Phone: 1800-11-4949 (Toll Free)
Portal: CERT-In Online Reporting Portal
Fax: +91-11-24368546

Best Practice

Initial Report में जितनी जानकारी उपलब्ध हो दें। Additional Details बाद में Follow-up Report में दे सकते हैं। Delay न करें।

13.3.4 Mandatory Information

Initial Report में

Organization: Name, Sector, Size
Contact: POC Name, Phone, Email
Incident Type: Category (Annexure I से)
Date/Time: When Noticed (IST)
Brief Description: क्या हुआ
Affected Systems: IP Addresses, System Names

Follow-up Report में

Root Cause: Incident का कारण
Impact Assessment: पूर्ण Impact
Remediation: Actions Taken
Evidence: Logs, Artifacts
Lessons Learned: Prevention Steps

13.3.5 Internal Incident Response Process

Recommended Steps

Step 1 - Detection: Incident की पहचान (Automated या Manual)
Step 2 - Triage: Incident को Classify करें (Reportable है?)
Step 3 - Escalation: Internal Teams को Inform करें
Step 4 - Report: 6 घंटे के भीतर CERT-In को Report
Step 5 - Contain: Further Damage रोकें
Step 6 - Investigate: Root Cause Analysis
Step 7 - Recover: Systems को Restore करें
Step 8 - Follow-up: Additional Reports भेजें

Incident Response Team

Organization में एक Dedicated Team होनी चाहिए:

Incident Response Lead
Technical Team (IT/Security)
Legal/Compliance
Communications/PR
Management Representative

13.3.6 Documentation Requirements

क्या Document करें?

Timeline: सभी Events की Detailed Timeline
Evidence: Logs, Screenshots, Malware Samples
Actions: सभी Actions Taken
Communications: Internal और External Communications
Decisions: Key Decisions और Rationale

Legal Importance

Documentation भविष्य में Legal Proceedings, Insurance Claims, और Compliance Audits में महत्वपूर्ण है। सब कुछ Document करें।

मुख्य बिंदु (Key Takeaways)

20+ Incidents: Directions में Listed Incidents Report करने होंगे
6 Hours: Notice होने के 6 घंटे के भीतर Report
Email: incident@cert-in.org.in
Initial Report: जितनी जानकारी हो दें, Follow-up बाद में
Documentation: सब कुछ Document करें
IR Team: Dedicated Incident Response Team रखें