Last day to save $500 for SANS San Diego 2013
Are there standardized guidelines or procedures for reporting an incident to law enforcement? If not, what information will I need to have ready to report?

There is no single proper way to report a suspected computer crime. However, many law enforcement agencies make it very easy to report suspected crimes. Some even include on-line reporting forms.

At the federal level, your local FBI or Secret Service field office are your main contact points for computer and network security incidents.

When you report an incident, you should have the following available:

  • Names, location, and purpose of operating systems involved;
  • Names and location of programs accessed;
  • Highest classification of information stored in the systems;
  • Impact (compromise of information or dollar loss).
  • How intrusion access was obtained; how attack was carried out.
  • Status of attack;
  • Steps taken to mitigate or remediate.
  • Other organizations affected.
  • Potential suspects, such as outsiders or current or former employees/contractors
  • Available evidence to assist in the investigation (i.e., logs, physical evidence)

An important part of this process is to develop a relationship with law enforcement prior to an emergency management situation. To develop such relationships, consider joining a local chapter of Infragard (www.infragard.net) or the High Technology Crime Investigation Association (HTCIA at www.htcia.org).

< Previous | Interfacing with Law Enforcement FAQ Home | Next >