Ambassadors Cyber Security Forum is Launched Information Security Awareness Campaign

About Us

Useful Links

Media

Reactive services are designed to respond to requests for assistance, reports of incidents from the OmanCERT constituency, and any threats or attacks against OmanCERT systems. Some services may be initiated by viewing and monitoring website URL.

Incident Handling

Incident handling involves receiving, triaging, and responding to requests and reports, and analyzing incidents and events.

  • Provide Incident investigation via log analysis, and tracking or tracing the origins of the intrusion.
  • Provide Incident response support by assisting and guiding the victim(s) of an attack in recovering from an incident via remote access and management, phone, email, fax, or documentation.
  • Provide incident response coordination among parties involved in the incident.

Incident Analysis

Incident analysis is an examination of all available information and supporting evidence or artifacts related to an incident or event

  • Identify the scope of the incident, extent of damage caused by the incident, nature of the incident and available response strategies or workarounds
  • Look at patterns, trends and interrelations or intruder signature
  • Perform tracing or tracking of the origins of an intruder or identifying systems to which the intruder had access.
  • Provide a complete and up to date analysis of what had happened to a specific system.
  • Provide the Offsite / Onsite log analysis if needed

Incident Response Support

OmanCERT team will guide and assist the victim of an attack in recovering from an incident via remote methods: fax, phone, or email.

  • Provide technical assistance in the interpretation of data collected, provide contact information, or relay guidance on mitigation and recovery strategies to the user based on analysed data and information gathered.
  • Provide remote guidance and assistance on mitigation and recovery strategies.

Incident Response Coordination

The CERT team performs coordination among different victims of the attack and all parties involved in providing support to the victim(s).

  • Collect contact information, notify victim(s) or source of attack, collect statistics about number of sites involved and facilitate information exchange.
  • Coordinate with relevant parties that provide IT support to victim, such as Internet Service Providers, and other CSIRTS as needed.
  • Notify and collaborate with the Legal Department, Human Resource or Public Relations and Law Enforcement if necessary.