Cyber Incident Handling
The Computer Protection Program tracks all cyber incidents, advises on system clean up, re-authorizes network use, performs forensics on affected systems, and when necessary, provides information about incidents to law enforcement.
If you receive notice that your system has been infected by a virus, or if you have reason to suspect that your system has been successfully attacked in some other way, it is your responsibility to report it. Please see the Guidelines section for more information on what to do if you feel that you are a victim of a cyber incident.
Related Links
Service Announcements
None
Rates/Service Level Agreements
Overhead funded
Policies/Guidelines/Terms of Service
If you learn that your system has been infected, do not turn off your computer. Instead, quit using the machine, quarantine it immediately (leave it on but put a sign on the monitor to warn against further use), and report the incident to your system administrator, your designated technical support person, or the help desk (help@lbl.gov or x4357). That person can evaluate the situation and, if appropriate, report the incident to the "Computer Protection Program Manager" (CPPM) at cppm@lbl.gov.
If you believe a Lab-site computer you are using has been infected and you have not yet been able to contact the appropriate technical support, you can use the Emergency Incident Reporting Form, which will send your report directly to a security engineer via pager, as well as to the CPPM.
FAQ
None
Contact
IT Help Desk or CPP at cppm@lbl.gov
IT Help Desk
For technical support, please call the IT Help Desk at 486-4357 or go to the IT Help Desk Web site.
