I have an incident. What should I do?

The following documents will help you in the initial stages of an IT security incident.

The Organisational Checklist and Technical Checklist guide you concisely through the first steps in dealing with an IT security incident. The ' Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2' provides extensive details on these steps and is optimised for printing.

You can contact the BSI using the reporting form on the BSI website Melde- und Informationsportal. Please note that the BSI can only provide direct support within the scope of its legal powers.

Do you urgently need support from an IT service provider?

• Details of qualified DDoS mitigation and APT service providers
• and certified IT security service providers

plus information on various topics (DDoS, Emotet, APT, ICS,..) and useful tips are available on our topic pages.

First aid in the event of a serious IT security incident

• Organisational checklist
• Technical checklist
• Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 [First aid in the event of a serious IT security incident] This document serves as an emergency document for IT security officers, CISOs and system administrators of SMEs and smaller authorities in the event of a serious IT security incident. Step by step, we guide you through the most important steps of incident response. It is updated from time to time to incorporate new insights and the latest experience.

Safeguard packages

The following safeguard packages give you a clear overview of the most important measures and can be used as handouts.

Top 12 safeguards against cyber attacks

Maßnahmenkatalog zum Notfallmanagement - Fokus IT-Notfälle - [Safeguard catalogue for emergency management -- Focus on IT emergencies]

to the top