Don't investigate your own security problems

Security incidents on any network as large as the state network are a common occurrence. It is also common to be curious about what happened and to have a desire to start looking into the issue yourself. Please don’t!

Electronic evidence is left behind on your system after a security incident. Our security teams have been trained to gather this evidence in such a way to preserve all the information and to even have it be admissible in court, if necessary. If someone other than the security team starts digging into the data, it is very easy to overwrite logs, files, or just add more evidence which later has to be filtered out as not being part of the attack.

If you are interested in what happened to your machine, ask the security team! We love answering questions and talking about security with all those that are interested!

The first thing to do after finding a security incident is to notify the service desk!