An Autonomous Body Registered Under The Indian Trusts Act. 1882

Incident Response

Indian Cyber Army serves its best in procuring cyber security incident response as it is certified organization that employs professional, ethical and highly technically competent individuals.

Dealing with cyber security incidents – particularly sophisticated cyber security attacks –ICA has developed cyber security incident response capability, which will enable Police, Investigation Agencies, Research Centers, Ethical Hackers, Industry Experts, Government Agencies, Academic Leaders & Individuals to adopt a systematic, structured approach to incident response.

There are many types of information (or IT) security incident that could be classified as a cyber security incident, ranging from serious cyber security attacks on critical national infrastructure and major organized cybercrime, through hacktivism and basic malware attacks, to internal misuse of systems and software malfunction.At one end of the spectrum come basic cyber security incidents, such as minor crime, localized disruption and theft.

At the other end we can see major organized crime, widespread disruption, critical damage to national infrastructure and even warfare. Some of the most common ways in which different types of cyber security incident can be compared are outlined in the table below – but they can vary considerably for any given incident, with many different groups attacking many different targets.

S.No. Topic Basic cyber security incident Sophisticated cyber security attack
 1.  Type of attacker  Small-time criminals   Serious organized crime
 Individuals or groups just ‘having fun’ or   State-sponsored attack
 responding to a challenge   Extremist groups
 Localized, community or individual
 2.  Target of attack  General public   Major corporate organizations
 Private sector   International organizations
 Non-strategic government departments   Governments
  Critical national infrastructure
  National security / defense
 3.  Purpose of attack   Financial gain   Major financial reward
  Limited disruption   Widespread disruption
  Publicity   Discover national secrets
  Vendettas or revenge   Steal intellectual property of national
4.  Capability of attacker   Low skill   Highly skilled professionals
  Limited resource   Extremely well resourced
  Publicly available attack tools   Bespoke tools
  Not well organized   Highly organized
  Local reach   International presence
5.  Response requirements   Restore services   Tailored guidance for specialist industry
  Special monitoring and organization   And specific capabilities
  Some industry information sharing   Implications for government security
  CNI sector-specific industry response


The number of Cyber incidents is increasing rapidly, many of which are being used for corporate espionage or state-sponsored attack. These attacks follow the broad anatomy, but specifically comprise:

1. Intelligence gathering (e.g. conduct detailed research into a target).

2. Initial exploitation (e.g. carry out initial attack and establish foothold).

3. Command and control (e.g. achieve persistent access that can survive a re-boot of the system and move to new systems).

4. Privilege escalation (e.g. gain system administrator rights on target systems).

5. Data infiltration (e.g. gather and remove (or copy) target data).

In the commercial world (and often in governments), even large organizations can have significant difficulty in responding to cyber security incidents, particularly sophisticated cyber security attacks.