Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. Topics
  3. Cyber Threats and Advisories
Share:

Incident Detection, Response, and Prevention

Rapid, effective cyber incident detection, response, and prevention is a critical facet of ensuring our national security.

Cyber Threats and Advisories

  • Malware, Phishing, and Ransomware
  • Incident Detection, Response, and Prevention
  • Information Sharing
  • Securing Networks
  • Advanced Persistent Threats

Overview

Cyber incidents are capable of demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Because of this risk, all organizations and even individuals should have clear, executable cyber incident detection, response, and prevention strategies. Cyber attacks are evolving and becoming increasingly complex and hard to detect. By working with all levels of government and the private sector, CISA understands the broad range of cyber vulnerabilities and offers the tools and resources needed to detect, respond to, and prevent cyber incidents accurately and effectively.

CISA’s Role

When cyber incidents occur, CISA provides response efforts to mitigate spread of the attack and secure critical infrastructure components. CISA works in close coordination with other agencies with complementary cyber missions, as well as private sector and other non-federal owners and operators of critical infrastructure, to ensure greater unity of effort and a whole-of-nation response to cyber incidents.

We provide awareness of vulnerabilities, mitigation, and prevention steps to American homes and organizations, and have programs dedicated to helping impacted organizations. We also work to notify relevant stakeholders of elevated risk exposure, conduct incident management operations, provide vulnerability assessments, and directly deploy risk management information, tools, and technical services to mitigate risk, including regulatory enforcement where authorized.

Featured Content

Situational Awareness and Incident Response (SAIR) Program

Obtain products and services that address gaps in the long-term security posture of the federal government using the SAIR program's federal enterprise awareness and incident response capabilities. 

Continuous Diagnostics and Mitigation (CDM) Program

Improve your security posture with CDM program cybersecurity tools, integration services, and dashboards designed to dynamically fortify the cybersecurity of government networks and systems. 

Cyber Hygiene Services

Proactively reduce exposure to threats and mitigate attack vectors with CISA's cyber hygiene services.

CISA Releases Directive on Reducing the Significant Risk of Known Exploited Vulnerabilities

Learn how to use CISA's Known Exploited Vulnerability (KEV) catalog to protect your organization and build a collective resilience across the cybersecurity community.

CISA in Action

Discover how CISA's incident detection, response, and prevention strategies and recommendations help ensure the security of our nation.

View All Cyber Threats and Advisories News

Protecting Against Malicious Code

JUL 14, 2009 | BLOG
What is malicious code? Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.

Protecting Your Privacy

JUL 29, 2009 | BLOG
Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy. This policy should explain how the information will be used and whether or not the information will be distributed to other organizations.

Walk This Way to Enable MFA

MAY 05, 2022 | BLOG
We’re big music fans here at CISA, and today we’re beginning a month-long mission to rock the message that multifactor authentication keeps you more secure! So, join us for MFA May! Whether you call it MFA or 2FA, Walk This Way to learn how simple it is to take an extra step tha

Incident and Vulnerability Response Playbooks

NOV 16, 2021 | PRESS RELEASE
CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks to provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities.
View All Cyber Threats and Advisories News

Incident Detection, Response, and Prevention Training

CISA offers a variety of trainings to help you and your organization proactively prepare for and rapidly respond to cyber incidents.

View All Cyber Threat and Advisories Training

Strengthen Your Resolve - Understanding DNS Attacks

SEMINAR/WORKSHOP | VIRTUAL/ONLINE
We depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors. This webinar provides an organizational perspective and topic overview that may be useful to technical specialists.

Incident Response and Awareness Training

COURSE | VIRTUAL/ONLINE
Awareness webinars are cybersecurity topic overviews for a general audience including managers and business leaders, providing core guidance and best practices to prevent incidents and prepare an effective response if an incident occurs.
Visit FEDTVE

EINSTEIN 3 Accelerated Capability Training

SEMINAR/WORKSHOP | OTHER
Provides introductory and ongoing training and mentoring on the EINSTEIN 3 capability of securing civilian Federal networks

Innovation and Evolution of the CDM Dashboard

COURSE | VIRTUAL/ONLINE
This half-hour video provides an interview with Mr. Kevin Cox on the current state of the CDM program as well as an overview of the new CDM Agency Dashboard Ecosystem.
View All Cyber Threat and Advisories Training

Services

CISA services offer tailored expertise and guidance based on your organization's needs and requirements.

View All Incident Detection, Response, and Prevention Services

Cyber Threat Hunt Assessment

INCREASE YOUR RESILIENCE
Contact: justiceitservices@usdoj.gov
This Assessment provides agencies with the ability to proactively search through networks and systems to identify threats that have already bypassed network defenses and established a foothold.
Foundational

Vulnerability Disclosure Policy (VDP) Platform

INCREASE YOUR RESILIENCE
The VDP Platform enables agencies to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.
Foundational

CISA Vulnerability Scanning

ASSESS YOUR RISK LEVEL
Contact: vulnerability@cisa.dhs.gov
This service evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. It provides weekly vulnerability reports and ad-hoc alerts.
Intermediate

Creation/Maintenance of Security Documentation and/or Procedures

Contact: iss_services@esc.gov
This service includes creating, updating, and/or consultation on information protection processes and procedures, yielding yields the required documentation for a new or continuously monitored system to prepare for a security control assessment.
View All Incident Detection, Response, and Prevention Services

Resources, Tools, and Publications

CISA offers guides, tools, and other resources to support incident detection, response, and prevention.

View All Incident Detection, Response, and Prevention Resources

The KEV Catalog

PUBLICATION
A list of Known Exploited Vulnerabilities.
View Files

Incident Reporting System

EXTERNAL
Report computer security incidents directly to CISA using the incident report form. Complete the fields as accurately as possible to help CISA investigate and mitigate the cyber risks.
https://us-cert.cisa.gov/forms/report

Cyber Incident Detection and Notification Planning Templates for Election Security

PUBLICATION
Incident response and notification templates can be tailored to fit the exact needs of each jurisdiction.
Download File (PDF, 865.9 KB)
View All Incident Detection, Response, and Prevention Resources

Report an Incident

Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include:

  • Attempts to gain unauthorized access to a system or its data
  • Unwanted disruption or denial of service
  • Abuse or misuse of a system or data in violation of policy

The definitions and reporting timeframes can be found in the Federal incident notification guidelines. 

Report an Incident
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback