{"id":989090,"date":"2025-09-20T20:28:37","date_gmt":"2025-09-20T20:28:37","guid":{"rendered":"https:\/\/gpss.ro\/ghid-securitate\/gestionarea-incidentelor-de-securitate-cibernetica\/"},"modified":"2025-09-20T20:28:37","modified_gmt":"2025-09-20T20:28:37","slug":"gestionarea-incidentelor-de-securitate-cibernetica","status":"publish","type":"security_advisory","link":"https:\/\/delve.ro\/ro\/security-guide\/gestionarea-incidentelor-de-securitate-cibernetica\/","title":{"rendered":"Gestionarea incidentelor de securitate cibernetic\u0103"},"content":{"rendered":"

# Gestionarea incidentelor de securitate cibernetic\u0103<\/p>\n

## Ce este un incident de securitate?<\/p>\n

Un incident de securitate este orice eveniment care compromite:
\n– Confiden\u021bialitatea datelor
\n– Integritatea sistemelor
\n– Disponibilitatea serviciilor
\n– Conformitatea cu reglement\u0103rile<\/p>\n

### Exemple de incidente:
\n– Malware\/ransomware detectat
\n– Cont compromis
\n– Data breach\/scurgere de date
\n– Atac DDoS
\n– Phishing reu\u0219it
\n– Acces neautorizat
\n– Pierdere\/furt dispozitiv
\n– Website defacement<\/p>\n

## Plan de r\u0103spuns la incidente – 6 faze<\/p>\n

### 1\ufe0f\u20e3 PREG\u0102TIRE (\u00eenainte de incident)<\/p>\n

#### Echipa de r\u0103spuns:
\n– **Incident Commander** – Coordoneaz\u0103 r\u0103spunsul
\n– **Technical Lead** – Analiz\u0103 tehnic\u0103
\n– **Communications** – Comunicare intern\u0103\/extern\u0103
\n– **Legal\/HR** – Aspecte legale \u0219i personal
\n– **Management** – Decizii strategice<\/p>\n

#### Documenta\u021bie necesar\u0103:
\n– Contact list 24\/7
\n– Proceduri pas-cu-pas
\n– Template-uri comunicare
\n– Forensic tools ready
\n– Backup \u0219i recovery plans<\/p>\n

### 2\ufe0f\u20e3 IDENTIFICARE (detectare \u0219i analiz\u0103)<\/p>\n

#### \u00centreb\u0103ri critice:
\n– **CE** s-a \u00eent\u00e2mplat exact?
\n– **C\u00c2ND** a \u00eenceput incidentul?
\n– **CINE** este afectat?
\n– **UNDE** \u00een infrastructur\u0103?
\n– **CUM** s-a produs?
\n– **DE CE** (root cause)?<\/p>\n

#### Clasificare severitate:<\/p>\n

**\ud83d\udfe2 LOW** – Impact minim
\n– Un utilizator afectat
\n– Date publice
\n– Servicii non-critice<\/p>\n

**\ud83d\udfe1 MEDIUM** – Impact moderat
\n– Departament afectat
\n– Date interne
\n– Servicii importante<\/p>\n

**\ud83d\udd34 HIGH** – Impact major
\n– Organiza\u021bie afectat\u0103
\n– Date confiden\u021biale
\n– Servicii critice<\/p>\n

**\ud83d\udfe3 CRITICAL** – Impact catastrofal
\n– Multiple organiza\u021bii
\n– Date clasificate
\n– Infrastructur\u0103 critic\u0103<\/p>\n

### 3\ufe0f\u20e3 CONTAINMENT (limitare r\u0103sp\u00e2ndire)<\/p>\n

#### Containment imediat:
\n1. Izoleaz\u0103 sistemele afectate
\n2. Blocheaz\u0103 IP\/domenii mali\u021bioase
\n3. Dezactiveaz\u0103 conturi compromise
\n4. Preserv\u0103 evidence pentru forensics
\n5. Implementeaz\u0103 workarounds<\/p>\n

### 4\ufe0f\u20e3 ERADICATION (eliminare amenin\u021bare)<\/p>\n

#### Ac\u021biuni de cur\u0103\u021bare:
\n– \u00cendep\u0103rtare malware complet
\n– \u00cenchidere vulnerabilit\u0103\u021bi
\n– Patch toate sistemele
\n– Update signatures
\n– Reset creden\u021biale
\n– Review access rights<\/p>\n

### 5\ufe0f\u20e3 RECOVERY (restaurare opera\u021biuni)<\/p>\n

#### Restaurare gradual\u0103:
\n**Faza 1: Sisteme critice**
\n– Authentication systems
\n– Email \u0219i comunica\u021bii
\n– Business critical apps<\/p>\n

**Faza 2: Sisteme importante**
\n– File shares
\n– Databases
\n– Internal tools<\/p>\n

**Faza 3: Sisteme secundare**
\n– Development
\n– Testing
\n– Archives<\/p>\n

### 6\ufe0f\u20e3 LESSONS LEARNED (post-incident)<\/p>\n

#### Review meeting (\u00een 48 ore):
\n– Ce a mers bine?
\n– Ce poate fi \u00eembun\u0103t\u0103\u021bit?
\n– Timeline complet
\n– Root cause analysis
\n– Update proceduri
\n– Training needs<\/p>\n

## R\u0103spuns specific pe tip incident<\/p>\n

### \ud83e\udda0 Ransomware<\/p>\n

**R\u0103spuns imediat:**
\n1. Izoleaz\u0103 INSTANT (pull network cable)
\n2. Opre\u0219te spread-ul (shutdown shares)
\n3. Identific\u0103 varianta
\n4. NU PL\u0102TI (\u00een principiu)
\n5. Preserve evidence
\n6. Notific\u0103 autorit\u0103\u021bile<\/p>\n

### \ud83d\udce7 Email Compromise<\/p>\n

**R\u0103spuns imediat:**
\n1. Reset parol\u0103 imediat
\n2. Revoke sessions
\n3. Check forwarding rules
\n4. Review sent items
\n5. Scan pentru alte compromise
\n6. Enable MFA<\/p>\n

### \ud83d\udcb3 Data Breach<\/p>\n

**R\u0103spuns imediat:**
\n1. Stop exfiltrarea
\n2. Identific\u0103 ce date
\n3. Preserve logs
\n4. Legal notification
\n5. Prepare comunicare
\n6. Credit monitoring<\/p>\n

**Obliga\u021bii legale (GDPR):**
\n– 72 ore notificare autorit\u0103\u021bi
\n– Notificare persoane afectate
\n– Documentare complet\u0103
\n– Remediation plan<\/p>\n

## Comunicare \u00een timpul crizei<\/p>\n

### \ud83d\udce2 Comunicare intern\u0103<\/p>\n

#### Template alert\u0103 intern\u0103:
\n“`
\nSUBIECT: [SEVERITY] Incident Securitate – [TYPE]<\/p>\n

STATUS: [Contained\/Ongoing]
\nIMPACT: [Sisteme\/Utilizatori afecta\u021bi]
\nAC\u021aIUNI: [Ce facem acum]
\nNECESIT\u0102\u021aI: [Ce avem nevoie]
\nETA: [Estimare rezolvare]
\nCONTACT: [Incident Commander]
\n“`<\/p>\n

## Contacte utile Rom\u00e2nia<\/p>\n

– **CERT-RO**: +40 21 317 48 75
\n– **DNSC**: contact@dnsc.ro
\n– **Poli\u021bia Rom\u00e2n\u0103**: 112
\n– **ANSPDCP** (GDPR): +40 318 059 211<\/p>\n

## Checklist post-incident<\/p>\n

### Tehnic:
\n– [ ] Toate sistemele curate
\n– [ ] Vulnerabilit\u0103\u021bi remediate
\n– [ ] Monitoring enhanced
\n– [ ] Backups verificate
\n– [ ] Access review complet
\n– [ ] Security tools updated<\/p>\n

### Procedural:
\n– [ ] Incident report complet
\n– [ ] Lessons learned session
\n– [ ] Procedure updates
\n– [ ] Training planificat
\n– [ ] Communication \u00eenchis\u0103
\n– [ ] Legal obligations \u00eendeplinite<\/p>\n","protected":false},"excerpt":{"rendered":"

Ce s\u0103 faci c\u00e2nd suspectezi o bre\u0219\u0103 de securitate sau un atac cibernetic.<\/p>","protected":false},"featured_media":0,"template":"","meta":[],"advisory_audience":[],"advisory_topic":[],"advisory_source":[],"advisory_severity":[],"advisory_region":[],"news_source":[],"class_list":["post-989090","security_advisory","type-security_advisory","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory\/989090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory"}],"about":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/types\/security_advisory"}],"version-history":[{"count":0,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory\/989090\/revisions"}],"wp:attachment":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/media?parent=989090"}],"wp:term":[{"taxonomy":"advisory_audience","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_audience?post=989090"},{"taxonomy":"advisory_topic","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_topic?post=989090"},{"taxonomy":"advisory_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_source?post=989090"},{"taxonomy":"advisory_severity","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_severity?post=989090"},{"taxonomy":"advisory_region","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_region?post=989090"},{"taxonomy":"news_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/news_source?post=989090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}