This course has been created by the German Federal Office for Information Security (BSI) in cooperation with the Deutsche Gesellschaft für internationale Zusammenarbeit (GIZ).
Digital First Responders help to solve IT disruptions and recognize IT security incidents quickly and reliably in order to limit their impact and prevent further damage. They are there to pass on their knowledge to their community and help secure a safe digital future.
Digital First Responders are the first line of defense in IT security. Digital First Responders are not just solving technical problems. They are protecting their communities.
IT problems - whether disruptions or security incidents - vary in scope, severity and impact. It can therefore be useful to have a process that deals with the different stages of a potential IT security incident.
The process in IT incident management goes from identifying the problem to possible recommendations for action through to comprehensive solution support and incident clarification. The process is similar to an accident rescue chain: First aid measures are often carried out by a "First Responder" before an emergency doctor initiates a more detailed examination. At the end of the chain, a team of specialists carry out the operation in a hospital.
To mirror this process, the Federal Office for Information Security (BSI) established the "Digital Rescue Chain" in Germany. It is a chain of different reactive aids that merge seamlessly into one another and are ideally coordinated. In this context, Digital First Responders are the first line of defense in the Digital Rescue Chain.
In order to understand how potential IT incidents are reported, recognized and processed, we will use the Digital Rescue Chain in Germany as an example in this e-learning. The concept of the Digital Rescue Chain comes to life in the organization "Cyber Security Network" (CSN). The members of the CSN, digital first responders, incident practitioners and incident experts help to recognize IT incidents quickly and reliably in order to limit the extent of damage and prevent further damage.
Please note that the process for reporting and processing IT incidents may be organized differently in your country. We recommend that you familiarize yourself with this structure and the responsibilities in your national and working context.
<aside>
The start of the Digital Rescue Chain lies with those affected by an IT incident. Ideally, they can solve their problem themselves by asking colleagues or friends for advice.
</aside>
<aside>
If this does not help, the person affected can contact a Digital First Responder using the CSN contact point (hotline). Digital First Responders provide first-level support by providing first-aid over the phone. They try to assess the case and contribute to the solution with an immediate recommendation for action.
</aside>
<aside>
If the recommendations for action of the Digital First Responder do not work, they will recommend that those affected refer the case to an incident practitioner or incident expert who will analyze the incident in depth.
</aside>
<aside>
If necessary, the incident experts can also support those affected on site following the telephone analysis.
</aside>
<aside>
If the incident practitioner or incident expert realizes that they cannot resolve the incident on their own in a reasonable amount of time, the incident is too complex and the analysis is too extensive for them, they should call in an IT service provider with specialist knowledge.
</aside>