فارسی


Thursday, March 11, 2010
Solutions   »   CERT Setup    

Home
About us
       Company Profile
       Framework & Methodology
       key personnel
       Success Projects
       Events and News
       Partners
       Contacts
Services
       Security Architecture Design
       ISMS Consulting and Auditing
       BCM Consulting
       Application Security Audit
       Managed Security Services
       Penetration Testing
       Service Infrastructure Hardening
       Digital Forensics
       Smart Card Personalization
       Security Training
Solutions
       Data Center Security
       Single Sign-On (SSO)
       CERT Setup
       Smart Card Solutions
       RFID Solutions
Products
       Application Security
          Acunetix
          Profence
       ISMS Tools
          Proteus
          Proteos
       Network Security 
          Tripwire
          Webspy
          Portwell
          Juniper
Recourses
       Articles
       Tools
CERT
Minimize
CERT's Overview

CERTs (Computer Emergency Response Teams) and CSIRTs (Computer Security Incident Response Teams) are essentially the same kind of organization. In this project, we will use the word CSIRT as the general term, indicating all CSIRTs and CSIRT-like organizations. The following abbreviations are commonly used:

  • CERT© or CERT-CC (Computer Emergency Response Team)
  • CSIRT (Computer Security Incident Response Team)
  • IRT (Incident Response Team)
  • IRC (Incident Response Capability)
  • CIRT (Computer Incident Response Team)
  • SERT (Security Emergency Response Team)
Definition of a CSIRT

" A CSIRT is a team that responds to computer security incidents by providing necessary services to solve them or support their resolution, and tries to prevent any computer security incidents within its constituency or responsibility"
CSIRTs primarily focus on the response to ICT related security incidents on behalf of one or more stakeholders. The stakeholder(s) of a CSIRT are its constituency. The constituency should be regarded as the customer base of a CSIRT.
In order to mitigate risks and minimize the number of responses required, most CSIRTs also provide preventive services for their constituency. They issue advisories on vulnerabilities in various systems and on viruses and similar threats.

 

The benefits of having a CSIRT team
  • You have a central coordination point for ICT-security within your organisation.
  • They systematically respond to ICT-incidents and take appropriate steps.
  • They help the constituency to recover quickly and efficiently from security incidents and minimize loss or theft of information and disruption of services.
  • They use information gained during incident handling to better prepare for handling future incidents and to provide ber protection for systems and data.
  • They deal properly with legal issues that may arise during incidents.
  • They Endeavour to exchange knowledge within your constituency.
Types of CSIRTs
  • Small & Medium Enterprises (SME) Sector CSIRT
    • The SME sector CSIRT is responsible for the Small & Medium Enterprises that are unable to set up their own internal CSIRT for various reasons.
  • Academic Sector CSIRT
    • The sphere of responsibility of the academic sector CSIRT covers educational and research institutions. Therefore, the constituency consists of universities, colleges, other schools, research networks or laboratories.
  • Military Sector CSIRT
    • The military sector CSIRT is responsible for the IT-infrastructure necessary for national defence purposes. Its constituency consists primarily of military institutions and may include special administrative institutions linked closely to the military (e.g. Department of Defence, Headquarters, Military Research, Procurement Office, Liaison Office, etc.).
  • IP/CIIP Sector CSIRT
    • The CIP / CIIP sector is of very high interest to every government. Because of this, a specialist CIP / CIIP sector CSIRT already has been established in many countries or plans are in progress to support the creation of a specialist CIP / CIIP sector CSIRT. It is responsible for supporting and securing the IT-infrastructure of important institutions necessary to maintain the daily business and life of the population. Depending on the size or number of those institutions, it might be sensible to define subsets within CIP / CIIP, as for example:
  • Information & Communication
    • Finance
    • Transportation
    • Electricity-, Gas-, Water supply
    • Public Health & Rescue Service
  • Governmental Sector CSIRT
    • The governmental sector CSIRT is responsible for public administration institutions. Depending on each country's specific situation and definition of the public administration the constituency consists of (federal) departments, offices, agencies and perhaps regional administrations or even municipal administrations.
    • Its aim is to support the maintenance of the government's IT-infrastructure and to support the availability of electronic governmental services for the population. Some of the five examples (A-E) already reflect the problem that a sector CSIRT might be a subset of another sector CSIRT and the combinations of some of the sector CSIRTs mentioned before. For example, some countries might have a special and independent military sector CSIRT, others might have a hierarchic structure where the military sector CSIRT is a subset of the governmental sector CSIRT. Other countries are defining combined areas of responsibility for their governmental sector CSIRT in such a way as to include public administration institutions and military institutions. The same might occur with other sectors, especially the CIP / CIIP sector. This development is usually the first step on the way to a national CSIRT.
  • National CSIRT
    • The national CSIRT might also be called a special form of sector CSIRT, as it comprises all sectors and it is expected to be responsible for nearly everything. In the case of computer security incidents, it provides the point of contact for every person and organisation within the country and especially for any person making a request from outside the country, if no other responsible CSIRT is known. Usually the national CSIRT evolves from a sector CSIRT (in most cases the governmental sector CSIRT) as a natural process in consequence of the expanding sphere of responsibility.
  • Commercial CSIRT
    • The commercial CSIRT provides its services to anyone who pays for them. As it has to rely upon this form of funding it also has to follow 'economic rules', it is usually profit-oriented and has to place individual contracts. In particular, the individual contracts with each different member of its constituency sometimes hinder cooperation with other CSIRTs (e.g. the CSIRT is not allowed to share information with a third party).
  • Vendor CSIRT

The vendor CSIRT focuses on vendor-specific products. Its aim is usually to develop and provide solutions, in order to remove vulnerabilities or at least to mitigate

As described in the CERT-CC Handbook, there are many services a CSIRT can offer. It is wise to decide what to deliver to your constituency, and this decision should naturally also be based on their preferences. If you would like more information, please read the document entitled 'Organisation Models for Computer Response Team's (CSIRTs)' from the Carnegie Mellon Software Engineering Institute.

 

( C omputer E mergency R esponse T eam) A group of people in an organization who coordinate their response to breaches of security or other computer emergencies such as breakdowns and disasters. Other similar terms are CSIRT (Computer Security Incident Response Team), CIRT (Computer Incident Response Team) and IRT (Incident Response Team).

 

Service Categories

There are many services that a CSIRT can choose to offer. Each CSIRT is different and provides services based on the mission, purpose, and constituency of the team. Providing an incident handling service is the only prerequisite to be considered a CSIRT.

CSIRT services can be grouped into three categories:

Reactive services . These services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system. Reactive services are the core component of CSIRT work.

Proactive services . These services provide assistance and information to help prepare, protect, and secure constituent systems in anticipation of attacks, problems, or events. Performance of these services will directly reduce the number of incidents in the future.

Security quality management services . These services augment existing and well-established services that are independent of incident handling and traditionally performed by other areas of an organization such as the IT, audit, or training departments. If the CSIRT performs or assists with these services, the CSIRT's point of view and expertise can provide insight to help improve the overall security of the organization and identify risks, threats, and system weaknesses. These services are generally proactive but contribute indirectly to reducing the number of incidents.

The services are listed in the following table and described in detail below:

It should be noted that some services have both a reactive and proactive side. For example, vulnerability handling can be done in response to the discovery of a software vulnerability that is being actively exploited. But it can also be done proactively by reviewing and testing code to determine where vulnerabilities exist, so the problems can be fixed before they are widely known or exploited.

Ashna Secure as a one of the greatest IT security company in Iran can provide a consultant or/and implementation CERT in organizations.

After the identification of requirements, the bellowed procedures needed for implementation of CERT:

     Step 1: Obtain management support
     Step 2: Determine the CSIRT strategic plan
     Step 3: Gather relevant information
     Step 4: Design the CSIRT vision
     Step 5: Communicate the CSIRT vision and operational plan
     Step 6: Begin CSIRT implementation
     Step 7: Announce the operational CSIRT
     Step 8: Evaluate CSIRT effectiveness

Ashna Secure in Design of CSIRT use of the newest technology and standards like ITIL,ISO 27001,ISMS.

  
Privacy Statement  |  Terms Of Use
Copyright 2009 by ASHNA Secure Corporation.