5. Establishment of CERT/CC
… CERT’s three main functions are to provide
• mechanisms for coordinating community response in
emergencies, such as virus attacks or rumors of attacks:
• a coordination point for dealing with information about
vulnerabilities and fixes; and
• a focal point for discussion of proactive security measures,
coordination, and security awareness among Internet users.
…CERT officials recognize the need to establish credibility and
support within the Internet community so that its recommendations
will be acted on...
-- GAO (1998) Computer Security: Virus Highlights Need for Improved Internet Management.
6. Core CERT functions
… CERT’s three main functions are to provide
• mechanisms for coordinating community response in
emergencies, such as virus attacks or rumors of attacks:
• a coordination point for dealing with information about
vulnerabilities and fixes; and
• a focal point for discussion of proactive security measures,
coordination, and security awareness among Internet users.
…CERT officials recognize the need to establish credibility and
support within the Internet community so that its recommendations
will be acted on...
Incident response
Coordination
Information Sharing
…TRUST...
11. • Defined Structure
• Mandate & Terms of Reference
CERT Establishment
…is a team that performs, coordinates, and supports the response to
security incidents that involve sites within a defined constituency
• Operational Capacity
• Establishing Relationships
-- RFC 2350
12. • Defined Structure
• Mandate & Terms of Reference
CERT Establishment
…is a team that performs, coordinates, and supports the response to
security incidents that involve sites within a defined constituency
• Operational Capacity
• Establishing Relationships
-- RFC 2350
13. • Defined Structure
• Mandate & Terms of Reference
CERT Establishment
…is a team that performs, coordinates, and supports the response to
security incidents that involve sites within a defined constituency
• Operational Capacity
• Establishing Relationships
-- RFC 2350
14. • Defined Structure
• Mandate & Terms of Reference
CERT Establishment
…is a team that performs, coordinates, and supports the response to
security incidents that involve sites within a defined constituency
• Operational Capacity
• Establishing Relationships
-- RFC 2350
15. • Defined Structure
• Mandate & Terms of Reference
CERT Establishment
…is a team that performs, coordinates, and supports the response to
security incidents that involve sites within a defined constituency
• Operational Capacity
• Establishing Relationships
-- RFC 2350
16. In brief…
• Incident response is a multistakeholder effort
• CERTs are a part of a wider ecosystem
• Trust is central
• Tailor approach to meet local needs
• Start small with quick wins
• Commit long term, grow with demand/capability
16