Computer security incident response teams: are they legally regulated? The Swiss example

Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs) are an integral part of incident handling capabilities and are increasingly demanded by organizations such as critical infrastructures. They can hold many different skills and are of great interest to organizations in terms of cyber security and, more concretely, cyber incident management. This contribution seeks to analyze the extent to which their activity is regulated under Swiss law, considering that private CSIRTs are not regulated in the same way as governmental and national CSIRTs such as the Computer Emergency Response Team of the Swiss government and official national CERT of Switzerland (GovCERT)

Tietoturvahallintajärjestelmän käyttöönotto CERT-organisaatiossa

This thesis is about implementing an ISMS (Information Security Management System) for a CERT (Computer Emergency Response Team). In this thesis the ISMS is based on the ISO 27000 standard family which is an internationally recognized standard developed by the International Organization for Standardization. This thesis will provide a clear guideline on how to implement the ISO 27001 requirements for ISMS in an effective way for a CERT. A CERT is a team that is responsible for being the single point of contact when something goes wrong. A CERT usually handles vulnerability coordination, incident response and other information security related areas. It is very important that the level of information security inside the CERT is at a decent level. The ISO 27001 is a general level standard meant for every organization there is, so it has to be tailored for the use of the target organization. The implementation of the ISMS requires a lot of research and effort if one wants to implement that for a CERT. This thesis provides one way to have the ISMS successfully implemented. However the actual certification is not in the scope of this thesis as it is not often required for a CERT

Development of Cybersecurity Competency and Professional Talent for Cyber Ummah

The world is facing with threats in digital transformation. Cyber threats become trending as reported by my countries. Developed countries like Britain, America, Europe and Japan already prepared countermeasures for various incidents on computer threats since Internet was introduced. They formulated and developed a successful model to produce computer security expert and highly skilled talent at various level diploma, bachelor and professional. University and College established academic program in computer and internet security at bachelor and postgraduate level. Industries at those countries introduced certification program in computer and internet security. Throughout our studies, limited initiatives related to talent development in combating computer security issues including cyber threats. Previous studies showed development of cybersecurity talent in Muslim countries is critical. Malaysia needs 20000 cybersecurity professional in 2025 and only achieved 2500 at present. This study presents our experience in developing cybersecurity competencies and professional talent for OIC-Country. We collaborated virtually with OIC-CERT (OIC Centre for Emergency and Response Team) in knowledge exchange, proposed appropriate competency model and participate in professional certification development. We presented the eight years active involvement with OIC-CERT activities.  All initiatives established by OIC-CERT has produced outstanding impact to OIC Countries. One of the impactful initiatives known GlobalAce, it getting serious attention by many muslim countries. We also get benefit of other programs such as  training for risks analysis, incident management and policy development. Our students be able to participate with Virtual Lecture on Combating Insider Threats, Cyber Threats Drill, and Security Audit. OIC-CERT also introduce the first Industry Journal in Cybersecurity known as OIC-CERT Journal of Cybersecurity.   

Secure and Prepared Newsletter, April 6, 2012, Vol. 8, no. 7

A bi-weekly newsletter for those involved in the fields of homeland security and/or emergency managemen

Semantics for incident identification and resolution reports

In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying (meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-

Constitutional Law: Supreme Court Delineates the Relationship Between the Fourth and Fifth Amendments

In Schmerber v. California the Supreme Court reaffirmed the admissibility of blood test evidence procured without consent of the accused. Rejecting petitioner\u27s fourth and fifth amendment claims, the Court utilized a refined definition of the privilege against self-incrimination in determining the reasonableness of intracorporeal search and seizure. Moreover, the approach taken by the majority arguably presages the demise of the mere evidence rule

Cyber maturity in the Asia-Pacific Region 2014

Summary: To make considered, evidence-based cyber policy judgements in the Asia-Pacific there’s a need for better tools to assess the existing ‘cyber maturity’ of nations in the region. Over the past twelve months the Australian Strategic Policy Institute’s International Cyber Policy Centre has developed a Maturity Metric which provides an assessment of the regional cyber landscape. This measurement encompasses an evaluation of whole-of-government policy and legislative structures, military organisation, business and digital economic strength and levels of cyber social awareness. This information is distilled into an accessible format, using metrics to provide a snapshot by which government, business, and the public alike can garner an understanding of the cyber profile of regional actors