Computer security incident response teams: are they legally regulated? The Swiss example

Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs) are an integral part of incident handling capabilities and are increasingly demanded by organizations such as critical infrastructures. They can hold many different skills and are of great interest to organizations in terms of cyber security and, more concretely, cyber incident management. This contribution seeks to analyze the extent to which their activity is regulated under Swiss law, considering that private CSIRTs are not regulated in the same way as governmental and national CSIRTs such as the Computer Emergency Response Team of the Swiss government and official national CERT of Switzerland (GovCERT)

Tietoturvahallintajärjestelmän käyttöönotto CERT-organisaatiossa

This thesis is about implementing an ISMS (Information Security Management System) for a CERT (Computer Emergency Response Team). In this thesis the ISMS is based on the ISO 27000 standard family which is an internationally recognized standard developed by the International Organization for Standardization. This thesis will provide a clear guideline on how to implement the ISO 27001 requirements for ISMS in an effective way for a CERT. A CERT is a team that is responsible for being the single point of contact when something goes wrong. A CERT usually handles vulnerability coordination, incident response and other information security related areas. It is very important that the level of information security inside the CERT is at a decent level. The ISO 27001 is a general level standard meant for every organization there is, so it has to be tailored for the use of the target organization. The implementation of the ISMS requires a lot of research and effort if one wants to implement that for a CERT. This thesis provides one way to have the ISMS successfully implemented. However the actual certification is not in the scope of this thesis as it is not often required for a CERT

Базові показники ефективності роботи команд реагування на кіберінциденти

The main stages of information security incidents management are responding and investigation. These functions are assigned to specialized teams and centers (such as CERT – Computer Emergency Response Team). The information security level of organization and whole state depends on CERT`s performance. The analysis showed that CERT`s performance assessment is not carried out properly. That’s why in this paper basic performance parameters for cyberincidents response teams – it gives a possibility to assess CERT`s performance during necessary period. The report on these parameters should be performed regularly such as once a week (month, year etc.) to obtain a complete picture of their changes and identify key trends. Using the obtained parameters will enable: to make quick management decisions, evaluate the level of CERT`s specialists, to improve the CERT efficiency, to reduce losses associated with incidents, to improve user productivity, to use staff effectively and others. As well by influencing on the CERT`s specialists actions and their correction can improve information security level of organization and whole state. Further on the basis of these parameters it is planned to develop mathematical models to ensure continuous improvement of the cyberincidents management.Основными этапами управления инцидентами информационной безопасности является реагирование и расследование - эти функции возложены на специализированные команды и центры (типа CERT – Computer Emergency Response Team). От эффективности работы последних зависит уровень информационной безопасности, как отдельной организации, так и государства в целом. Проведенный анализ показал, что оценка производительности работы CERT не проводится должным образом, поэтому в этой статье было введено базовые показатели эффективности работы команд реагирования на киберинциденты - это дало возможность оценивать эффективность работы CERT за необходимый период. Отчет по таким показателям следует проводить регулярно, например, раз в неделю (месяц, год и т.п.), чтобы получить полную картину их изменений и определить основные тенденции. Использование полученных показателей позволит: быстро принимать управленческие решения, оценивать уровень квалификации специалистов CERT, повысить эффективность работы CERT, уменьшить потери связанные с инцидентами, повысить производительность работы пользователей, эффективно использовать персонал и т.д.. Кроме того, путем влияния на действия специалистов CERT и их корректировкой, можно повысить уровень информационной безопасности отдельной организации и государства в целом. В дальнейшем, на основе этих показателей, планируется построить математические модели с целью обеспечения непрерывного улучшения эффективности процесса управления киберинцидентами.Основними етапами управління інцидентами інформаційної безпеки є реагування та розслідування – ці функції покладені на спеціалізовані команди і центри (типу CERT – Computer Emergency Response Team). Від ефективності роботи останніх залежить рівень інформаційної безпеки як окремої організації, так і держави в цілому. Проведений аналіз показав, що оцінювання продуктивності роботи CERT не проводиться належним чином, тому у цій статті було введено базові показники ефективності роботи команд реагування на кіберінциденти – це дало можливість оцінювати ефективність роботи CERT за необхідний період. Звіт за такими показниками варто проводити регулярно, наприклад, раз на тиждень (місяць, рік і т.п.), щоб отримати повну картину їх змін та визначити основні тенденції. Використання отриманих показників дасть можливість: швидко приймати управлінські рішення, оцінювати рівень кваліфікації фахівців CERT, підвищити ефективність роботи CERT, зменшити втрати пов’язані з інцидентами, підвищити продуктивність роботи користувачів, ефективно використовувати персонал тощо. Крім того, шляхом впливу на дії фахівців CERT та їх корегуванням, можна підвищити рівень інформаційної безпеки окремої організації та держави в цілому. У подальшому, на основі цих показників, планується побудувати математичні моделі з метою забезпечення безперервного поліпшення ефективності процесу управління кіберінцидентами

Development of Cybersecurity Competency and Professional Talent for Cyber Ummah

The world is facing with threats in digital transformation. Cyber threats become trending as reported by my countries. Developed countries like Britain, America, Europe and Japan already prepared countermeasures for various incidents on computer threats since Internet was introduced. They formulated and developed a successful model to produce computer security expert and highly skilled talent at various level diploma, bachelor and professional. University and College established academic program in computer and internet security at bachelor and postgraduate level. Industries at those countries introduced certification program in computer and internet security. Throughout our studies, limited initiatives related to talent development in combating computer security issues including cyber threats. Previous studies showed development of cybersecurity talent in Muslim countries is critical. Malaysia needs 20000 cybersecurity professional in 2025 and only achieved 2500 at present. This study presents our experience in developing cybersecurity competencies and professional talent for OIC-Country. We collaborated virtually with OIC-CERT (OIC Centre for Emergency and Response Team) in knowledge exchange, proposed appropriate competency model and participate in professional certification development. We presented the eight years active involvement with OIC-CERT activities.  All initiatives established by OIC-CERT has produced outstanding impact to OIC Countries. One of the impactful initiatives known GlobalAce, it getting serious attention by many muslim countries. We also get benefit of other programs such as  training for risks analysis, incident management and policy development. Our students be able to participate with Virtual Lecture on Combating Insider Threats, Cyber Threats Drill, and Security Audit. OIC-CERT also introduce the first Industry Journal in Cybersecurity known as OIC-CERT Journal of Cybersecurity.   

When Does Internet Denial Trigger the Right of Armed Self-Defense?

Amid a 2007 dispute with Russia, Estonia suffered a series of distributed denial-of-service (DDoS) cyber-attacks that disabled the websites of government ministries, political parties, news outlets, banks, and other firms for several weeks. The attacks employed digital bots to overload Estonia\u27s Internet infrastructure with an overwhelming stream of data packets, which caused serious service and communications disruptions before abruptly coming to a halt. During the initial stages, Estonia\u27s Computer Emergency Response Team (E-CERT) traced the attacks to I.P. addresses belonging to Russian nationalist groups, but was unable to establish direct participation by Moscow. Subsequent evidence suggested, however, that the attacks were tied to the Kremlin

Prerequisites of Virtual Teamwork in Security Operations Centers: Knowledge, Skills, Abilities and Other Characteristics

Cybersecurity is an emerging field of national security where usually the technical aspects of defense take first place. Cyberdefense is heavily relaying on teamwork where members of Computer Emergency Response Team (CERT) or Computer Security Incident Response Team (CSIRT) or Security Operations Center (SOC) teams are often geographically dispersed. In cybersecurity teamwork, computer supported collaboration is crucial as the team functions virtually in many ways. In this paper we present the results of interviews that were conducted with SOC exerts and we summarize the reviewed relevant literature. We have reviewed knowledge, skills, abilities and other characteristics (KSAOs) that make a team of cybersecurity experts capable to perform as virtual teams. These results revealed that to treat the cybersecurity team as a socio-technical system and supporting to cope with challenges of virtual teams helps them to be more effective and enhances employee retention. This perspective may contribute to cyberdefense of both industry and military

The Crime of Interruption of Computer Services to Authorized Users Have You Ever Heard of It?

The interruption of computer services to authorized users, involves a violation of a series of federal and state computer-related crime laws which are designed to protect the authorized users of computer systems.Because most of these laws have only recently been legislated, and since few people have ever actually been charged with such violations, there is very little history or case law in this area. However, as computer-related crimes continue to escalate, these statutes could prove to be a positive force in efforts to catch the electronic criminals of the future. Although there has never been accurate nationwide reporting of computer crime, it is clear from the reports which do exist . . . that computer crime is on the rise. As a matter of fact, between January 1998 and December 1998, the Computer Emergency and Response Team Coordination Center (CERT/CC)received 41,871 e-mail messages and 1,001 hotline calls reporting computer security incidents or requesting information.” In addition, they received 262 vulnerability reports and handled 3,734 computer security incidents, affecting more than 18,990 sites during this same period

PERANCANGAN DAN IMPLEMENTASI SERVER SURVEI MALWARE PADA ORGANISASI ID-CERT (INDONESIA COMPUTER EMERGENCY RESPONSE TEAM)

Berbagai jenis Virus komputer pernah menyerang Indonesia pada bulan September 2006. Dari total 1271 kasus, serangan virus komputer telah mendalangi 461 kasus. Menurut Kaspersky sekitar 52,03% komputer di Indonesia terinfeksi malware. Dari semua laporan tersebut menunjukkan tingginya tingkat penyerangan malware di Indonesia. Namun di Indonesia belum ada penelitian yang dapat membuktikan data yang akurat mengenai penyerangan malware. Untuk mengatasi hal tersebut, dibuatlah penelitian ini bersama organisasi ID-CERT untuk mendapatkan data yang akurat tentang penyerangan/penyebaran malware di Indonesia dengan membangun server pendukung survey malware. Metode yang digunakan adalah pengolahan laporan log yang dikirimkan dari relawan melalui e-mail. Hasil dari penelitian ini adalah untuk melihat jenis malware apa saja yang tersebar di Indonesia

Cyber maturity in the Asia-Pacific Region 2014

Summary: To make considered, evidence-based cyber policy judgements in the Asia-Pacific there’s a need for better tools to assess the existing ‘cyber maturity’ of nations in the region. Over the past twelve months the Australian Strategic Policy Institute’s International Cyber Policy Centre has developed a Maturity Metric which provides an assessment of the regional cyber landscape. This measurement encompasses an evaluation of whole-of-government policy and legislative structures, military organisation, business and digital economic strength and levels of cyber social awareness. This information is distilled into an accessible format, using metrics to provide a snapshot by which government, business, and the public alike can garner an understanding of the cyber profile of regional actors