|
|
| |
|
|
When computer
security problems occur, it is critical
for the affected organization to have
a
fast and effective means of responding.
The speed with which the organization
can recognize an incident or attack
and then successfully analyze it and
respond will dramatically limit the
damage done and lower the cost of recovery.
Careful analysis of the nature of the
attack or
incident can lead to the implementation
of effective and widespread preventative
measures and the avoidance of similar
events.This ability to respond quickly
and effectively to a computer security
threat is a critical element in providing
a secure computing environment. |
|
|
|
One
way to provide such a response is through
the establishment of a formal incident response
capability. This response capability can be
in the form of comprehensive policies and
procedures for reporting, analyzing, and responding
to computer security incidents. It can also
be in the form of an established or designated
group that is given the responsibility for
handling computer security events. This type
of group is generally called a Computer Emergency
Response Team (CERT). Focusing a team on incident
handling activities allows them to further
develop expertise in understanding intruder
trends and attacks, along with acquiring knowledge
in incident response methodologies. Depending
on the services provided, the team can be
composed of full-time or part-time staff.
A CERT provides a single point of contact
for reporting computer security incidents
and problems. This enables the team to serve
as a repository for incident information,
a center for incident
analysis, and a coordinator of incident response
across an organization. This coordination
can extend even outside the organization to
include collaboration with other teams, security
experts, and law enforcement agencies. The
team’s relationships with other CSIRTs
and security organizations can facilitate
sharing of response strategies and provide
early alerts to potential problems. As a focal
point for incident information, a CERT can
gather information from across their organization,
gaining insight into threats against the constituency
that might not have been apparent when looking
at individual reports. Based on this information,
they can propose strategies to prevent intruder
activity from escalating or occurring at all.
They also can be a key player in providing
risk data and business intelligence to the
organization, based on the actual incident
data and threat reports received by the CERT.
This information can then be used in any risk
analysis or evaluation.
Steering Committee
1.Policy Guidelines
2.Cooperation among Government Depts
Coordination Centre (mmCERT/CC)
1.1.Day to day operation
2.2.Technical services |
|
|
|
|
|
|
| |
| |
|
|
|
