[Bp_certs] Launch - IGF Best Practices - CERTS

Wed Jul 2 07:56:52 EDT 2014

1+ Niel   but if we think national CERT then initial thinking would be
government owned CERT because they have acceptance and rights to all
stakeholder .

Regards //  Jahangir Hossain | Bangladesh
                  http://bd.linkedin.com/in/jrjahangir

On Wed, Jul 2, 2014 at 5:13 PM, Niel Harper <harper at isoc.org> wrote:

> Hello Asama,
>
> There are many types of CERTs which are in operation across the world.
> There are private sector CERTs that respond to cybersecurity incidents that
> within small, medium and large enterprises, and provide a range of services
> to resolve said issues. There are also academic CERTs that are generally
> comprised of universities, colleges, other schools, and NRENs. Commercial
> CERTs provide their services to anyone who is willing to pay for them. This
> is by no means an exhaustive list, but just to demonstrate the range and
> diversity of CERTs.
>
> The national CERT comprises all sectors,  and in the case of computer
> security incidents, it serves as the overall point of contact for every
> person and organization within the country and particularly for those
> making formal requests from outside of the country. It coordinates the
> relationships with other CERTs in the country, and facilitates the exchange
> of information and best practices to augment the overall national response
> to cybersecurity incidents.
>
> The term "eligibility" doesn't necessarily apply, because a national CERT
> should be willing to work with any other legitimate CERT, and this
> legitimacy will come from the CERT's constituency who accepts its authority
> and responsibility for addressing and resolving cybersecurity incidents
> within that specific domain.
>
> Hope this helps.
>
> Regards,
>
> -----------------------------
> Niel Harper
> Senior Manager, Next Generation Leaders Programmes
> Internet Society
> 1775 Wiehle Avenue
> Reston, VA
> Email: harper at isoc.org
> Skype: OlokunBB
> http://www.linkedin.com/in/nielharper
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 2 Jul 2014 02:59:54 +0000
> From: Karen Mulberry <mulberry at isoc.org>
> To: excel asama <excelasama at yahoo.fr>
> Cc: "bp_certs at intgovforum.org" <bp_certs at intgovforum.org>
> Subject: Re: [Bp_certs] Launch - IGF Best Practices - CERTS
> Message-ID: <5762D5C8-319D-4417-9679-7EB71D873BC7 at isoc.org>
> Content-Type: text/plain; charset="windows-1252"
>
> Dear Asama,
>
> I am only familiar with national and regional CERTs so that was the
> context in which i provided my thoughts.  I think that the fundamental
> premise that a CERT is built upon is trust.  Trust in its members and in
> the information that is exchanged.  As for other organizations or groups
> such as civil society, yes - I think they too could develop a trust based
> CERT to exchange information and provide risk assessment and support to
> others who are under attack.
>
>
> Karen Mulberry
> Policy Advisor
> Internet Society
> mulberry at isoc.org<mailto:mulberry at isoc.org>
> tel: +1.303.668.8855
> www.isoc.org<http://www.isoc.org>
>
> On Jul 1, 2014, at 5:45 PM, excel asama <excelasama at yahoo.fr<mailto:
> excelasama at yahoo.fr>> wrote:
>
> Hi Karen,
>
> I agree with your proposition. Permit me add that it is also important to
> clarify or define issues at this fundamental stage of our conversation.
> My doubts are related to the words "national" and "regional" CERTs.
> When you talk of national CERTS, are you referring to the government owned
> CERTs?
>
> Can civil society and or private sectors develop acceptable CERTS to this
> alliance?
> What are the eligibility criteria etc.
>
>
> _______________________________
> ASAMA  A. EXCEL
> Netsquared/Techsoup Ambassador-Africa
> Founding President, I-Vission International.
> Box 13040, DOUALA-CAMEROON
> Tel: (+237) 76 14 26 23
> My blog: www.excelasama.wordpress.com<http://www.excelasama.wordpress.com/
> >
> Website:  www.ivission.net<http://www.ivission.net/>
> Photos Album: www.flickr.com/ivission<http://www.flickr.com/ivission>
> Twitter: www.twitter.com/ivission<http://www.twitter.com/ivission>
>
>
> Le Mercredi 2 juillet 2014 1h01, Karen Mulberry <mulberry at isoc.org<mailto:
> mulberry at isoc.org>> a ?crit :
>
>
> Constance,
>
> Thank you for getting the group organized.
>
> I think the best approach to get us started might be to start a discussion
> on the definition of the issue under the ?Establishing and supporting
> Computer Emergency Response Teams (CERTS) for internet security?
>
> We need to identify what it is that we will be framing in a draft outcome
> report for the IGF meeting in September.
>
> Here are some thoughts on CERTs to start the exchange:
>
> - The formation of national and regional CERTS provide an early warning
> system to company?s and users on monitoring and reporting the detection of
> security vulnerabilities and intrusion attempts.
> - The details shared through the CERT by trusted providers assist
> investigators, forensics and law enforcement in dealing with cyber crime
> and in supporting network security responses to threats encountered on the
> Internet
>
> The issue as I see it is that without the secure and trusted information
> exchanged though the CERT, the exchange of encountered data threats, early
> warning notices and support for the risks encountered will not be there for
> networks, ISPs and law enforcement to work together to deal with the threat
> to the Internet and its users.
>
> I would welcome more expert insight on the issue of CERTs and how the
> problem statement should be framed for the work going forward in this group.
>
> Karen Mulberry
> Policy Advisor
> Internet Society
> mulberry at isoc.org<mailto:mulberry at isoc.org>
> tel: +1.303.668.8855
> www.isoc.org<http://www.isoc.org/>
>
> On Jun 30, 2014, at 1:58 PM, Constance Bommelaer <bommelaer at isoc.org
> <mailto:bommelaer at isoc.org>> wrote:
>
>
> Dear colleagues,
>
> Thank you for joining the preparatory process of the IGF Best Practices
> Forum on "Establishing and Supporting CERTS for Internet security ".
>
> I would like to start by introducing the Lead Experts of this process,
> Christine <https://www.linkedin.com/pub/cristine-hoepers/8/b4a/513>
> Hoepers <https://www.linkedin.com/pub/cristine-hoepers/8/b4a/513>
> (General Manager of the Brazilian CERT), Maarten Van Horenbeeck<
> https://www.linkedin.com/profile/view?id=1118895&authType=NAME_SEARCH&authToken=8a7I&locale=en_US&srchid=19223731404158138028&srchindex=1&srchtotal=1&trk=vsrp_people_res_name&trkInfo=VSRPsearchId%3A19223731404158138028%2CVSRPtargetId%3A1118895%2CVSRPcmpt%3Aprimary>
> (Chair of FIRST) and Adli Wahid<
> https://www.linkedin.com/profile/view?id=17789531&authType=NAME_SEARCH&authToken=04BU&locale=en_US&srchid=19223731404158185107&srchindex=1&srchtotal=3&trk=vsrp_people_res_name&trkInfo=VSRPsearchId%3A19223731404158185107%2CVSRPtargetId%3A17789531%2CVSRPcmpt%3Aprimary>
> (member of the FIRST SC).
>
> The Lead Experts, supported by independent consultants, will engage with
> the community in a view to exchanging on existing practices and discussing
> ways to further collaborate. A discussion of unintended consequences, both
> positive and negative, of mistakes that were made and of lessons learned
> will further enrich an understanding of what has been accomplished. The
> means employed to achieve a solution are as important as a learning
> experience as the actual ends achieved (see attachment).
> Between now and beginning of September, the communities will work through
> mailing lists and online virtual meetings.The discussion will be documented
> by independent experts and feed into five 90 minute sessions in Istanbul,
> that will in turn report into a Best Practices wrap up session.  A summary
> booklet/handout on each Best Practice discussions/sessions is also one of
> the intended outcomes to be published after the IGF 2014 meeting.
>
> Immediate asks to all participants:
>
>   *   Respond to the questions attached in the common template for Best
> Practices Forums.
>   *   Send contributions on existing Best Practices, either from the
> public or the private sector, to start documenting the discussion.
>   *   Invite other colleague experts to join this list:
> http://www.intgovforum.org/cms/open-call-to-join-igf-best-practices-forums-preparatory-process
>
> Next Steps:
>
>   *   Lead Experts will conduct the discussions on this list.
>   *   They will also work with the IGF Secretariat to set-up regular
> webinars including all participants.
>
> Best regards,
>
> --
> Constance Bommelaer
> Senior Director, Global Policy Partnerships
> The Internet Society
> www.isoc.org<http://www.isoc.org/>
>
>
>
>
> <BPF-Reporting-Template.docx>_______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org<mailto:Bp_certs at intgovforum.org>
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>
>
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org<mailto:Bp_certs at intgovforum.org>
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mail.intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140702/3069aa13/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>
>
> ------------------------------
>
> End of Bp_certs Digest, Vol 2, Issue 5
> **************************************
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>

--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140702/22c035be/attachment.htm>