[Bp_certs] Challenges of running a CERT/CSIRT
Adli Wahid
adli at apnic.net
Tue Jul 22 19:57:37 EDT 2014
>Hello everyone!
>
>I think most people would probably agree that have an incident response
>team or capabilities is critical these days for most organisations (or
>countries for that matter). Some organisations require it as part of the
>Enterprise-wide risk management framework or cyber security strategy.
>
>There are some good available resources out there of how to go about
>setting up & running a CERT/CSIRT. One very good example is available
>from ENISA¹s website here:
>
>https://www.enisa.europa.eu/activities/cert
>
>And I think a few other organisations have developed similar guides so
>that it is easy to understand how the organisation can be structured, what
>tools are needed to run the operation and so on. If you know of any other
>sources of reference like the above please let us know.
>
>Establishing a CERT/CSIRT is one thing - running it successfully is
>probably another story. For this Best Practice initiative we are also
>interested in learning the challenges that are faced by CERT/CSIRTs. I
>think Patrick already mentioned that not having clear definition of the
>role can lead to operational problems (lack of trust). Funding is probably
>another one - without which teams are not able to for example acquire
>tools or hire staff (or send them to conferences / training).
>
>Please share your observation on some of other challenges or issues that
>could affect the operation of a CERT/CSIRT. Thanks!
>
>
>Best Regards,
>
>--
>Adli Wahid email: adli at apnic.net
>Security Specialist, APNIC sip: adli at voip.apnic.net
>http://www.apnic.net phone: +61 7 3858 3100
>___________________________________________________________
> * Sent by email to save paper. Print only if necessary.
>
>
More information about the Bp_certs
mailing list