[Bp_certs] About types of CERTs
Mirosław Maj
miroslaw.maj at cybsecurity.org
Thu Jul 24 09:17:02 EDT 2014
>> Given that certain products are to be delivered, the cert need
>> information. Only if the cert manage to gain trust (that they will
>> deliver whatever they are to deliver) external parties (peers) will
>> start to give them information.
>>
>> So, to conclude:
>>
>> 1. Define what the cert role in the community is
>>
>> 2. Define what services / products the cert produce
>>
>> 3. Convince peers (2) is doable
>>
>> 4. Deliver (1) and (2)
>>
>> 5. Get data that make delivery easier
>>
>> 6. By doing (4) gain more trust, and get more data (5), and continue a
>> positive continuation
All good points IMO.
Also it is worth to look at and use (maybe with some adjustment) 8 steps
of creating CERT by CERT/CC:
http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm?
Kind Regards
Miroslaw Maj
--
Cybersecurity Foundation
20 Tytoniowa Str
04-228 Warsaw, Poland
tel: +48 22 112 0 800
mobile: +48 608 508 702
e-mail: miroslaw.maj at cybsecurity.org
www: http://www.cybsecurity.org/
>>
>> Forcing people to work with a (national) cert will not work. If people
>> have problems, they will, my view, primarily talk with their vendor and
>> the vendor support mechanism, which often is part of the cert
>> structure.
>>
>> I.e. people talk with "national cert" if it helps them. Not if they are
>> forced to.
>>
>> Patrik
>>
>>
>> _______________________________________________
>> Bp_certs mailing list
>> Bp_certs at intgovforum.org
>> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
More information about the Bp_certs
mailing list