[Bp_certs] About types of CERTs

Rohana Palliyaguru rohana at cert.gov.lk
Thu Jul 31 01:14:48 EDT 2014 

Dear all,

In this discussion we have considered several key factors when  defining
¨National CERT¨. I tried to summarize them as follows...

1. By means of constituency

The constituency of the National CERT will be Public sector, Private
sector and the general Public. But it does not mean that the ¨National
CERT¨ can resolve all their problems. There can be CERTs targeting
specific constituency (eg: ISPs, Banks etc)

OR

Whose constituency are Networks/organizations/assets of National
importance. which also does not mean that it can resolve all of their
problems.

In this case there may be several National CERTs which will contradict
with 3 below (By means of POC).

2. By means of Product

What CERT is producing? what are their services? who is the constituency
for those services? Whether they are being trusted by their constituency
for their services etc. matters this definition.

In this case also there may be several National CERTs which will
contradict with 3 below (By means of POC).

3. By means of POC

National CERT would be the national POC of that particular country. As
Cristine said

/There is no right or wrong about who hosts a National CSIRT, or which //services it should provide.  Each country will need // to identify what works best in its case, as well as consider other
//issues like services, funding, local internet governance structure and //cultural issues, among other factors that might impact the decision./

The national POC will coordinate with all other CERTs/CSIRTs in that
country to resolve the issues
related to their country whenever required. The very first contact point
for that country may be their National CERT. But it does not mean that
anybody can not contact any other CERT/organization in that country if
they required their help.

The problem here is who define the National CERT (POC) of a particular
country? Is it by then government OR by any other body?

If we can have a combination of the above definitions to define
¨National CERT¨ it would be ideal.


regards,

-- 
Rohana Palliyaguru
Manager Operations & Principal Information Security Engineer
Sri Lanka CERT|CC
Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
Tel : +94 112 691 692      Fax: +94 112 691 064
e-mail: rohana at cert.gov.lk   Website: www.cert.gov.lk 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140731/8f2f8761/attachment.htm>

More information about the Bp_certs mailing list