The EU’s ‘cyber security’ Agency ENISA (the European Network and Information Security Agency) has issued a new guide on good practice, practical information and guidelines for the management of network and information security incidents by Computer Emergency Response Teams (CERTs).
Recent reports of increased cyber attacks in 2010 has made the need for and use of the Agency report on how to fight Cyber attacks even more topical and current. The Good practice guide for incident management focuses on the incident handling process. Incident handling is the core service carried out by most CERTs. This involves the detection and registration of incidents, followed by so called ‘triage’ (classifying, prioritising and assigning incidents), incident resolution, closing and post-analysis.
Other topics covered by the guide include;
- basics of a CERT,
- its mission, constituency and authority,
- organisational framework,
- roles within a CERT,
- internal policies,
- cooperation with external parties,
- outsourcing, and
- how to present the work to the management.
ENISA has advocated that all Member States set up a CERT and the European Commission recently (22/11/2010) proposed the EU’s Internal Security Strategy which included e.g. there should be an establishment of a Computer Emergency Response Teams in every Member States to network across Europe by 2012, and one for the EU-institutions.
The Agency Executive Director Prof. Udo Helmbrecht comments: “This guide is a useful tool to support the Commission’s proposal on 30/09/10 to boost Europe’s defences against cyberattacks.”
The Good practice guide for incident management is a follow-up to the ENISA CERT setting-up guide. This new guide facilitates ENISA’s effort to reinforce the capabilities of national / governmental CERTs, the ‘digital firebrigades’, which are one of the key players in the Critical Information Infrastructure Protection (CIIP) at Member State levels.
The target audience for the guide are the technical staff and management of governmental and other institutions operating a Computer Emergency Response Team (CERT) in order to protect IT infrastructure. Yet, any group or team that handles information or network security incidents can benefit from following this guide.
Read the full report: http://www.enisa.europa.eu/act/cert/support/incident-management