CSIRT / CERT Setup

Computer Security Incident Response Team & Center

As dependency on automated Information Systems has grown so has the threat to Confidentiality, Integrity and Availability of data and Information Systems. Government agencies and other large multiple location networked organizations have begun to augment their computer security efforts
because of increased threats to computer security. Incidents involving these threats, including
computer viruses, malicious user activity, and vulnerabilities associated with high technology,
requires a skilled and rapid response before they can cause significant damage. At the core of
these efforts lies an organization's ability to respond to a computer incident quickly and efficiently
so as to prevent / contain the damage.

Our Experience

Network Security Solutions has developed an esoteric expertise and capability in research and
reviewing of new vulnerabilities, exploits, and their solutions keeping in pace with the latest Internet security trends. Coupled with valuable experience of setting up the India's only National level Computer Emergency Response Team (Indian CERT).

What NSS Can Provide

NSS can help conceptualize and setup a Computer Security Incident Response Center (CSIRC) so as to resolve computer security problems in a way that is both efficient and cost-effective. Combined with policies for centralized reporting, SIRC can reduce waste and duplication while providing a better posture against potentially devastating threats.

The CSIRC shall enable the Government/Organisation to cater to computer incidents which may
include one or more or a combination of the following:

• Compromise of integrity, such as when a virus infects a program or the discovery of a serious system vulnerability
• Denial of service, such as when an attacker has disabled a system or a network worm has saturated network bandwidth
• Misuse, such as when an intruder (or insider) makes unauthorized use of an account; Damage, such as when a virus destroys data
• Intrusions, such as when an intruder penetrates system security.

In its broadest sense, a CSIRC effort can be viewed as the involvement of the agency as a whole, organized such that its management structures, communications and reporting mechanisms, and users all work together in reporting, responding to, and resolving computer security incidents quickly and efficiently. However, our experience in establishing a Computer Emergency Response Team has shown that a CSIRC is defined less by its organizational structure than by its centralized, proactive capability to respond to security threats with speed, efficiency, and without duplication of effort and waste of agency resources.

To achieve those objectives:

• Current efforts will most likely require some revamping.
• Policies for centralized reporting and mechanisms for affecting it will need to be setup.
• Personnel with requisite skills & equipment will need to be dedicated to the effort.
• Other changes in the way in which the agency manages computer security will most likely result.

Why NSS?

Knowledge partnership with NSS brings with it an unprecedented resource pool of talent and experience in Security, Information Risk Management, Privacy Protection, Incident Response, Risk Mitigation and Damage Limitation. Our security experts include former National Security Officers, Military and Law Enforcement Officers, and a core team of Certified Information Systems Security Professionals (CISSPs), Certified Information System Auditors (CISAs) and Lead Auditors in Information Security (BS7799). Out of this pool of experts has been selected, a Core team of specialists who setup India's CERT based on Industry best practices, in collaboration with Carnegie Mellon University (US CERT). This NSS team shall fortify the organisation's initiative in creating an effective CSIRC.

If you wish to find out more you can contact us directly.