| |
The Need for a National CIRT
In addition to government’s other national defence initiatives in protecting the infrastructure from physical security threats and natural disasters, it is also critical to secure the infrastructure against cyber threats. Cyber threats transcend geographical borders and can strike from anywhere in the world.
IMPACT is a strong advocate of CIRT which provide a capability to identify, manage and remediate cyber threats and enhancing cyberspace security in the sovereign country.
Our strong view on this is that this ability must be also be capable of gathering its own intelligence instead of total reliance on secondary reporting of security incidents whether from the CIRT’s constituencies or from other sources.
This framework of synergy of a fully organised and operationalised CIRT model is beginning to be realised and shared by many national governments today in their national information security masterplan or equivalent.
IMPACT proposes to help countries to establish their own National CIRT. The National CIRT shall have:
| • |
A phased implementation plan for setting up the CIRT. |
| • |
Affiliation with other CIRTs and relevant authorities to better serve its constituencies. As an established national CIRT, it would be affiliated with IMPACT and also the Forum of Incident Response and Security Teams (FIRST). |
Collectively, with the integration of best practices and process, experienced people and robust technology, IMPACT believes that National CIRTS can play the role of maintaining round-the-clock vigilance to defend critical national infrastructure/assets against cyber attacks, and also serve as a critical cyber-nerve centre in analysing threat information; which can extend towards alerting private sector agencies pre-emptively in enhancing their security awareness, assist in remediation of identified vulnerabilities, and improving overall security posture. |
|
The Aim of IMPACT CIRT Lite
We see this project as an opportunity to give and to help the CIRT community to mature and grow. Moreover we would like to help to start up CIRTS with a very practical 'how-to' on setting up a CIRT. To assist countries in developing and implementing policies, processes and procedures that will meet the unique requirements of individual CIRT’s, IMPACT will provide templates of polices, process and procedures that can be modified or altered by the participating parties in the following areas:
| • |
Authority and Governance |
| |
| • |
Policy template on national CIRT authority |
| • |
Describes the CIRT, role of CIRT, reporting structure of CIRT |
|
| • |
Role and Responsibilities |
| |
| • |
Policy template on CIRT framework and structure |
| • |
Define the CIRT tasks |
|
| • |
Workflow |
| |
| • |
Template on processes utilized by CIRT |
| • |
Checklist for incident responders |
|
| • |
Equipment (Hardware/Software) Utilization |
| |
| • |
Process template on equipment requirements and usage |
|
| • |
Digital Evidence Identification, Collection and Preservation |
| |
| • |
Process template on the acquisition and secure storage of digital information |
| • |
Quality assurance |
|
| • |
Reporting |
| |
| • |
Process template on reporting protocols |
| • |
Criteria matrix for management |
|
For more information, please contact:
|
|
