Full form of CERT – Computer Emergency Response Team.
CERT is a team of expert people who handles computer security incidents.
The group is responsible for the protection against, detection of and response to an organization’s cyber security Incidents. The team also conducts awareness campaigns and engage in research aimed at improving security systems.
Alternatively CERT is also called with the names – Computer Emergency Readiness Team, Computer Security Incident Response Team
Objectives of CERT :
* Manages the centralised reporting of incidents
* Conducts training and raising user’s security awareness
* Providinh a clearing house for relevant computer security information;
* Promoting computer security policies within a constituency
* Developing and distributing software tools to the constituency
* Encouraging vendors to respond to product related problems
* Providing liaisons to legal and criminal investigative groups
There are different types of response teams, according to constituency or mission:
1) National Incident Response Team
2) Organizational Incident Response Team
3) Multi-Organisational Incident Response Team
4) Sectorial Incident Response Team
5) Regional Incident Response Team
Services provided by CERT:
1) Reactive services – alerts and warnings, incident, vulnerability and artifacts handling.
2) Proactive services – announcement, technology watch, development of security tools, security audits or assessments, etc
3) Security Quality Management services – risk analysis, security consulting, awareness building, product evaluation or certification.
Respondent of Incident Response Team are as follows:
-Law Enforcement Agencies
-Internet Service Providers
-Customers and media
Whenever a cyber attack or any type of security breach happens, there must be a process which can handle damage and limiting it, time and cost to be reduced. That approach is known as incident response.
Response steps when a security event takes place :
~ Preparation – Under this planning is done, policies are established, communication guidelines are defined, conducting cyber hunting exercises, etc.
~Detection and analysis – This step focuses on four phases which are – monitor, detect, alert and report
~Containment eradication and discovery– After the system is restored and security is verified, threats are identified, infected devices are wiped and the system is rebuild.
~Post incident activity- After the incident gets resolved, the information which provided solution to the incident document that.
In India also, these team operates as the national agency since January 2004, known as Indian Computer Emergency Response Team. The office is within the Ministry of Electronics and Information Technology.
The various functions performed by CERT-In are as follows:
~First of all information on cyber incidents is collected and then analysed
~It also forecasts and warns about cyber security incidents
~Takes Emergency measures to handle such incidents
~The activities related are well coordinated
~Issuing guidelines so as to prevent from cyber incidents
~Creating awareness about how to respond and report if cyber incidents occurs
~Operates on 24×7 basis
Related Acts and Regulations:
The Indian Computer Emergency Response Team (CERT-In) operates under the auspices of,and with authority delegated by the Department of Electronics and Information Technology, Ministry of Communications and Information Technology, Government of India, vide notification published in part 2nd, section 3 ,subsection 2nd of Gazette of India, Extraordinary dated 27th October, 2009.
Computer Security incidents can be reported to CERT-In by all the users and system administrators of Indian Cyber Community.
Report to such incidents can be done by filling up the form on CERT-In website, electronic mail, telephone hotline or by fax.
CERT serves a great source of security information that affects a large group of people and organizations. CERT provides the security research community with a useful framework. It is designated for addressing Internet threats so that the IT community could coordinate a response .This ability to respond to and compensate for the multiple sources of potential security incidents is vitally important to any organization. From the smallest to the largest organization, Computer Emergency Response Team(CERT) is valuable, necessary and in many case, the highest priority for safety and security of all people involved. Responding to cyber security incidents requires dedication to proper procedures and attention to great detail which often yields great satisfaction.
By – Sangeeta Khichi