Upload
others
View
35
Download
0
Embed Size (px)
Citation preview
[CERT-MU]
Computer Emergency Response
Team of Mauritius
Kaleem Usmani
Officer-In-Charge, [email protected]
Presentation Outline….
• CERTs in the Region
• Set-up of CERT-MU
• CERT-MU Constituency & Services
• Other Initiatives
• CERT-MU publications
• CERT-MU partners and affiliations
2
2
CERTs in the Region
• tunCERT-Tunisia
• CERT-MU-Mauritius
• ECS-CSIRT-South Africa
• CI-CERT-Ivory Coast
• EG-CERT-Egypt
• CSIRT-Kenya
• CERT-Sudan
• Ghana and Cameroon ( Discussions on-going)
Source: www.africacert.org
3
3
About CERT-MU
CERT-MU was set up by National Computer
Board in May 2008:
– For handling and coordinating information security
issues at the National level.
– For the management of Information Security risks,
such as Information Security breaches and incidents.
4
4
CERT-MU’s Mission
“To provide information and assistance to its
constituents in implementing proactive
measures to reduce the risks of information
security incidents as well as responding to such
incidents when they occur.”
5
5
CERT-MU’s Constituency
CERT-MU
Internet Service
Providers
Academia
ICT Vendors
MediaLaw
Enforcement Agencies
Home Users
International CERTs
- Govt. Sector- Pvt. Sector- Critical infra. providers
6
6
CERT-MU’s Constituency
Government (Public) Sector
▫ Ministries, Para-statal Bodies, Schools/Universities,
Media (TV/Radio), Law enforcement agencies (IT
Police).
Private Sector ▫ Banks, BPO Organisations, Internet Service Provider,
Critical Infrastructure Service Provider, Media (Radio),
ICT Suppliers, Non-ICT Suppliers.
International CERTs▫ CERT-In, JPCERT/CC, US CERT etc…
7
7
CERT-MU’s Services
Information Security Incident Handling and
Management▫ Incident Reporting through the following channels Onsite
Online
Fax
Hotline
▫ Incident Analysis
▫ Incident Response
▫ Incident Coordination
8
8
CERT-MU’s Services (Contd.)
Information Security Incident Handling from the E-
Commerce perspective.
▫ Website Defacement
▫ Phishing attacks
▫ Safe and Secure Transactions
9
9
CERT-MU’s Services (Contd.)
Vulnerability Handling and Management▫ Remote and onsite scanning of Networks
Applications
Devices
Databases
▫ Vulnerability Reporting
▫ Vulnerability Analysis
▫ Vulnerability Response
▫ Vulnerability Coordination
10
10
CERT-MU’s Services (Contd.)
Dissemination of information security news to
organisations and public
▫ Virus Alerts
▫ Vulnerabilities
▫ Advisories
11
11
CERT-MU’s Services (Contd.)
Assistance in the implementation of
Information Security Management System
based on ISO 27001( Target: Para-Public
Organisations)▫ Advice on Risk Assessment
▫ Advice on Policies and Procedures
▫ Advice on selection and implementation of controls
▫ Advice on Internal Audit Process
▫ Advice on Business Continuity Planning
12
12
CERT-MU’s Services (Contd.)
Awareness sessions for organizations on
Information Security issues▫ Capacity Building sessions (Security-related training
programmes for staff and the public)
▫ Technology Update Workshops
▫ Celebration of International Security events such as
Computer Security Day and Safer Internet Day
13
13
CERT-MU’s Services (Contd.)
Third Party Audits
▫ Conduct IT Security Audits for organisations based on
ISO 27001 standards
14
Other Initiatives
Child Online Safety Action Plan
o Dedicated Cyber Security portal
(http://cybersecurity.ncb.mu)
o Sensitisation campaigns in schools and Cyber-
caravans
Anti-Spam Action Plan
o Dedicated website on anti-spam
(www.ncb.mu/anti-spam)
o Sensitisation campaigns in schools
15
15
▫ Security Bulletins
▫ Information Security Guidelines
▫ E-Security Newsletters
▫ Booklets
▫ Brochures
▫ Flyers
www.cert-mu.org.mu
CERT-MU Publications
16
CERT-MU’s Partners and Affiliations
International Organisations:
▫ CERT-IN, JPCERT/CC, Malaysian CERT, US CERT,etc..
▫ International Multilateral Partnership Against CyberThreats (IMPACT)
▫ Anti-Phishing Working Group (APWG), Team Cymru
▫ Symantec, Facebook, Microsoft (Hotmail), Yahoo
Affiliations:
▫ Affiliated with CERT/CC
▫ Affiliation with Forum of Incident Response andSecurity Teams (FIRST) is under progress.
17