ONSITE • REMOTE • ONLINE • CLOUD

What Is CERT/CSIRT?

One eSecurity's CERT/CSIRT Service offers our clients our knowledge and experience for the establishment or improvement of Computer Security Incident Response Teams (CERT/CSIRT).

Our team will work together with our clients on the definition, integration and evolution of the following five vital CERT/CSIRT components:

  1. Governance
  2. Services
  3. Processes
  4. Technology
  5. People/skills and,
  6. International relationships/recognition.


CERT/CSIRT Services

Our experienced team has been working on the implementation and improvement of CSIRT services for more than 10 years, and actively involved in the evolution of this community until the present FIRST CSIRT Services Framework, the de facto standard.

Both during the definition phase of a new CERT/CSIRT, and during its implementation, it is important to think about the services and the evolution of the team, and the maturity. For that purpose One eSecurity uses the SIM3 (Security Incident Management Maturity Model) as a reference. This model has parameters grouped in 4 categories:

  • O - Organization
  • H - Human
  • T - Tools
  • P - Processes


CERT/CSIRT Projects

Based on One eSecurity experience and international best practices, we usually approach CERT/CSIRT projects in two main phases:

Planning Phase

Definition

  • CSIRT action areas
  • The role of the CERT/CSIRT
  • Stakeholders

Establishment

  • Institutional framework
  • Legal framework

Scope

  • Target community
  • Services
  • Evolution of CERT/CSIRT services

Organization and HR

  • Organizational structures
  • Organization size
  • Roles and responsibilities
  • Organizational structure
  • Size and quantity of resources

Implementation Phase

Human Resources selection

  • Management
  • Operations
  • Research & development
  • Information Technology

Training

  • Cybersecurity
  • Incident Response
  • Forensics
  • Malware analysis

IT facilities and infrastructure

  • CERT/CSIRT facilities
  • CERT/CSIRT network basic design
  • Suggested basic equipment

Operational policies and procedures

  • Mandatory Minimum Policies
  • Other policies


What One eSecurity Offers Over Our Competitors

A Team of leaders in the field of CERT/CSIRT

Our team is formed by experts with 15 years of experience working in several CERT/CSIRT, from different sectors and economies on a leading role. Despite of the CERT/CSIRT experience our team is structured in Emergency Incident Response, Digital Forensics, Cyber Threat Intelligence and Threat Hunting departments that will analyze and investigate any threat detected.

For a CERT/CSIRT it is important to have an experienced team who is comfortable, and confident, on high-pressure situations during an incident. The One eSecurity Emergency Incident Response Team has worked with some of the largest enterprises in the world, and responded to some of the most devastating and high-profile cyber attacks of recent times.

Flexibility

One eSecurity experts have been involved on CERT/CSIRT design and creation process of several teams in different sectors (banking, energy, government, national). This is important as every company, or government, has their own requirements. This service offers our clients the flexibility to integrate with current capacities, and improve them in any part of the world.

Integration

CERT/CSIRT team needs to be integrated on present cybersecurity capabilities including people, processes and tools. Our team has been working on different environments, and based on our experience, we will make sure our processes are integrated with the client's existing processes and infrastructure.

CERT/CSIRT community

One eSecurity experts have been involved in the CERT/CSIRT community for the last 15 years, with strong relationships and contacts worldwide. Based on the experience on all this time, our team can offer a lots of experience in all the CERT/CSIRT communities worldwide, as they have been involved in community building projects at national and international levels.


Emergency Incident Response Threat Hunting Cyber Threat Intelligence
One eSecurity Emergency Incident Response is aimed at clients who need agile response and support when a security incident happens. Our Threat Hunting service combines the analytic capacity of our most experienced experts with the power and automation of our Hunting Framework, offering a continuous and proactive threat search process in both networks and systems. The Cyber Threat Intelligence service by One eSecurity provides (both internally and for clients) knowledge and information on key threats for decision-making and forecasts of risk situations on IT systems and networks.
Learn more Learn more Learn more