CERT-UA assessment based on the CSIRT ENISA Maturity Model
DOI:
https://doi.org/10.30837/rt.2023.2.213.04Keywords:
CERT-UA, CSIRT, CSIRT ENISA maturity model, maturity assessment, incident responseAbstract
Cybersecurity threats are steadily increasing in today's world, which is characterised by increased openness and integration into the global network. The proliferation of cyber incidents, including hacker attacks, confidential data leaks and information theft, is becoming an extremely pressing issue in this context. Accordingly, the eradication of these threats requires the development of effective methods of responding to cyber incidents. The central theme of this article is to consider the critical importance of assessing and improving the effectiveness of cyber incident response teams. The structure of such a team, including cybersecurity specialists, network engineers, analysts, etc., is aimed at identifying, analysing and overcoming threats in cyberspace. The key aspects of assessing such a team, like abilities, experience, communication skills and level of cooperation, are presented clearly through the prism of the updated ENISA CSIRT Maturity Model. The article uses the Computer Emergency Response Team in Ukraine (CERT-UA), a national team operating under the leadership of the State Service for Special Communications and Information Protection of Ukraine, to illustrate the methods of assessing a cyber incident response team. The assessment of the team, based on the ENISA CSIRT Maturity Model, points to key aspects that determine its effectiveness. The paper provides a clear view of the process of measuring cyber incident response teams through a systematic approach that identifies their strengths and weaknesses. The maturity analysis of the CERT-UA provides recommendations for further development of the team, which can be an important resource for academics, cybersecurity experts and government officials interested in improving the effectiveness of cyber threat response. It highlights the importance of assessing cyber incident response teams to ensure cybersecurity and information protection. Awareness of this issue contributes to continuous improvement and readiness to respond effectively to growing challenges in the modern digital environment.
References
ENISA CSIRT Maturity Framework – Updated and improved, ENISA, Feb. 23, 2022. [Електронний ресурс]. Режим доступу: https://www.enisa.europa.eu/publications/enisa–csirt–maturity–framework.
CERT–UA, cert.gov.ua. [Електронний ресурс]. Режим доступу: https://cert.gov.ua/.
SIM3 : Security Incident Management Maturity Model – Open CSIRT Foundation. Mar. 30, 2015. [Електронний ресурс]. Режим доступу: https://opencsirt.org/csirt–maturity/sim3–and–references/.
ENISA CSIRT maturity assessment model. ENISA, Apr. 30, 2019. [Електронний ресурс]. Режим доступу: https://www.enisa.europa.eu/publications/study–on–csirt–maturity.
ENISA Maturity Evaluation Methodology for CSIRTs. ENISA, Apr. 09, 2019. [Електронний ресурс]. – Режим доступу: https://www.enisa.europa.eu/publications/study–on–csirt–maturity–evaluation–process.
SIM3v2i self–assessment tool. ENISA. [Електронний ресурс]. Режим доступу: https://www.enisa.europa.eu/topics/incident–response/csirt–capabilities/csirt–maturity/sim3–v2i.
FIRST – Improving Security Together. FIRST – Forum of Incident Response and Security Teams. [Електронний ресурс]. Режим доступу: https://www.first.org/.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).