Study on CERTs organizational and operating models

Depending by the internal policies and organizations, strategies, constituency and external factors, CERTs (Computer Emergency Response Team) organizational and operation models can vary from an organization to other. A CERT, for example, can provide only response services or both reactive and proactive services; it could be an unique team with SOC (Security Operation Center) or operate in collaboration with it.

Today, many organizations are trying to figure out how to organize the internal CERT, which services deliver, with what service level agreement, level of reporting and interaction with other functions.

For all these reasons, GCSEC and Deloitte have established a study group that aims to:

•          analyses the current CERTs operating models adopted by the main CERTs with a focus on the organizational structure, services provided, relationship with SOC and other internal stakeholders, capabilities needed

•          provide an overview of the main CERT operating models with benefits and constraints

•          give recommendation for CERT team

The study results will be published on a dedicated report. The target group of the publication are CIO, CISO, security managers, CERT Officer of main national and international organizations.

The study will include results of an international survey articulated around the following groups of questions:

•          Organization / Company profile

•          CERT profile

•          CERT role inside the organization and its interactions

•          CERT staffing, sourcing model and resources

•          CERT technologies and tools

•          Forthcoming priorities, challenges and recommendations

For more information about the study, please send an e-mail to info@gcsec.org.