Cyber attacks that have occurred in recent years have fully confirmed that Cybersecurity is an increasingly complex challenge that represents a priority for all companies both in terms of development and investments.
In this context, CERTs play a central role in the security perimeter of their own company but even more in National Scenarios. Computer and Emergency Response Teams are one of the main protagonists and the first defense line of cybersecurity, identifying, preventing, responding, resolving and struggling any type of IT incident to protect national and corporate interests.
For these reasons, GCSEC has decided to develop a Tool that can contribute, as a self-assessment tool, to assess the Maturity Level of CERTs and services provided to the Constituency to better face these complex tasks.
The tool was developed according to the Capability Maturity Model defined by ENISA (SIM3), which is based on a specific classification in three main levels: Basic, Intermediate or Advanced. The self-assessment is composed of 44 questions divided in 4 fundamental guidelines: Organization, Human, Tool and Processes.
The platform provides a self-assessment, faithful to ENISA’s SIM3 model, for the entire CERT and another 14 surveys for services.
The 14 CERT Services, defined by ENISA, have their own dedicated surveys based on the model and metrics of the Capability Maturity Model implemented by ENISA and customized for each service. After answering CERT and services’ self-assessment, the Tool also offers the “applied maturity” of the CERT. The “applied maturity” is different from ENISA maturity because it considers both the maturity of each individual service and the role played by each of them for the achievement of Constituency’s goals.
The platform is completely customizable. In fact, CERTrating offers the possibility of typing the name of your CERT and Company, its logo, selecting services provided by your CERT assigning the relative weight and creating user accounts specific for each service. You could also modify at any time the completed surveys to constantly update your Maturity level.
The Tool includes a dashboard and specific reports for Top Management that provide a view of the CERT and its services maturity level once you have completing the dedicated surveys. The reporting section offers a graphical view of the maturity level of CERT and its services, the maturity trend over time, the history of all the assessments made for CERT and its services, the average obtained by your CERT compared to others Italian CERTs.
In addition, CERTrating offers advices and actions that have to be taken for your CERT and services to reach the level of maturity immediately following yours and the level of Optimal maturity.