Page 216 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 216
Type of services
The portfolio of services that is widely used as the de facto set of CERT/CSIRT services is organized
in three categories:
Proactive Services: performed before an incident occurs or is detected.
Reactive Services: executed when an incident becomes known.
Security Quality Management Services: continuously executed in order to ensure incidents can
be dealt with.
Type of Authority
The best approach suggested to build the City CERT/CSIRT is to build it using the Shared Authority
model.
A CERT/CSIRT Manager need to be nominated to lead the CERT/CSIRT .
CERT/CSIRT Manager should available on call on 24/7 basis.
CERT/CSIRT Manager is responsible for coordinating all emergencies that can be raised by SOC
and by any other department inside the City IT .
Initially the CERT/CSIRT team can be virtual, meaning that some resources will be identified in
each team involved to be available to join the CERT/CSIRT Manager in case of emergency.
If this approach is not totally effective a dedicated team needs to be built to aid the CERT/CSIRT
Manager for managing emergencies faster.
Mission and scope
When CERT/CSIRT are created:
The Manager should clearly define a mission statement for CERT/CSIRT.
The Mission Statement should clearly define the intentions of CERT/CSIRT including services they
will handle and the scope/region which is covered.
CERT/CSIRT constituency (scope) could be defined/limited to:
Covers the entire City .
Is responsible for providing security related solutions to all City employees.
In collaboration with SOC is responsible for handling Security infrastructure (like Firewall/IDS,
etc.) and Security Breach related security incidents in City services and components.
206 ITU‐T's Technical Reports And Specifications
