Page 218 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 218
Determining the appropriate actions to detect and remove artifacts from a system,
as well as actions to prevent future similar issues (this may involve creating
signatures that can be added to antivirus software or IDS).
Coordination and sharing the information collected with other CERT/CSIRT, similar
security organization as well as vendors.
Incident Handing
CERT/CSIRT responsibilities includes:
Management of emergencies at City ICT.
Coordination between all the team involved.
The coordination work may involve collecting contact information, notifying subjects of
their potential involvement (as victim or source of an attack), collecting statistics about the
number of subjects involved, and facilitating information exchange and analysis. Part of the
coordination work may involve notification and collaboration with legal department,
human resources and/or public relations departments.
It would also include coordination with law enforcement.
Announcements and Technology watch
CERT/CSIRT responsibilities includes monitor of:
New technical developments, intruder activities, and related trends to help identify
future threats.
Announcements and Technology watch inform constituents about new
developments with medium to long‐term impact, in order to allow proactive
protection to be enable.
The outcome of this service might be some type of announcement, guidelines, or
recommendations focused at more medium to long‐term security issues.
208 ITU‐T's Technical Reports And Specifications
