206 ITU‐T's Technical Reports And Specifications Type of services The portfolio of services that is widely used as the de facto set of CERT/CSIRT services is organized in three categories: Proactive Services: performed before an incident occurs or is detected. Reactive Services: executed when an incident becomes known. Security Quality Management Services: continuously executed in order to ensure incidents can be dealt with. Type of Authority The best approach suggested to build the City CERT/CSIRT is to build it using the Shared Authority model. A CERT/CSIRT Manager need to be nominated to lead the CERT/CSIRT . CERT/CSIRT Manager should available on call on 24/7 basis. CERT/CSIRT Manager is responsible for coordinating all emergencies that can be raised by SOC and by any other department inside the City IT . Initially the CERT/CSIRT team can be virtual, meaning that some resources will be identified in each team involved to be available to join the CERT/CSIRT Manager in case of emergency. If this approach is not totally effective a dedicated team needs to be built to aid the CERT/CSIRT Manager for managing emergencies faster. Mission and scope When CERT/CSIRT are created: The Manager should clearly define a mission statement for CERT/CSIRT. The Mission Statement should clearly define the intentions of CERT/CSIRT including services they will handle and the scope/region which is covered. CERT/CSIRT constituency (scope) could be defined/limited to: Covers the entire City . Is responsible for providing security related solutions to all City employees. In collaboration with SOC is responsible for handling Security infrastructure (like Firewall/IDS, etc.) and Security Breach related security incidents in City services and components.