Funet CERT granted international certificate on the management of computer security incidents
Funet CERT (Funet Computer Emergency Response Team) is now a Trusted Introducer certified Computer Security Incident Response Team (CSIRT). It received the certification on 14 September, 2017 and is the second Finnish CSIRT with this status. Funet CERT coordinates computer security incidents and provides Funet member organisations with services and support in the prevention and combating of information security risks.
There are currently about 30 TI certified CSIRT teams in Europe.
– The certification provides Funet CERT with a solid basis for making its processes even better, using the capability maturity model, which is well known in the sector. The next evaluation of the maturity level will take place three years from now, in connection with the renewal of the certification, explains Ossi Kuosmanen, Funet CERT Team Lead at CSC.
The criteria for the SIM3 maturity model are used in the certification to assess the processes and functions connected with the management of the computer security incidents in the member organisations. The maturity levels of 45 parameters are assessed in four different operational areas and the parameters must at least meet the requirements laid out in the certification.
The areas assessed in the evaluation include organisation and its personnel, tools and processes, which are assessed on the basis of such criteria as service descriptions, personnel resources or the practices applied in the management of computer security incidents. The certification usually takes between six months and one year, depending on the initial state of the organisation.
Funet CERT has been an active player in the TF-CSIRT working group since its establishment. The working group was originally launched under the auspices of GÉANT, a pan-European data network player in the field of research and education (formerly known as TERENA). TF-CSIRT has focused on the development of the work of European computer security incident management groups and this is done through cooperation, regular meetings and confidential sharing of information. Funet CERT officially joined the Trusted Introducer network, which is operated by TF-CSIRT, in April 2002.
Funet CERT Team Lead