Incident response and Proactive services

CiviCERT will assist NGOs or other forms of civil society organizations in handling the technical and organizational aspects of incidents in connection with other CSIRTs. In particular, CiviCERT will provide assistance or advice with respect to the following aspects of incidents management:

Incident triage

  1. Establish a secure communication channel with the reporter.
  2. Investigating whether indeed an incident occurred.
  3. Determining the extent of the incident.
  4. Help gathering any extra forensic information needed.
  5. Identifying the best partner or skill set needed to address the incident.

Incident coordination

  1. Determining the initial cause of the incident.
  2. Facilitating contact with other organizations that which may be involved/affected.
  3. Providing human readable information for the victims to campaign if needed.
  4. Composing announcements to civil society if applicable.

Incident resolution

  1. Helping to remove the vulnerability.
  2. Helping to secure the system from the effects of the incident.
  3. Identify if the attack is targeted.
  4. Monitor the persistence of the attackers.
  5. Collecting evidence of the incident.
  6. In addition, CiviCERT will collect statistics concerning incidents processed, and will notify the wider community as necessary to assist it in protecting against known attacks.

Proactive services

  1. CiviCERT coordinates and maintains the following services to the extent possible depending on its resources:
  2. Secure training for civil society
  3. Malware analysis
  4. Digital First Aid Kit
  5. Detection and packet analysis of network interference
  6. Legal advice
  7. Information sharing including MISP (Malware Information Sharing Platform)