JPCERT/CC Recommendations and Status Update (updated March 2012)
Release Date: 25 Jun 2012
2849 Views
Suggested Item | Description | Status | Plan | |
1. | Hire new staff. | More staff are required to expand the capabilities for HKCERT, including development, malware analysis, PR, and extension of incident response capabilities. | Recruited a consultant in 2011 | Will recruit one more staff in 2012/13 to handle smartphone incidents |
2. | Migrate incident response database from Access to more robust solution. | In progress. The new incident database system will be implemented in 2012/13 | ||
3. | Restructure information management. | Move information resources to more flexible means such as web-based systems to allow better reference and analysis. | Will plan re-structuring the information repository and retrieval mechanism | |
4. | Encourage use of Intranet. | Documenting procedures and situational information should also be kept up to date, as well as making it searchable in the Intranet. | Will plan re-structuring the information in the Intranet and encourage information sharing. Will work together with item 3 above. | |
5. | Introduce malware analysis capability. | Malware analysis is a critical function for dealing with modern threats. This type of analysis is also time-intensive and requires specialist knowledge, so additional staff would likely be required. Infrastructure such as a separate malware analysis network would also be required to avoid infecting any operational networks. | A small scale analysis carried out | Will set up a laboratory, training for staff, and recruit additional staff in 2013/14. |
6. | Consider bringing some outsourced services in-house. | Critical or sensitive services are sometimes better to operate internally for reasons of stability, privacy or customizability. | Utilized external resources in some projects, such as the new incident database. Some minor and sensitive work are done in-house | |
7. | Enhance information gathering automation. | A CSIRT thrives on information gathering to know what is happening. By automating this type of collection and detection, a CSIRT can become aware of issues that require their urgent attention. | In progress. A new analysis system is being developed and will be implemented in 2012/13 | |
8. | Further engagement with other sectors. | A CSIRT can greatly improve their relevancy by engaging with various industries to assist them and learn from them. | Worked with web hosting providers and web content providers | Will liaise with Critical Infrastructure and Finance sectors in 2012/13. |
9. | Enhance public profile. | A CSIRT's main asset is its brand name. It should convey a sense of trust to others, and needs to be high profile enough that people know whom they can report information to. | Will work with external professional company to plan on promoting our image and services | |
10. | Investigate future trends. | Technology trends and information security trends tend to change quickly. Some trends at the time of this report are the rise of smartphones, and opportunities for online fraud through social networking sites. | Started to handle smartphone incident | Will work on Cloud Computing and Social Networking Service security issues. |
11. | Monitor online activity in Hong Kong. | Deploying network sensors in ISPs in Hong Kong will allow HKCERT to investigate irregular network activity with a particularly local focus. | Will conduct a study on the implementation of a monitoring mechanism in 2012/13 |
Share with