Services

Proactive services are for the detection and prevention of security attacks before there is an impact on production systems. Information under this category of services is provided by the CSIRT for dissemination to the constituency and the CSIRT's partners to prevent them from being the target of attacks, and protecting their assets.

• Announcements: This comprises, but is not limited to, intrusion alerts, vulnerability warnings and security advisories. Such alerts notify constituents about new developments with the potential for impact on their systems' security, such as newly found vulnerabilities or intruder tools. Announcements enable constituents to safeguard their systems and networks against recently found problems before they can be exploited.
• Technology Watch: Technology Watch identifies emerging developments in technology in terms of their potential impact on security applications as enhancements or threats and provides advice for the development of policies and strategies in response.
• Security Audits / Penetration Test: This is the testing of systems and data using penetration tools, tactics and techniques to test system vulnerabilities and security measures deployed to safeguard information assets.
• Tools Development: Refers to the creation of software and hardware tools for detecting, monitoring, preventing and defending against attacks.
• Intrusion Detection: Technologies that function based on information gathered from individual systems or a network to detect attacks, particularly at the outer perimeter.
• Threat Intelligence Sharing: The sharing of any information that can help an organization recognize, evaluate, detect, and acknowledge cyber threats. Threat information sharing includes the announcements and identifying the indicators of compromise; tactics, techniques, and course of action used by threat actors; Suggested actions to monitor, restrain, or prevent attacks; and the data from the analyses of incidents. Organizations that share cyber threat information can enhance their own security positions as well as those of other organizations.

Reactive services refer to technical support provided following the report of a security incident, including system forensics, malware analysis, root cause analysis and incident mitigation. A core task of the CSIRT following an incident is alerting the constituency about the incident and other threats/attacks such as compromised hosts, malware, vulnerabilities that may cascade over from the initial point of compromise.

• Alerts & Warnings: This service involves spreading information that announces an intruder attack, security vulnerability, intrusion alert, computer virus or hoax and providing any momentary recommended steps for dealing with the resulting problem. The alert, caution or advisory is sent as a response to the occurring problem to notify constituents of the ongoing threat and to provide support for protecting their systems or recovering systems that were affected.
• Incident Handling: This comprises the logistics, communications, coordination and planning functions to resolve an incident. Incident Handling includes preparation, identification of attack, communicating to the constituency, containment of the attack, recovery and analysis.
• Vulnerability Handling: This service comprises the response to the discovery of a vulnerability in the security of enterprise applications, software, devices and networks. This involves identifying, managing and mitigating the vulnerability with the aim of ensuring potential risk factors are minimized.
• Artifact Handling: This service involves the proper identification, collection and management of digital evidence following an incident.

• Technical and Policy Advisory: Providing support to activities related to assessing risk or compliance and improving organisational resilience based on the identified risks. This involves the identification of opportunities and threats relating to the improvement of controls, loss prevention and incident management.
• Business Continuity & Disaster Recovery Planning
• Security Awareness: This service includes working with the constituency, experts, and trusted partners to raise the collective understanding of threats and actions that can be taken to prevent or mitigate the risks posed by these threats. This involves research and information aggregation, awareness materials development, information dissemination and stakeholder outreach.
• Training