[CERT-MU]

Computer Emergency Response

Team of Mauritius

Kaleem Usmani

Officer-In-Charge, CERT-MUkusmani@cert-mu.gov.mu

Presentation Outline….

• CERTs in the Region

• Set-up of CERT-MU

• CERT-MU Constituency & Services

• Other Initiatives

• CERT-MU publications

• CERT-MU partners and affiliations

2

2

CERTs in the Region

• tunCERT-Tunisia

• CERT-MU-Mauritius

• ECS-CSIRT-South Africa

• CI-CERT-Ivory Coast

• EG-CERT-Egypt

• CSIRT-Kenya

• CERT-Sudan

• Ghana and Cameroon ( Discussions on-going)

Source: www.africacert.org

3

3

About CERT-MU

CERT-MU was set up by National Computer

Board in May 2008:

– For handling and coordinating information security

issues at the National level.

– For the management of Information Security risks,

such as Information Security breaches and incidents.

4

4

CERT-MU’s Mission

“To provide information and assistance to its

constituents in implementing proactive

measures to reduce the risks of information

security incidents as well as responding to such

incidents when they occur.”

5

5

CERT-MU’s Constituency

CERT-MU

Internet Service

Providers

Academia

ICT Vendors

MediaLaw

Enforcement Agencies

Home Users

International CERTs

- Govt. Sector- Pvt. Sector- Critical infra. providers

6

6

CERT-MU’s Constituency

Government (Public) Sector

▫ Ministries, Para-statal Bodies, Schools/Universities,

Media (TV/Radio), Law enforcement agencies (IT

Police).

Private Sector ▫ Banks, BPO Organisations, Internet Service Provider,

Critical Infrastructure Service Provider, Media (Radio),

ICT Suppliers, Non-ICT Suppliers.

International CERTs▫ CERT-In, JPCERT/CC, US CERT etc…

7

7

CERT-MU’s Services

Information Security Incident Handling and

Management▫ Incident Reporting through the following channels Onsite

Online

Fax

Hotline

▫ Incident Analysis

▫ Incident Response

▫ Incident Coordination

8

8

CERT-MU’s Services (Contd.)

Information Security Incident Handling from the E-

Commerce perspective.

▫ Website Defacement

▫ Phishing attacks

▫ Safe and Secure Transactions

9

9

CERT-MU’s Services (Contd.)

Vulnerability Handling and Management▫ Remote and onsite scanning of Networks

Applications

Devices

Databases

▫ Vulnerability Reporting

▫ Vulnerability Analysis

▫ Vulnerability Response

▫ Vulnerability Coordination

10

10

CERT-MU’s Services (Contd.)

Dissemination of information security news to

organisations and public

▫ Virus Alerts

▫ Vulnerabilities

▫ Advisories

11

11

CERT-MU’s Services (Contd.)

Assistance in the implementation of

Information Security Management System

based on ISO 27001( Target: Para-Public

Organisations)▫ Advice on Risk Assessment

▫ Advice on Policies and Procedures

▫ Advice on selection and implementation of controls

▫ Advice on Internal Audit Process

▫ Advice on Business Continuity Planning

12

12

CERT-MU’s Services (Contd.)

Awareness sessions for organizations on

Information Security issues▫ Capacity Building sessions (Security-related training

programmes for staff and the public)

▫ Technology Update Workshops

▫ Celebration of International Security events such as

Computer Security Day and Safer Internet Day

13

13

CERT-MU’s Services (Contd.)

Third Party Audits

▫ Conduct IT Security Audits for organisations based on

ISO 27001 standards

14

Other Initiatives

Child Online Safety Action Plan

o Dedicated Cyber Security portal

(http://cybersecurity.ncb.mu)

o Sensitisation campaigns in schools and Cyber-

caravans

Anti-Spam Action Plan

o Dedicated website on anti-spam

(www.ncb.mu/anti-spam)

o Sensitisation campaigns in schools

15

15

▫ Security Bulletins

▫ Information Security Guidelines

▫ E-Security Newsletters

▫ Booklets

▫ Brochures

▫ Flyers

www.cert-mu.org.mu

CERT-MU Publications

16

CERT-MU’s Partners and Affiliations

International Organisations:

▫ CERT-IN, JPCERT/CC, Malaysian CERT, US CERT,etc..

▫ International Multilateral Partnership Against CyberThreats (IMPACT)

▫ Anti-Phishing Working Group (APWG), Team Cymru

▫ Symantec, Facebook, Microsoft (Hotmail), Yahoo

Affiliations:

▫ Affiliated with CERT/CC

▫ Affiliation with Forum of Incident Response andSecurity Teams (FIRST) is under progress.

17

18

18

Thank You for your attention…