loader gif

Newly developed CERTrating tool will help evaluate the maturity level of CERTs

bridge,building,gap,organization,success,achieve,assistance,blocks,brainstorming,business,businessmen,businessperson,career,collaboration,company,conceptual,cooperation,coworkers,fingers,group,join,management,mission,partner,partnership,people,plan,problems,process,solution,solving,strategic,strategy,support,team,teamwork,together,union,unity,vision,walk,wooden
  • CERTrating follows the SIM3 maturity model which covers four quadrants.
  • CERTrating works in three levels: Basic, Intermediate or Advanced.

Since 1993, Computer and Emergency Response Teams (CERTs) have impacted communities across the world by helping them build their skills and capabilities to prepare for and respond to cyberattacks.

CERTs are one of the main pillars and first line of defense for cybersecurity in any country. They evaluate a cyberthreat or attack in four stages. These stages include identifying, preventing, responding to, and resolving the threat. These organizations’ main aim is to develop and disseminate knowledge and awareness about cybersecurity.

Introduction to CERTrating

The Global Cyber Security Center (GCSEC), a not-for-profit foundation of the Italian postal service provider Poste Italiane, has come up with a new tool named CERTrating.

  • CERTrating is designed to better understand and evaluate the maturity level of CERTs and services provided to their constituencies.
  • It is based on the capability maturity model designed by ENISA (European Union Agency for Cybersecurity) for CERTs. This maturity model is one of the methods that can be used to understand how and where investments must be directed and how much effort should be made in terms of time and resources.
  • CERTrating works in three levels: Basic, Intermediate or Advanced.

How does it work?

CERTrating follows the SIM3 maturity model which covers four quadrants: (O) Organization, (H) Human, (T)Tools and (P) Processes. The maturity model is measured on a scale of 0 to 4.

  • 0 = not available / undefined / unaware
  • 1 = implicit
  • 2 = explicit, internal
  • 3 = explicit, formalized on the authority of CERT/CSIRT head
  • 4 = explicit, audited on the authority of governance levels above the CERT/CSIRT head

Benefits

Apart from offering the maturity level of CERT and its respective services, CERTrating also provides recommendations that can be followed to improve the level of maturity to an optimal position. The tool will be available in a short time. For more details, click here.

loader gif