17 Figure 2

2.2. Security bulletins and blogs

AusCERT publishes security bulletins as part of its services. Security bulletins can be divided into four categories: Updates, Alerts, Advisories, and External Security Bulletins. Updates provide additional information or corrections to an existing Security Bulletin. They are a mechanism for quick release of important information in a less structured way. Alerts contain information about computer or network threats and vulnerabilities of a serious and urgent nature. Alerts may draw upon material already published by third parties. Advisories provide more detailed information about specific threats or vulnerabilities researched by AusCERT. External Security Bulletins are published by other computer security incident response teams, vendors that AusCERT redistributes or references with permission. During 2008, AusCERT published 1,163 external security bulletins ESB, 270 advisories, 131 alerts, and 30 updates and 76 blog items. 18 Figure 3

2.3. Network monitoring

AusCERT is collaborating with a number of partners operating monitoring projects, by hosting sensors.

2.4. Certification

AusCERT, in partnership with EWA Australia and the University of Queensland continues to support a community of IT practitioners with applicants from around the globe signing-up for certifications. The International Systems Security Professional Certification Scheme ISSPCS is a global and open certification scheme for information and systems security professionals that address the shortfalls of traditional IT security certifications by founding the scheme on essential principles of security. The International Systems Security Engineering Association ISSEA is overseeing the development of the certification. See: www.isspcs.org 19

2.5. Australian Access Federation

The Australian Access Federation AAF Project is implementing and deploying the infrastructure to facilitate trusted electronic communications and collaboration within and between higher education and research institutions both locally and internationally as well as with other organizations, in line with the NCRIS objective of providing researchers with access to an environment necessary to support world-class research. The AAF project has three main components: the development of overarching governance and policies for the whole Federation, the development of specific policies, technical implementation and rollout of PKI for the Federation; and the development of specific policies, technical implementation and rollout of Shibboleth for the Federation. AusCERT is responsible for developing the first two components of this project. AusCERTs ability to include its root certificate into major vendors browsers coupled with the deployment of a public key infrastructure for the AAF is looking at reducing the barriers to increased use of PKI in the higher education and research sector through:  Provision of SSL server certificates, reducing overheads and the need to use self-signed certificates  Provision of hosted certificate authority services enabling secure, low overhead issuing of end user certificates for our institution, eg, for access to sensitiveexpensive resources and secure email  Quality validation services eg, OCSP support Further information about the AAF is available at www.aaf.edu.au.

2.6. New Services AusCERT Remote Monitoring ARM