On the 22
nd
till 27
th
May 2007, BruCERT participated in Civil Service Institute Customer Day held at Civil Service Institute in the capital.
In July 16
th
2007, BruCERT joined the ASEAN CERT Incident Response Drill, where the main objective is to simulate realistic cross-border incidents handling and
promote collaboration among national CERTs in the region In Aug 2
nd
2007, three of JPCERT delegates lead by its Director of Technical
Operation paid a courtesy visit to BruCERT premise.
In 10
th
till 14
th
September 2007, three BruCERT delegates joined the APISC Security Training Course hosted by KrCERTCC
In 22
nd
Nov 2007, BruCERT participated the APCERT Drill 2007 lead by AUSCERT.
3.2 Training and Seminars
From January 2007 onwards, BruCERT has conducted on-going IT Security Awareness Training, at the Civil Service Institute IPA of Brunei Darussalam for Government
Officials in three levels, which are End Users, IT personnel and Executive Management. Due to overwhelming response, the “Basic Information Security Workshop” was
developed in May 2007 as an advanced course from the IT Security Awareness training. This particular training will be conducted on a regular basis at the Civil Service Institute,
Brunei.
4.0 BruCERT Future Plans
• Applying for FIRST membership
BruCERT plans to upgrade its member status to full member in APCERT and work on with other terms and conditions to qualify for the FIRST membership.
• Free Seminars to the local public
A half-day or one-day talk will be given to the local public to enhance awareness on IT security-related topics.
• SMS Services
BruCERT plans to offer SMS alert and notification service for the public. This subscription based service shall provide early notification to the public on IT security
related events and alerts.
• BruCERT Road shows
Organize Roadshows to further promote and publicize BruCERT services by conducting, educational programmes and games.
• Publications
Produce educational booklets and posters. This is intended to provide basic IT security awareness to the general public and facilitate BruCERT road shows.
67
5.0 International Collaboration
In Aug 2
nd
2007, three of JPCERT delegates lead by its Director of Technical Operation paid a courtesy visit to BruCERT premise. During the 2 days visit, BruCERT and JPCERT had sign
the Memorandum of Understanding MOU to enhance the collaboration between the CERTS in handling IT Security Incident.
6.0 Conclusion
Due to the anonymity in cyberspace, Internet crimes are getting hard to detect. In order to address these computer threats, the collaboration between BruCERT and the enforcement of
various legislations together with the involvement of law enforcement agencies can help to strengthen cyber security and protect the well being of the people and nation. Besides that,
collaboration among CERTs is essential in an effort to work together mitigating the risk of further incidences in the region. Its hope that BruCERT can be make known and contribute
more to the public through the implementation of the future plans mentioned above.
68
M. CERT-In Activity Report 2007
Indian Computer Emergency Response Team – India
1.0 About CERT-In: 1.1 Introduction
CERT-In is a functional organisation of Department of Information Technology, Ministry of Communications and Information Technology, Government of India
, with the objective of securing
Indian cyber space. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services.
1.2 Establishment and Constituency
CERT-In was operational since January 2004. The constituency of CERT-In is the Indian cyber community. CERT-In works cooperatively with Chief Information Officers and system
administrators of various sectoral and organisational networks of its constituency.
2.0 Activities and Operations of CERT-In 2.1 Services and Activities
CERT-In provides: •
Proactive services in the nature of Advisories, Security Alerts, Vulnerability Notes, and Security Guidelines to help organisations secure their systems and networks
• Reactive services when security incidents occur so as to minimize damage
The summary of activities carried out by CERT-In during the year 2007 is given in the following table:
Activities Year, 2007
Security Incidents handled 1237
Security Alerts issued 44
Advisories Published 66
Vulnerability Notes Published 163
Security Guidelines Published 1
White papers Published 2
Trainings Organised 6
Indian Website Defacements tracked 5863
69