SECURITY ORGANIZATIONS ROLES (CERT/CC (The CERT Coordination Center…
SECURITY ORGANIZATIONS ROLES
The CERT Coordination Center (CERT/CC) is a reporting center for Internet security issues.
The CERT/CC plays a major role in coordinating responses to Internet security threats.
The CERT/CC is located at the Software Engineering Institute (SEI) operated by Carnegie Mellon University.
The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors.
US-CERT was established in 2003 to protect the nation’s Internet infrastructure by coordinating defense against and responses to Internet security threats.
US-CERT is responsible for the following:
Analyzing and reducing cyber threats and vulnerabilities
Disseminating cyber threat warning information
Coordinating incident-response activities
The SysAdmin, Audit, Network, Security (SANS) Institute was established in 1989 as a cooperative research and education organization.
The SANS Institute develops and maintains research documents about various aspects of information security.
These documents are available at no cost. SANS also operates the Internet Storm Center, an early warning system for Internet security issues.
The International Information Systems Security Certification Consortium, Inc. (ISC2) is a nonprofit organization that maintains a collection of industry best practices for information security.
The ISC2 has created five certifications that align to these best practices, the Systems Security Certified Practitioner (SSCP), and the Certified Information Systems Security Professional (CISSP).
There are two Focus certifications that one can take after the CISSP, and then there is the new Certification and Accreditation Professional (CAP) certification.
The Common Criteria is an international standard for evaluating IT security.
It was developed by a consortium of 14 countries to replace a number of existing country-specific security assessments and was intended to establish a single high-quality standard for international use.
Although there are seven security levels defined for the Common Criteria evaluation process, Evaluation Assurance Level 4 (EAL4) is the highest universal evaluation level implemented under the Common Criteria today.
The Federal Information Processing Standard (FIPS) 140 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules.
FIPS 140 has four levels of assurance: Level 1 is the lowest, and Level 4 is the most stringent.
Each level builds upon the one below it, so a Level 2 certification means that a product meets the requirements for both Level 1 and Level 2