CERT - Security incident management


It is responsible for prevention and the management of security incidents.

missing

Description

CERT service has the task of managing IT security incidents involving users and hosts connected to the University network. In particular, CERT service :

  • verifies the correct use of the IT resources made available by the University to UniTrento users in compliance with the University network access regulations
  • assists UniTrento users victims of attacks in the management of IT security incidents, reporting them to the external authorities (starting from the GARR) and gathering all the necessary information
  • responds to the reports of IT security incidents coming from GARR and other authorities external to the University, supporting the involved UniTrento users in the analysis and resolution of the incident
  • reports any IT vulnerabilities and communicates any countermeasures
  • organizes and promotes courses and training sessions for UniTrento users on on cyber security topics

If the necessary preconditions take place, the CERT operator opens a security incident linked to the alert in the ticketing system; after a first analysis of the problem, the CERT can start a task investigation involving in the solution process one or more correspondent authorities (which may be people or offices in some way involved, i.e. the manager of a server, an account owner, User Support service, Account service). This activity sends from investigation@cert.unitn.it an email marked with the identifier [CERT @ UNITN #ticketnumber] to which the recipients must refer for further communications with CERT. By responding to this email, the correspondents report to CERT the outcome of actions they have taken. Once all the investigation tasks are completed, the CERT closes the incident and communicates the closure to the involved actors.

Vulnerability analysis
On demand and periodically, CERT can also analyze the vulnerabilities of a host by scanning tools that provide the applicant with detailed reports on any encountered security problems. CERT is available to the applicant to evaluate the criticality of the vulnerabilities and to share the most appropriate actions with the technician, and / or with the manager of the host.

Availability

Availability during business hours

Options

Some particular incidents require a special level of secrecy and iare therefore managed with the appropriate precautions.

Service Request

To report a computer security problem, write an email to alert@cert.unitn.it or fill in the helpdesk form (Need help?). The report will be processed and tracked in a centralized ticketing and helpdesk system. The user will receive a message of take charge with the identifier [ALERT @ CERT #ticketnumber] to which he can refer for further communications with CERT.

 Need help?
Documentation