Assistance in organizing CERT/CSIRT services
Key Responsibilities of Sectoral CERT/CSIRT Services
- Identifying cybersecurity incidents, responding to them, and mitigating their consequences
- Collecting, accumulating, and analysing information on modern cybersecurity threats
- Investigating cybersecurity incidents and reporting to the authorised and working bodies
- Cooperating with the UZCERT service
- Regularly implementing measures to ensure cybersecurity
Main Areas of the Service
Assistance in Developing Regulatory and Legal Documents for Sectoral CERT/CSIRT Services
-
Initial Action Plan
Development of an initial action plan for establishing a CERT/CSIRT service.
-
Draft Regulation Development
Preparation of a draft regulation defining the key functions and responsibilities of the CERT/CSIRT service.
-
Preparation of a Cooperation Memorandum
Development of a draft memorandum of cooperation between the sectoral CERT/CSIRT service and UZCERT.
-
Incident Response Plan
Development of a cybersecurity incident response plan.
Assistance in Implementing Cybersecurity Monitoring Systems
-
FALCON
A 24/7 monitoring system for information systems and resources.
-
Threat Intelligence
A system for early warning and analysis of cyber threats.
-
V-tuzoq
A honeypot system designed to collect information about cyber threats.
-
MISP
A system for exchanging information on cyber incidents, cyber threats, and indicators of compromise.
-
FIRESIGHT
A WAF system designed to protect web applications in real time.
Training and Professional Development of Specialists in CERT Service Operations
-
Cyber Incident Detection
Developing practical skills in detecting cyber incidents and responding to them promptly.
-
Digital Evidence Collection
Training on cyber incident reporting procedures and the proper collection of digital evidence.
-
Incident Impact Mitigation
Defining measures to eliminate the consequences of a cyber incident and prevent its recurrence.
-
Investigation and Final Report
Investigating a cyber incident, documenting the results, and preparing a final report.
Monitoring and Protection Systems That May Be Implemented
24/7
FALCON
Continuous monitoring of information systems and resources.
TI
Threat Intelligence
Identification of relevant cyber threats and early warning about them.
VT
V-tuzoq
Collection of information on attacker activity and the attack methods they use.
MISP
MISP
Exchange of information on threats and indicators of compromise.
WAF
FIRESIGHT
Protection of websites and web applications from malicious internet requests.
Key Service Outcomes
Establishment of an Organisational Framework
The responsibilities, powers, and operating procedures of the CERT/CSIRT service are defined.
Continuous Monitoring
The capability to regularly monitor information systems and resources is established.
Rapid Response
The speed of detecting cyber incidents and containing their spread is increased.
Qualified Specialists
Employees’ practical skills in investigating and resolving incidents are improved.
Final Result
As a result of the service, the organisation receives the necessary organisational, technical, and methodological foundation for establishing a specialised sectoral CERT/CSIRT service capable of detecting and investigating cybersecurity incidents, responding to them promptly, and cooperating with authorised bodies.
+99871 203 00 23
Report cyber incident:
incident[at]uzcert.uz
Tashkent city, Mirabad district,
Taras Shevchenko street 20
