Has there been any reaction from the government and the corporate sector after you started working?
The reaction in general has been very positive. I think many people did not know what to expect from IRISS-CERT and may have seen us as some sort of threat, but over time we have proven that we are a vendor neutral, independent and trusted resource for information security. There has been no official reaction from the Irish government regarding IRISS-CERT and it will be interesting to see what role a CERT, be that IRISS-CERT or otherwise, will play within the cyber-security strategy that is being developed.
What are your strengths and your weaknesses? What areas need improving and where are the most significant problems?
Our main strengths are the fact that we are now well established within the CERT community and can leverage those relationships to provide high quality services our constituency. Recently IRISS-CERT has been accredited as part of the Trusted Introducer Framework. This framework validates the effectiveness of each subscribing CERT and ensures that it meets the necessary requirements to be considered a CERT. This accreditation demonstrates the hard work and professionalism of the team at IRISS-CERT. The other strengths would be that we are vendor neutral and independent and have a strong team made up of some of Ireland's top information security professionals.
Our weaknesses would be that we are not yet a dedicated full time service. While we are able to cope with the demands on the service as they current stand, as the demand grows and more people and organizations use our services we will have to move into a full time model. I plan to eventually address that by raising enough funding to provide a full-time dedicated service to our constituency.
As we have no mandate from the Irish government we rely heavily on the cooperation of the various providers and ISPs within Ireland to assist us in dealing with various type of issues. While most are very cooperative and take the security of their systems and clients seriously, there is a small number who do not respond appropriately. Hopefully over time we can persuade and work with all providers to ensure issues are dealt with effectively.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.