However, without our sponsors IRISS-CERT would not have been set up and nor could it continue to offer our services. I am very grateful to sponsors such as the SANS Institute, The IEDR, NetWitness Corporation and Syngress. There are a number of organizations such as ENISA, the WARP Programme, CERT/CC and members various members of TF-CSIRT who have also provided us with great support with items such as reference material, mentoring and advice. Thanks to those sponsors we are also able to provide our services to our constituency for free.

Has there been any reaction from the government and the corporate sector after you started working?

The reaction in general has been very positive. I think many people did not know what to expect from IRISS-CERT and may have seen us as some sort of threat, but over time we have proven that we are a vendor neutral, independent and trusted resource for information security. There has been no official reaction from the Irish government regarding IRISS-CERT and it will be interesting to see what role a CERT, be that IRISS-CERT or otherwise, will play within the cyber-security strategy that is being developed.

What are your strengths and your weaknesses? What areas need improving and where are the most significant problems?

Our main strengths are the fact that we are now well established within the CERT community and can leverage those relationships to provide high quality services our constituency. Recently IRISS-CERT has been accredited as part of the Trusted Introducer Framework. This framework validates the effectiveness of each subscribing CERT and ensures that it meets the necessary requirements to be considered a CERT. This accreditation demonstrates the hard work and professionalism of the team at IRISS-CERT. The other strengths would be that we are vendor neutral and independent and have a strong team made up of some of Ireland's top information security professionals.


Our weaknesses would be that we are not yet a dedicated full time service. While we are able to cope with the demands on the service as they current stand, as the demand grows and more people and organizations use our services we will have to move into a full time model. I plan to eventually address that by raising enough funding to provide a full-time dedicated service to our constituency.

As we have no mandate from the Irish government we rely heavily on the cooperation of the various providers and ISPs within Ireland to assist us in dealing with various type of issues. While most are very cooperative and take the security of their systems and clients seriously, there is a small number who do not respond appropriately. Hopefully over time we can persuade and work with all providers to ensure issues are dealt with effectively.