 |
|||||
|
|
|
|||
|
|
 |
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||
|
|
 |
|
|
|
|
|
|
|||
|
|||||
|
|||||
|
|||||
|
|
|
|||
|
|
|
|
||
|
|
|
|||
|
|||||
The Cert-IST membership is based on a fee related to the requested services
Offer presentation
- Personalised dissemination of security avisories and alerts under different formats. Results from the analysis and the tally of information gathered daily from many sources and from the qualification using objective criteria. Each year, the Cert-IST releases more than 400 advisories, around ten alerts and updates more that 500 vulnerabilities which have evolved.
- Release of a monthly security bulletin. Records the vulnerabilities that have been released or not and deals with actuality topics through specific studies.
- Release of a weekly security bulletin. Records the vulnerability evolutions.
- Access to the Cert-IST vulnrability database, feeded since 1997, which covers hardware and software components the most commonly used in information systems. The Cert-IST stores vulnerabilities concerning more than 500 products with management of associated versions. This base enables multi-criteria search.
- Access to forums to inform/alert as soon as possible (pre-alert system).
- Access to a hotline in case of demand of precision on a released advisory.
- Access to an incident hadling service with intervention on site if necessary. Establishment of a trusted relationship that allows to handle security problems with all the privacy requirements. The service enables to find an explanation to reported problems (abnormal behavior, loss of disponibility or confidentiality, etc...), to identify their causes (voluntary or unvoluntary) and the origin. It gives various recommendations, either corrective to palliate the incident, or general to improve the general security level.
- Access to specialised trainings, that help acquiring :
- Required competence for trace analysis and investigation on incident.
- Knowledge on the Windows system security.
- Furniture of security studies, where the operational approach is privileged.
Incident handling coordination
- The Cert-IST coordinates with the other CERT nationally and internationally for security incident response, whenever a member of its constituency (France Industry, Services and Tertiary sector) gets involved.