Cyber attacks that have occurred in recent years have fully confirmed that Cybersecurity is an increasingly complex challenge that represents a priority for all companies both in terms of development and investments. In this context, CERTs play a central role in the security perimeter of their own company but even more in National Scenarios. Computer and Emergency Response Teams are one of the main protagonists and the first defense line of cybersecurity, identifying, preventing, responding, resolving and struggling any type of IT incident to protect national and corporate interests.
For these reasons, GCSEC has decided to develop a Tool that can contribute, as a self-assessment tool, to assess the Maturity Level of CERTs and services provided to the Constituency to better face these complex tasks. The tool was developed according to the Capability Maturity Model defined by ENISA (SIM3), which is based on a specific classification in three main levels: Basic, Intermediate or Advanced. The self-assessment is composed of 44 questions divided in 4 fundamental guidelines: Organization, Human, Tool and Processes.
The platform provides a self-assessment, faithful to ENISA's SIM3 model, for the entire CERT and another 14 surveys for services. The 14 CERT Services, defined by ENISA, have their own dedicated surveys based on the model and metrics of the Capability Maturity Model implemented by ENISA and customized for each service.
CERTrating offers the possibility of typing the name of your CERT and Company, its logo, selecting services provided by your CERT assigning the relative weight and creating user accounts specific for each service. You could also modify at any time the completed surveys to constantly update your Maturity level. The Tool includes a dashboard and specific reports for Top Management that provide a view of the CERT and its services maturity level.