NP CERT

A computer emergency response team (CERT) is an expert group that handles computer security incidents. It is the internet’s official emergency team.

Functions:

1.  It deals with cyber security threats like hacking and phishing.
2. It helps to identify and respond to cyber risks and limit their impact on operations.
3.  It also collaborates with security operations center teams to establish detection rules and coordinate responses.

Nepal, being a developing country, must think for better security system to be deployed with the implementation of Information system for effective and efficient utilization of the resources. The deployment of e-government system and the back-end network infrastructure deployments are slowly progressing. With these perspectives, keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new IT-based product and each new global IT threat. Most organizations realize that there is no single solution or panacea for securing systems and data; instead a multilayer security strategy is required. One of the layers that many organizations require in their strategy today is the creation of and National IT Emergency Readiness/Response Team, generally called an ITERT or Computer Emergency Response Team (CERT). 

The CERT proposed in Nepal by Department of Information Technology, Training, Research and Development Section as ITERT to provide the following 24x7 services:

1. Publish security alerts
2. Perform Information security Audits and Assurance
3. Conduct Cyber Security Awareness and Training
4. Perform  Analysis and Forensic investigation of cyber incidents
5. Response to cyber security incidents
6. Coordination with global and local agencies towards Cyber crime

The Department of Information Technology (DoIT), Training, Research and Development Section have recently formed CERT Committee under the supervision of Director General of DoIT for the design and implementation of Nepalese CERT.

The CERT Committee has formed as follows:

1. Director General - Department of Information Technology --- Co-Ordinator
2. Office of Prime Minister and Council of Ministries --- Member
3. Ministry of Home Affairs --- Member
4. Ministry of Communication and Information Technology --- Member
5. Ministry of Law Justice and Parliamentary Affairs --- Member
6. Nepal Rastra Bank --- Member
7. Nepal Telecommunication Authority --- Member
8. Nepal Army --- Member
9. Nepal Police, Central Investigation Bureau --- Member
10. Office of Controller of Certification --- Member
11. IT Officer, Department of Information Technology, T, R&D Section --- Member
12. Director, Department of Information Technology, T, R&D Section --- Member Secretary

The above CERT Committee are responsible for the addressing the legal mandates in upcoming IT Umbrella ACT of Nepal, and also responsible for identification of IT Infrastructure, Hardware and Software as well as the Security tools for the NPCERT.

CERT related services provided by DoIT in line with NPCERT are:

1. IT System Audit
2. Website and Web application Audit
3. Vulnerability Assessment and Penetration Testing
4. Cyber Security Awareness and Training
5. IT System Security specific Training for building the capacity of Team member