• Print

Incident response

CESICAT-CERT™ is the cybersecurity incident response centre in Catalonia, providing a reliable and trustworthy point of contact for notifying and managing cybersecurity incidents.

The Information Security Centre of Catalonia (CESICAT) has an Incident Response Team which operates under the trademark CESICAT-CERT™ as the Government of Catalonia’s CSIRT (Computer Security Incident Response Team), developing preventive, reactive, coordination and management measures to deal with cybersecurity incidents in the areas associated with CESICAT when its services are requested.

The design of the Incident Response Team follows incident management processes and methodology in accordance with the internationally recognised standard good practice model defined by the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU) in the United States of America. This working method is a guarantee of quality and security in the various tasks carried out during the incident management lifecycle. It includes triage actions to consider technical, legal and judicial aspects.

Since 2010, CESICAT-CERT™ has been an official member of the international FIRST network consisting of more than 350 cybersecurity incident response centres all over the world.



CESICAT-CERT™ services

The services offered by CESICAT-CERT™ are organised in three main categories:

Reactive services: Services aimed at responding to a security threat or incident suffered by an information system and minimising its impact. These services are classified as:

  • Warnings and alerts
  • Incident handling:
    • Incident analysis
    • Remote incident response support (standard information)
    • Remote incident response support (personalised information)
    • Remote incident advice in real time
    • Online incident support
    • On-side incident support
    • Incident response coordinated with third parties
  • Dealing with vulnerability:
    • Vulnerability analysis
    • Response to vulnerability
    • Coordinated response to vulnerability
    • Remote and on-site advice for resolving vulnerability
  • Treatment of artefacts:
    • Artefact analysis
    • Response to artefacts
    • Coordinated response to artefacts
    • Forensic analysis

Proactive services: the task of these services is to reduce security risks to the community by distributing information and implementing protection and detection systems. These services are designed to improve infrastructure and security processes before an incident occurs or is detected. The main aim is to avoid incidents and reduce their impact and scope if they occur. These services are classified as:

  • Publication and advertisements
  • Monitoring new technologies
  • Configuring and maintaining security tools, applications and infrastructures
  • Intrusion detection service
  • Distributing information concerning security

Management and coordination services: Services intended to improve working processes both in the community where the service is provided and within the IRT itself. These services are classified as:

  • Education and training
  • Awareness-raising campaigns