- Alerts and warnings;
- Security incident handling, incident analysis.
BtCIRT will receive information regarding incidents, triage incidents and coordinate response. Activities related to incident handling and analysis include:
- Evidence collection;
- Tracing suspicious and malicious activities;
- Providing mitigation solutions for indicated incidents;
- Coordinating response activities among related parties;
- Providing assistance to the affected constituents.
- Security event monitoring and security incident detection. BtCIRT will proactively monitor security events on the network and it will use the collected information to detect malicious activities within governmental network infrastructure.
- Security vulnerability warnings. BtCIRT will collect information regarding security vulnerabilities and it will communicate with constituents in order to distribute appropriate vulnerability information.
- Security assessments. BtCIRT will use vulnerability scanners to identify potential threats to the government information and corresponding infrastructure and it will coordinate appropriate remediation actions in order to minimize or eliminate corresponding security risks.
BtCIRT will make efforts to identify gaps in the competence of constituents in order to ensure better understanding and compliance with security best practices, standards and corresponding policies. BtCIRT will take necessary measures to eliminate these gaps and to raise general preparedness for security threats by using different instruments such as meetings, seminars, articles, media and similar methods.