Minimum capabilities and requirements for establishing a national CERT for ACG

Abstract

Securing data and networks in information technology (IT) is a very important defense issue against breaching or hacking by cyber-attacks to have IT business continuity. Because of using technology in GEs, all IT infrastructures are under risk. It is a demand task to design protection methods, which defend and reduce the affect off cyber-attacks. A minimum set of capabilities and requirements for establishing a national Computer Emergency Response Team (CERT) for protecting Government Entities (GEs) from cyber-attacks was proposed. The case study is the Arabian Gulf Countries (AGC). First, this research will identify the cyber-attack threats faced by the GEs and the effect of these threats on mission-critical assets and services. Besides, the obstacles related to cyber-attack threats facing AGC services and assets will be explained. Furthermore, this research will propose a minimum set of capabilities for a CERT team setup involving GEs to sustain and protect mission-critical assets. However, this thesis will also explain the CERT team obstacles related to avoiding cyber-attack threats targeting the region. In addition, this research will determine minimum requirements for CERT technologies to provide high-performance protection against cyber-attack threats to mission-critical assets and services. Moreover, this research will determine obstacles to using technology to avoid cyber-attack, and the obstacles that occur during using technology to avoid cyber-attack. Finally, this thesis will suggest conclusions for future work, including discussion of results.