Incident Response:
GovCERT-Hungary will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

Incident Triage:

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

Incident Coordination

  • Determining the initial cause of the incident (vulnerability exploited).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with law enforcement, if necessary.
  • Making reports.
  • Composing announcements to users, if applicable.

Incident Resolution:

  • Analyzing and if possible removing the vulnerability.
  • Securing the system from the effects of the incident.
  • Collecting evidence where criminal prosecution, or community disciplinary action, is contemplated.

In addition, GovCERT-Hungary will collect statistics concerning incidents which occur within or involve its constituency, and will notify the community as necessary to assist it in protecting against known attacks.

Malware Analysis
Malicious code can reduce work efficiency and system security, but only an expert can determine the threat of a software or document for an IT system. Any software, document or other suspicious code sent to GovCERT-Hungary will be analyzed by our experts to find malicious code.

Technology Watch
IT security tools are developing at a fast pace, keeping up with upcoming threats. GovCERT-Hungary can determine the need for a new security tool, and develop effective deployment methods for its clients.

Security Consultancy
GovCERT-Hungary, with the support of its external experts, can give advice on any security issue to its clients. The 70-30 rule is still effective, which means that most Security threats are coming from inside the organization, GovCERT-Hungary can provide educational materials and hold training sessions for their constituents, so employees and managers become part of the security, instead of being a security risk.