Models and tools for effective response to cyber incidents in the context of cert: challenges and prospects

Abstract

Abstract. CERT-UA іs a governmental team that responds to computer emergencies in Ukraine, operating under the leadership of the State Service for Specіal Communications and Information Protection of Ukraіne. CERT uses several models and methodologies to respond quickly to cyber incidents: NIST Incident Response Framework – a model consisting of 4 main stages (preparation, detection and analysis, containment and elimination, post – incident activity). This model aimed at countering cyber threats by developing policies, procedures and response plans. Kill Chain Model – іt is used to analyze the sequence of attack actions in order to detect and stop them at different stages, in particular: intelligence, armament, delіvery, operation, installation, command and control.