About us

CERT Bulgaria is the National Reaction Center for Incidents in Connection with Information Security. The mission of the Center is to support its service users in proactive activities to reduce the risks of information security incidents and to assist in resolving such incidents in the event that they have already occurred.
The Center provides a centralized database of information related to providing a secure and secure information environment.

The goals to be achieved include:

  • protection of information and technological assets;
  • limiting the direct impact of security incidents on the information society;
  • help in recovering from incidents;
  • assessing the impact of security incidents;
  • collecting and disseminating technical information related to information security incidents, as well as vulnerabilities in the security of the systems and ways to prevent them;
  • conducting research related to new technologies in network and information security;
  • conducting training related to information security and incident management.

Националният екип за реагиране при инциденти с компютърната сигурност предоставя на своите ползватели ре-активни и про-активни услуги, описани по-долу.

Emergency warning and warning:

The service offers the dissemination of information that describes attacks, security vulnerabilities, unlawful interference alarms, computer viruses, or scams, and offering short-term recommended action to address and resolve issues. Alerts, warnings, or tips are sent in response to a current problem in order to provide information on this activity and to provide advice on preventing or restoring the systems if they have been affected.

Vulnerability Management:

Vulnerability Management Services in addition to signaling and warning services include:

  • receiving and processing information about vulnerabilities in hardware and software systems and applications;
  • analysis of the nature, mechanism and consequences of vulnerabilities and development of strategies for action to detect and correct vulnerabilities;
  • identifying appropriate actions to mitigate or correct vulnerability. It may include searching for software patches and patches and notifying users of mitigation measures. Get help with software patch installation and patch actions.

Security incidents management:

Incident management includes receiving, sorting, and responding to queries as well as analyzing incidents and events. Specific management actions may include:

  • Take action to protect systems and networks affected or threatened by unwanted attacks offering solutions and risk reduction strategies as a result of similar events;
  • offering solutions and risk reduction strategies as a result of similar events;
  • checks for attacks on other parts of the network;
  • filtering network traffic;
  • system recovery;
  • updating and updating systems;
  • developing other responses or alternative strategies to resolve problems.

Artifacts management:

Artefact management services include obtaining information about the presence and copy of the artifacts used in the offender's attack, intelligence, and other unauthorized or destructive actions. The study of artifacts includes analysis of the character, mechanics, version and use of artifacts, and development (or offering) strategies for action to detect, remove, and protect against them.

Newsletters:

The services include, but are not limited to, vulnerabilities warnings and attempts to attack, as well as advice to increase security. These newsletters provide information about newly discovered vulnerabilities and attack tools. This is intended to protect systems against such vulnerabilities even before they become widespread.

Dissemination of information related to the provision of a secure information environment:

Тази услуга предоставя на ползвателите ѝ информация за подобряване на сигурността, представена в изчерпателен и разбираем вид. Информацията може да включва:

  • instructions for contacting the CSIRT unit;
  • archive with warnings, notifications and other similar messages;
  • documents on current good practices in the field;
  • basic guidelines on computer security;
  • policies, procedures and checklists;
  • information on the development and distribution of security patches;
  • links to suppliers;
  • current statistics and trends in incident detection;
  • other information that could improve overall security practices.