CSIRTs and criminal justice authorities – good practices of collaboration on cybercrime and electronic evidence
CERTs/ CSIRTs (Computer Emergency / Computer Security Incident Response Teams) have an important role in preventing cyber-attacks and in coordinating the technical response at national level. They may help in monitoring and reporting cybercrimes, in sharing technical information on ongoing or past attacks and in securing electronic evidence.
It is therefore essential that CERTs and criminal justice authorities put in place an efficient and effective collaboration, where roles, responsibilities and segregation of duties are defined and agreed upon.
The purpose of this webinar is to identify ways in which cooperation between criminal justice authorities and cyber security actors could improve, including through identification of mutual roles and responsibilities in cybercrime investigations. Information will be provided on the legal, organisational and technical aspects, pointing out current shortcomings and making recommendations to further enhance cooperation.
The webinar will showcase good practices adopted in the EU, as analyzed by the European Union Agency for Cybersecurity, ENISA.
- Promote the adoption of good practices for an effective cooperation between CERTs and criminal justice authorities, including law enforcement officers, prosecutors and the judiciary
- Discuss on roles and responsibilities, and segregation of duties
- Present case studies of successful cooperation
- Engage in discussions and share experience on current challenges and solutions, also in the light of the outbreak of cyber threats related to the global COVID-19 crisis.
- ENISA, An overview on enhancing technical cooperation between CSIRTs and LE
- ENISA, Training material on CSIRT-LE cooperation
- ENISA, Roadmap on the cooperation between CSIRTS and LE
- ENISA, Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary
- ENISA CSIRT training materials
- Tools for assessing CSIRT Capabilities and Maturity
- Council of Europe, Octopus Conference (2019), Workshop 3: Cooperation on cybercrime and cybersecurity, resources and presentations
- Council of Europe's Octopus Cybercrime Community
- Additional resources from CERT-MU
- Forum of Incident Response and Security Teams