Training on SIM3 operating model for incident response forces in Vietnam

On April 19, the Vietnam Cyber ​​Emergency Response Center (VNCERT/CC), the Information Security Administration, the Ministry of Information and Communications coordinated with European Union (EU) experts to organize a training program on the issue of cyber security. how to build, operate and evaluate the capacity of the SIM3 incident response team for members of the National Cyberinformation Security Incident Response Network and VNCERT/CC technical and managerial staff .

SIM3 is a mature model of information security incident management” and has been in use since 2009. The model has been applied by information security units around the world, especially rescue teams. breakdown of countries and organizations. In the EU, incident response teams are encouraged to develop a SIM3-based approach. Evaluation criteria according to SIM3 model includes a total of 44 parameters separated into 4 groups including organization, people, tools, and processes.

According to a representative of the Department of Information Security, in Vietnam, Decision 05 of the Prime Minister in 2017 on the system of emergency response plans to ensure national cyberinformation security stipulates the establishment of response teams. incident rescue and national network information security incident response network.

Immediately after that, in Decision 1622, the project on promoting the operation of the incident response network and strengthening the capacity of officers and departments in charge of responding to cyberinformation security incidents nationwide was approved. approved, clearly showing the country’s orientation in promoting the capacity and quality of incident response activities.

The national network of incident response to ensure network information security is a unique model of Vietnam, which is more organized and stricter than the model of voluntary connection between incident response teams around the world. The network needs to be further enhanced in operation, helping members and incident response teams to strengthen their capacity to effectively respond to incidents, from preparation, to limiting incidents, to responding to incidents. effective when incidents occur, to both drawing lessons learned and taking measures to prevent recurrence of incidents.

“Currently, the Information Security Administration is also developing a set of criteria to evaluate the capacity of the network information security incident response team, and consulted with network member units so that it can be deployed soon.”a representative of the Information Security Department said.

In the EU’s cooperation and support program for Vietnam on enhancing network safety and security, the EU’s Cyber4Dev project supported VNCERT/CC to deploy a training program on developing criteria and evaluate those criteria according to the information security incident management maturity model – SIM3.

Specifically, the EU has sent two leading experts on SIM3, Mr. Nick Small and Don Stikvoort, to Vietnam to directly train all network members on SIM3’s criteria, as well as provide in-depth training for VNCERT /CC method of assessing maturity, which can better support domestic units to effectively deploy incident response teams.

The training program on SIM3 model with direct guidance from EU experts is considered a valuable opportunity for domestic organizations and enterprises to improve their management capacity and develop incident response activities. At the same time, it will help develop and issue a set of criteria to evaluate the capacity of Vietnam’s cyberinformation security incident response team more appropriate, applying the SIM3 model that many countries, many organizations are applying.

The representative of the Information Security Administration suggested that the trainees attend the training program both face-to-face and online, focusing on acquiring important points from the SIM3 model in order to soon apply it to their organizations.

“Most of all, I asked VNCERT/CC Center to appoint technical and managerial staff, master the expert’s communication, immediately deploy SIM3 model for VNCERT/CC after the training program, and then provide support. support domestic units to apply SIM3 for incident response activities, for their incident response teams”a representative of the Information Security Department said.

Van Anh