Publications: We develop and distribute brochures and small guides as materials for awareness, which explain to users in a simple and clear manner the threats and how to protect their systems. We also freely distribute CDs , containing security and parental control tools, free for domestic use, but also voluminous Microsoft patches, dedicated for users having slow dial-up lines and CD on open-source security tools. We also broadcast short awareness spots through specialized rubrics of our security mailing-list (rubrics .Precaution, .Flash,.Tools, .open-source).

Presentations: We co-organize and intervene in the majority of national conferences & workshops related to ICT and organize booths in all national and regional exhibitions, with sessions of live demonstrations of attacks, to keep people in touch with reality of risks and the importance of best practices.

Parents and children:Concerning parents and children awareness, we prepared a first pack of awareness material. A manual ("security passport for the family") including quizzes, is available, along with "cartoons" and little pedagogic game, which explain to children in a funny manner, the risks (pedophilia, virus ..) and the basic rules of protection. We also organize events for institutions and organizations , working in the field of education and childhood and developed a special rubric in the Web site (French/arabic version) for parents and children and a mailing-list rubric for parents (parental control tools, risks ..).

Press: We try to establish a close relationship with the press, being aware of the importance of the media for touching a broader population. We participate in the animation of weekly rubrics in several regional and national radio stations and we created a press-relations position in tunCERT(a journalist), which prepares and provides raw material to journalists and motivates papers on the subject.Short courses of awareness are also prepared with schools and associations of journalists.

is acting for the building of a task-force of trainers and for the creation of specialized diplomas in ICT Security, along with the encouragement of professionals for attending international certification.
To solve efficiently the problem of lack of specialized training in ICT security, the tunCERTorganize trainings for trainers, which will be in charge of reproducing those training courses at larger scale.
The first identified topics (trainees courses) are the following :
Network perimeter security technics (Secure architectures, Firewalls, IDS, secure dial-up servers, content gateways and proxies, ..) .
Internal Network security organization and technics (security policy development, security plan development, tools : Distributed firewalls, Anti-virus gateways, PKI, ..).
Secure application development and hosting technics
Information Survivability technologies (disaster recovery plans)
Technical basis for intrusion prevention ( identifying and preventing intrusions and security flaws).
Fundamentals of Incident Handling
Creating and Managing a Computer Security Incident Response Team
Methodologies of security self-assessment.
ISO 1 7799 and ISO 27000.
CBK course, for the preparation of the CISSP certification
Specialized courses for judicial and investigation staff
We also developed a certification training program for auditors from the private sector, which allows in case of success, the obtention of the national certification of security auditor, in addition, to training for administrators of e-gov systems, and as a motivation for the CISSP certification, trainings that cover all the chapters of the CBK.
tunCERTtries also to work with professional and academic institutions to develop curricula in information security and we have in project to launch a regional training center in ICT security, through a partnership with the private sector.
We are also preparing special trainings for judges, law enforcement staff and journalists.

Education

In collaboration with two academic institutions, the first Master degree in ICT security was launched in 2004 and now three publics universities and four private ones, propose master degree programs. To motivate student to attend those master courses, it was decided to offer them the possibility to postulate for the national certification of security auditor.
In another side, we think that all students should also be readily prepared, to gain appropriate knowledge about risks and the existence of best security practices and tools for protection. For that purpose, we started summer awareness sessions for new high schools teachers and we are motivating all education entities for the introduction of basic awareness courses inside academic programs, from high schools to university. tunCERTstarted the development of awareness material and programs for high schools.

Incident Handling and assistance

According to the law (article 10 of the law n° 2004-5, related to computer security), private and public corporations should inform the National Agency for Computer Security (tunCERT) about any incident, which may have impact on other national information system, with guarantee for confidentiality, according to Article 9 of the same law, which stipulates that the employees of the National Computer Security Agency and security auditors are liable, in case of infringement to confidentiality, to penal sanctions.
So private and public organizations should trust the tunCERT, since we are obliged, by law, to keep confidential their identities and the sensitive information provided. We are also trying to be neutral, which enables us to work with commercial entities and government agencies without bias.
A 24 hours/24 and 7day/week hotline was established. This hotline permits to professionals and also citizens to report and call for assistance in case of computer security incidents and also to request information and/or assistance in any trends related to ICT security.
An incident handling team was created and trained, to respond to any request of assistance. In parallel, we are encouraging the creation of corporate Incident handling teams inside sensitive and big infrastructures. For Home users, we have also launched a "Citizen assistance desk ", to which they can bring their PC in case of security problems or/and to install security and parental control tools, free for domestic use.
In our vulnerability and incident handling activities, we assign a higher priority to attacks and vulnerabilities that directly affect the national cyberspace.
In that trend we start developing a system (called "Saher") that enables us to assess and predict potential big threats to the sensitive telecommunication infrastructures and the local cyberspace.
This system is the major component of our ISAC system and is based on open-source tools. It permits to monitor the security of the national cyber-space in real time for the early detection of massive attacks.
The first prototype was deployed during the WSIS in November 2005. It consists of (open-source) agents deployed at the frontier of important corporate networks and at the level of ISP and access providers, permitting the gathering and centralized treatment of high volume of network data to identify any important malicious activity, related to mass attacks.
In order to insure a rapid and correct response in case of big attacks on our cyber-space, we have developed a global Reaction Plan ("Amen"), based on the establishment of coordinated crisis-cells at the level of the various actors of the national cyber-space( ISPs, IDCs, Access Providers, big corporate networks) with tunCER Tacting as a coordinator between them. This reaction plan was deployed and tested during mass worms attack and during big suspicious hacking activity and, proactively, during big events hosted by Tunisia.
Collaboration with associations
We regularly co-organize awareness workshops and training with associations and we try to rely on those associations for the induction of synergy between professionals and the various national actors.
We encouraged the creation of two associations, specialized in the field of ICT security. An academic association was launched in 2005 ("Tunisian Association for Numerical Security") and a more professional one during 2006 ("Tunisian Association of the Experts in Computer Security").
For the purpose of motivating technical add-on from those associations, we are motivating them for the creation of technical workgroups (self risk-assessments methodologies, open-source security tools)
International Collaboration
tunCERT has joined the FIRST as a full member in May 2007 and try to collaborate with other CSIRTs in developing measures to deal with large-scale or regional security incidents and share information and provides collaboration in investigations.
We also try to be active at the regional level (especially at the African level) and in international organizations and frameworks committed to security and to Improve links to international security groups.
We are trying to motivate international frameworks for the launch of regional collaborative actions. tunCERT is active inside ITU's "action Line C5" and is regularly invited to give presentations in workshops related to this action line.
tunCERTis committed to contribute with other CSIRTs, for sharing our modest experience (errors, success stories) and providing, as available in this step, assistance and logistic (hosting of trainees, awareness material, open-source training, ..) for the establishment of CSIRTs in developing countries and to participate in the setup of a regional CERT, which will help other regional countries, especially in the African region.