The "An Improved Framework for Incident Handling" paper proposes a foundation for the overall security management at Computer Emergency Response Team (CERT), Mauritius. An Enhanced Framework for Incident Handling was approved by the Cabinet in October 2004. The paper on which the "Enhanced Framework for Incident Handling" is based has not been subject to review in Mauritius as it is not publicly available.
The "An Improved Framework for Incident Handling" paper discusses mostly about an Internet Traffic Monitoring Framework. There is a tabular comparison of the various security incident handling methods. The paper states that all its recommendations have been devised in the Mauritian context without elaborating on the "Mauritian context". The paper proposes a Coordination Center to manage the Framework as it may provide information and assistance in implementing proactive measures for incident handling and risk mitigation.
The paper recommends using the following metrics for traffic analysis and monitoring: Availability, Routes, Packet delay, Packet reordering, Packet loss, Packet inter-arrival jitters, Bandwidth measurements (capacity and achievable throughputs). The paper cites a document about "Active Network Performance Measurement and Estimation" published in 2006 to support its recommended metrics. The document is no longer available. Active monitoring in that document has been described as being about transmitting probes into the network to collect measurements between at least two endpoints in the network. The security incidents being reported by the Internet Traffic Monitoring Framework for Mauritius in 2010 and 2011 were: Spam, Compromised Account, Phishing, DoS Attacks, Harassment, Intruder and Malware.
The paper classifies security vulnerability in three main categories: policy vulnerability, technological vulnerability, and configuration vulnerability. Identification of these security vulnerabilities are part of ensuring that the proposed framework has a "well-defined risk management procedure".
According to the paper there is a provision to manage cyber disasters; it includes a Disaster Recovery Plan and a Business Continuity Plan. As future work, the paper suggests that the Internet Traffic Monitoring Framework can be integrated with National Disaster Management Authority.
It is not clear whether the paper is about an improved framework for incident handling or an internet traffic monitoring framework. It is not possible to use the metrics recommended in the paper to identify the security incidents reported by the Internet Traffic Monitoring Framework for Mauritius. If the Enhanced Framework for Incident Handling has been implemented the results are far from convincing. The govmu.org domain name issues highlights the shortcomings of the disaster recovery plan for a matter which affects Mauritius. It is surprising that there has not been any public consultation on a framework which is relevant to the internet in Mauritius.
.1. "An Improved Framework for Incident Handling" Information Security Journal: A Global Perspective, Volume 22 Issue 1, 2013
2. An Enhanced Framework for Incident Handling, Usmani K., November 2014