CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Similar documents
CSIRT SERVICES. Service Categories

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Defining Computer Security Incident Response Teams

CIRT: Requirements and implementation

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

The Case for National CSIRTs

Grid-CERT Services. Modification of traditional and additional new CERT Services for Grids

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

SECURITY & PRIVACY DOCUMENTATION

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Cyber security tips and self-assessment for business

Bradford J. Willke. 19 September 2007

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

CCISO Blueprint v1. EC-Council

Nebraska CERT Conference

Building Global CSIRT Capabilities

Information Security Controls Policy

A practical guide to IT security

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

An overview of the CERT/CC and CSIRT Community

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

Cyber Security Audit & Roadmap Business Process and

E-guide Getting your CISSP Certification

Cyber Security Technologies

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Monthly Cyber Threat Briefing

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

Information Security Management System

Security of Information Technology Resources IT-12

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

locuz.com SOC Services

Changing face of endpoint security

Directive on security of network and information systems (NIS): State of Play

Standard for Security of Information Technology Resources

Cyber Criminal Methods & Prevention Techniques. By

CompTIA Security+ Study Guide (SY0-501)

Critical Information Infrastructure Protection Law

Cybersecurity Auditing in an Unsecure World

CYBERSECURITY RISK LOWERING CHECKLIST

Cyber Security. Building and assuring defence in depth

DHS Cybersecurity: Services for State and Local Officials. February 2017

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

NEN The Education Network

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Certified Information Security Manager (CISM) Course Overview

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

Italian government CERT: INITIAL RESULTS

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Protecting your data. EY s approach to data privacy and information security

Education Network Security

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Carbon Black PCI Compliance Mapping Checklist

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Certified Ethical Hacker

DETAILED POLICY STATEMENT

Security analysis and assessment of threats in European signalling systems?

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Sage Data Security Services Directory

Cybersecurity: Incident Response Short

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

QuickBooks Online Security White Paper July 2017

Cyber Security Program

Position Description IT Auditor

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Massimo Nardone, TKK, S Security of Communication Protocols

Ensuring System Protection throughout the Operational Lifecycle

Advanced Security Tester Course Outline

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Incident Response Services

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

IMF IT-Incident Management and IT-Forensics

Security+ SY0-501 Study Guide Table of Contents

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

Emerging Issues: Cybersecurity. Directors College 2015

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Oracle Data Cloud ( ODC ) Inbound Security Policies

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Software Development & Education Center Security+ Certification

Cybersecurity The Evolving Landscape

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

2017 Annual Meeting of Members and Board of Directors Meeting

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

Cyber Security 2010 THE THREATS! THE FUTURE!

Information Governance, the Next Evolution of Privacy and Security

The State of the Hack. Kevin Mandia MANDIANT

Data Security Standards

Transcription:

Brmlab, hackerspace Prague Lightning talks, November 2016

in general

in general WTF is an?

in general WTF is an? Computer Security

in general WTF is an? Computer Security Incident Response

in general WTF is an? Computer Security Incident Response Team ()

in general WTF is an? Computer Security Incident Response Team () Computer Emergency

in general WTF is an? Computer Security Incident Response Team () Computer Emergency Response

in general WTF is an? Computer Security Incident Response Team () Computer Emergency Response Team (CERT)

in general WTF is an? Computer Security Incident Response Team () Computer Emergency Response Team (CERT) Hackerspaces and s are both organizations that are focused on computer security, so they can benefit from each other.

in general types listed(136) accredited (121) certified (17) The Trusted Introducer maintains the European database of s. www.trusted-introducer.org/directory/teams.html

in general Who needs an

in general Constituency types (Nov 2016) Research and Education (68) Government (60) Commercial Organisation (58) Service Provider Customer Base (40) ISP Customer Base (37) Financial Sector (33) National (32) Military (13) CIIP (13) Vendor Customer Base (11) Non-Commercial Organisation (9) Law Enforcement (3)

Service Categories

Categories Service Categories Reactive services Proactive services Security quality management services

Categories Service Categories Reactive services Triggered by an event or request, such as a report of a compromised host, widespread malicious code, SW vulnerability, or something identified by an IDS or logging system. Proactive services Security quality management services

Categories Service Categories Reactive services Triggered by an event or request, such as a report of a compromised host, widespread malicious code, SW vulnerability, or something identified by an IDS or logging system. Proactive services assistance and information to help prepare, protect, and secure constituent systems in anticipation of attacks, problems, or events. Security quality management services

Categories Service Categories Reactive services Triggered by an event or request, such as a report of a compromised host, widespread malicious code, SW vulnerability, or something identified by an IDS or logging system. Proactive services assistance and information to help prepare, protect, and secure constituent systems in anticipation of attacks, problems, or events. Security quality management services IT audit, or training, identify risks, threats, and system weaknesses

Reactive Services

Reactive Services Reactive Services respond to requests for assistance, reports of incidents from the constituency any threats or attacks against systems. Some services may be initiated by third-party notification or by viewing monitoring or IDS logs and alerts.

Reactive Services Reactive Services 1 Alerts and Warnings 3 Vulnerability Handling 2 Incident Handling 4 Artifact Handling

Reactive Services Reactive Services 1 Alerts and Warnings 2 Incident Handling Incident analysis Incident response on site Incident response support Incident response coordination 3 Vulnerability Handling Vulnerability analysis Vulnerability response Vulnerability response coordination 4 Artifact Handling Artifact analysis Artifact response Artifact response coordination

Reactive Services Reactive.1 - Alerts and Warnings Short-term recommendation for dealing with the resulting problem. The alert, warning, or advisory as a reaction to: intruder attack security vulnerability intrusion alert computer virus hoax

Reactive Services Reactive.2 - Incident Handling? The only prerequisite Providing an incident handling service is the only prerequisite to being considered a. That means responding to requests and reports, and analyzing incidents and events. Incident analysis - info, scope, damage, forensic evidence, tracking source Incident response on site Incident response support - assists and guides the victim(s) of the attack (phone, email, fax, documentation) Incident response coordination

Reactive Services Reactive.3 - Vulnerability Handling Receiving information about HW and SW vulnerabilities, analyzing vulnerabilities, developing response for detecting and repairing the vulnerabilities.

Reactive Services Reactive.3 - Vulnerability Handling Receiving information about HW and SW vulnerabilities, analyzing vulnerabilities, developing response for detecting and repairing the vulnerabilities. Vulnerability analysis - technical analysis of HW and SW vulnerabilities. Source code review, debugging, reproducing problem on a test system. Vulnerability response - determining the appropriate response, patches, fixes, and workarounds. Vulnerability response coordination - N/A

Reactive Services Reactive.4 - Artifact Handling Artifact analysis - review of an objects found on a system involved in probing or attacking systems/networks. i.e viruses, trojans, worms, exploit scripts and toolkits. Artifact response - develop response strategies to detect, remove and defend Artifact response coordination

Proactive services

Proactive Services improve the infrastructure and security processes of the constituency

Proactive Services 1 Announcements 2 Technology Watch 3 Security Audits or Assessments 5 Development of Security Tools 6 Intrusion Detection Services 4 Configuration and Maintenance of Security Tools, Applications, and Infrastructures 7 Security-Related Information Dissemination

Proactive services Proactive.1 - Announcements Intrusion alerts vulnerability warnings security advisories. Such announcements inform constituents about new developments with medium- to long-term impact, such as newly found vulnerabilities or intruder tools.

Proactive services Proactive.2 - Technology Watch This service involves reading security mailing lists, web sites, news and journal articles in the fields of science, technology, politics, and government. monitors new technical developments, intruder activities, and related trends to help identify FUTURE THREATS. can be OPTIONALLY expanded to include legal and legislative rulings, social or political threats, and emerging technologies. The outcome of this service might be some type of announcement, guidelines, or recommendations focused at more medium- to long-term security issues.

Proactive services Proactive.3 - Security Audits or Assessments Review and analysis of an organization s security infrastructure, security practices, based on the requirements defined by the organization or industry standards. Infrastructure review Best practice review Scanning Penetration testing

Proactive services Proactive.4 - Configuration and Maintenance of Security Tools, Applications, and Infrastructures Configuration updates and maintenance of security tools and services. IDS, network scanning or monitoring systems, filters, wrappers, firewalls, VPNs, or authentication mechanisms configure and maintain servers, desktops, laptops, personal digital assistants (PDAs), and other wireless devices according to security guidelines.

Proactive services Proactive.5 - Development of Security Tools developing security patches, secured SW distributions, tools or scripts that extend existing security tools, network scanners, scripts, or automated patch distribution mechanisms.

Proactive services Proactive.6 - Intrusion Detection Services review existing IDS logs, analyze and initiate a response

Proactive services Proactive.7 - Security-Related Information Dissemination provides comprehensive and easy-to-find collection of useful information that aids in improving security.

Security Quality Management Services

Security Quality Management Services Security Quality Management Services lessons learned

Security Quality Management Services Security Quality Management Services lessons learned from reactive and proactive services

Security Quality Management Services Security Quality Management Services lessons learned from reactive and proactive services turned into security quality management process

Security Quality Management Services Security Quality Management Services lessons learned from reactive and proactive services turned into security quality management process can improve the long-term security efforts in organizations.

Security Quality Management Services Security Quality Management Services 1 Risk analysis 2 Business Continuity and Disaster Recovery Planning 3 Security Consulting 4 Awareness Building 5 Education/Training 6 Product Evaluation or Certification

Security Quality Management Services Security Quality Management Services.1 -Risk analysis Conduct or assist with risk analysis for new systems and business processes.

Security Quality Management Services Security Quality Management Services.2 - Business Continuity and Disaster Recovery Planning involved in business continuity and disaster recovery planning for events related to threats and attacks.

Security Quality Management Services Security Quality Management Services.3 - Security Consulting provide advice and guidance.. best security practices to implement for business operations. developing organizational security policies. legislative

Security Quality Management Services Security Quality Management Services.4 - Awareness Building developing articles, posters, newsletters, web, etc that explain security best practices and provide advice. may also include meetings and seminars to keep constituents up to date.

Security Quality Management Services Security Quality Management Services.5 - Education/Training seminars, workshops, courses, and tutorials

Security Quality Management Services Security Quality Management Services.5 - Education/Training seminars, workshops, courses, and tutorials on topics: incident reporting guidelines appropriate response methods incident response tools incident prevention methods other info to protect, detect, report, and respond to computer security incidents.

Security Quality Management Services Security Quality Management Services.6 - Product Evaluation or Certification Product evaluations on tools, applications, or other services to ensure the security of the products

Security Quality Management Services HowTo create an Need to define: Constituency - to whom services are provided Contacts - email, ML, GnuPG, etc Services and teams - what offers and who does that Register

Volunteers? Volunteers?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback