CIRT: Requirements and implementation

Similar documents
CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Defining Computer Security Incident Response Teams

The GenCyber Program. By Chris Ralph

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Nebraska CERT Conference

Stakeholders Analysis

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

An overview of the CERT/CC and CSIRT Community

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

The Case for National CSIRTs

Creating the Enterprise CSIRT: Building the ecrime Response Platform

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Creating and Managing Computer Security Incident Response Teams (CSIRTs)

Implementing a National Strategy : the case of the Tunisian CERT

CSIRT SERVICES. Service Categories

Computer Security Trend 2008 from Japan. SQL Injection, DNS cache poisoning, Phishing, Key logger Malware and Targeted Attacks

Steps for Creating National CSIRTs

Itu regional workshop

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Cyber Criminal Methods & Prevention Techniques. By

locuz.com SOC Services

Cybersecurity: Incident Response Short

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

The ESA Cyber Range in Redu: Why it is important for ESA, EDA and all of us

CERT.be Brussels 2011

Provisional Translation

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Todd Sander Vice President, Research e.republic Inc.

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

THE RISE OF GLOBAL THREAT INTELLIGENCE

Statement for the Record

COMPUTER EMERGENCY RESPONSE TEAM (CERT) INTRODUCTION

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

CA Security Management

CCISO Blueprint v1. EC-Council

Compliance: How to Manage (Lame) Audit Recommendations

A Practical Approach to Implement a Risk Based ISMS

DHS Cybersecurity: Services for State and Local Officials. February 2017

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Thailand Initiatives and Challenges in Cyber Terrorism

INDONESIA S PERSPECTIVE ON CYBER TERRORISM

Building Global CSIRT Capabilities

Preventing Insider Sabotage: Lessons Learned From Actual Attacks

OAS Cybersecurity Capacity Building Efforts

ASREN Arab States Research and Education Network

Cybersecurity Strategy of the Republic of Cyprus

Panel 1 National CSIRT Experience

Italian government CERT: INITIAL RESULTS

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

6.6 INCIDENT RESPONSE MANAGEMENT SERVICES (INRS) (L )

A Framework for Managing Crime and Fraud

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Building a Resilient Security Posture for Effective Breach Prevention

Chapter 12. Information Security Management

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Cybersecurity for ALL

Control Systems Cyber Security Awareness

Cyber Security Program

Cyber Security Technologies

ANATOMY OF AN ATTACK!

RESOLUTION 130 (REV. BUSAN, 2014)

Technology Risk Management and Information Security A Practical Workshop

Department of Management Services REQUEST FOR INFORMATION

Position Title: IT Security Specialist

NETWORK THREATS DEMAN

Incident Response Initiatives in Brazil

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

2. INTRUDER DETECTION SYSTEMS

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Denial of Service Protection Standardize Defense or Loose the War

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Chapter 4. Network Security. Part I

Caribbean Cyber Security: Not Only Government s Responsibility

The U.S. Cybersecurity Information Sharing Act of 2015: Joel Benge Risk Evangelist Emergent Network Defense

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Co-operation against cybercrime CSIRTs LE private sector

Election Infrastructure Security: The How and Why of It

The Office of Infrastructure Protection

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

align security instill confidence

Transcription:

CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016

There is no globally accepted definition of what a National CSIRT is, but for sure a national CSIRT is a security team with a national responsibilities; Its community normally include: Critical infrastructure - Government bodies Other CSIRTs within the country - General public There exist various abbreviations for this entity like: CERT (Computer Emergency Response Team) CSIRT (Computer Security Incident Response Team) IRT (Incident Response Team) CIRT (Computer Incident Response Team) SERT (Security Emergency Response Team)

Is to be the main focal point in the country(provide Communication Channel ); Watch and Worn service (announcements & alerts & warning); Capacity Building (training, conference, workshop, drills, ); Incident classification and reporting standards. Harmonization of legal frame work for information sharing and international Incident handling

Government Critical infrastructure /operators Law enforcement agencies Intelligence agencies ISPs Academia and researchers Anti-virus, Software & Hardware vendors Regional and international organizations International Peers Other CSIRTs within the country

A lot of misconfigured or outdated OSs, vulnerabilities in software, unpatched systems; Lack of security awareness by individual users; Steady increase in number of incidents; Growing dependency on the Internet; Easy connectivity to the Internet;

What are the basic requirements for establishing a CSIRT? What type of CSIRT will be needed? What type of services should be offered? How big should the CSIRT be? Where should the CSIRT be located in the organization? How much will it cost to implement a team? Are we ready to have one? What are the initial steps to follow to create a CSIRT? How much time does it take to implement CSIRT? And more.

Awareness and Education Planning Implementation Operation

the decisions that must be made, the role the CSIRT will play (e.g., as a national focal point for incident reporting and response), and the key issues that are likely to be faced (management and staffing, developing trusted communications and coordination, effective processes, etc.) What is this all about? Why do we need CSIRT? What is involved in establishing CSIRT? What decisions have to be made?

Laws, Regulations, and Other Policies Core Services Best Practices Funding Strategies Technology and NW Understand Motivators What is Involved People to be Involved Key Resources Mission Objectives - Expectations

CSIRT Mission Determine Main Items For National CSIRT Serve Whom?? What Services to Start by?? Organizational Model Where?? CSIRT Location Staff skills and knowledge Equipment - Network Budget and funding proposals National (government) approval Incident management processes Project Plan (Road Map) Roles and responsibilities Methods for building trusted relationships

Getting the funds Announcing broadly that a national CSIRT is being created and how to get more information Implementing the secure information systems Developing operational policies and procedures Implementing processes for the national CSIRT s interactions with its partener Identifying and hiring (or reassigning) personnel, Obtaining appropriate training for the CSIRT staff.

Ensure the national CSIRT has a basic incident management capability in place. So the team is actively receiving incident reports and coordinating responses to incidents. The national CSIRT has a vision with a framework that defines the mission, goals and objectives, structure, authority, funding, resources, and infrastructure to support and sustain the team. Policies and procedures have been developed and implemented.

Collaborate with all parties (inside) Participate in data and information sharing activities Participate in global watch and warning functions Cooperate with international entities (initiatives) You need partners Regional communities Peer CSIRTs Coordinate local efforts Work with community (ethical hackers, academia)

Failure To: Include all parties Reflect all items in Stages I and II Taking too many services Unrealistic expectations or perceptions Lack of time, staff and fund

Over the years CSIRTs extended their capacities from being a reaction force to a complete security service provider, including preventative services such as alerts, security advisories, training and security management services.

Personal Skills Communication skills (oral and written) Diplomacy Ability to follow policies and procedures Ability to work as a contributing member of a team Knowing one s limits Ability to cope with stress Problem solving Time management Attention to detail

Technical Skills Security principles Security vulnerabilities, weaknesses and risks Physical security Internet/computer attacks (Smurf, POD, IPsweep, etc) Understanding and identifying intruder techniques Cryptography issues, algorithms, and tools Malicious code (e.g. viruses, worms, Trojan horses) Internet Network protocols (IP, TCP, ICMP, etc.) Domain Name System (DNS) Network services and applications Defensive security measures Basic programming skills

CATEGORY EXAMPLE OF INCIDENT PRIORITY RESPONSE TIME Denial Of Service Attacks HIGH Damage Of critical Systems Red 24Hours Web server compromised (Defacement) Hack Threat MEDIUM LOW Internet Worm System Intrusion Data Loss Harassment, Fraud Root kit Activity Vulnerability Exploit Scan Spamming/Mail bomb Virus Phishing Sniff Orange Yellow 3 days 1 Week

No need to start from Zer0 Start small and grow (Brazil)(Tunisia) Best time is Now Others also need a CSIRT You may start coordinating only Mutaz.ishag (at) ntc.gov.sd Mutaz.ishag (at) cert.sd

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback