Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Similar documents
National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Bradford J. Willke. 19 September 2007

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

Defining Computer Security Incident Response Teams

Stakeholders Analysis

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

About Issues in Building the National Strategy for Cybersecurity in Vietnam

An overview of the CERT/CC and CSIRT Community

The Case for National CSIRTs

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Strategic Security Analyst

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Panel 1 National CSIRT Experience

Global Security Advisor

Cyber Security Strategy

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

ITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Implementation Strategy for Cybersecurity Workshop ITU 2016

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Security Director - VisionFund International

Provisional Translation

Cybersecurity and Vulnerability Assessment

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

OAS Cybersecurity Capacity Building Efforts

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Forensics and Active Protection

ISAO SO Product Outline

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Itu regional workshop

NIS-Directive and Smart Grids

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Cyber Security Technologies

POSITION DESCRIPTION

Cyber Resilience. Think18. Felicity March IBM Corporation

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

The NIST Cybersecurity Framework

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Gujarat Forensic Sciences University

Cyber Security & Homeland Security:

ITU Regional Cybersecurity Forum for Asia-Pacific

RESOLUTION 130 (Rev. Antalya, 2006)

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

National Policy and Guiding Principles

2nd ENISA Workshop German CERT-Activities. 5 th October, 2006 Brussels

SC27 WG4 Mission. Security controls and services

Directive on security of network and information systems (NIS): State of Play

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Nebraska CERT Conference

Incident Response Services

Cyber Security in Europe

Global cybersecurity and international standards

COMPUTER EMERGENCY RESPONSE TEAM (CERT) INTRODUCTION

Information Sharing and Cooperation

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

CYBER RESILIENCE & INCIDENT RESPONSE

BUILDING AND MAINTAINING SOC

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

Member of the County or municipal emergency management organization

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

RESOLUTION 130 (REV. BUSAN, 2014)

Information Security and Cyber Security

Cybersecurity Overview

Cyber Security Program

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Statement for the Record

EU policy on Network and Information Security & Critical Information Infrastructures Protection

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Cybersecurity, safety and resilience - Airline perspective

HPH SCC CYBERSECURITY WORKING GROUP

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

BHConsulting. Your trusted cybersecurity partner

Cybersecurity for ALL

ENISA s Position on the NIS Directive

CSIRT SERVICES. Service Categories

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Office of Infrastructure Protection

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

The latest version of this profile can be found on the location specified in 1.3

Directive on Security of Network and Information Systems

Dr Jarrah AlZubi MDG+ Technical Advisor

Cybersecurity Package

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Digital Health Cyber Security Centre

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

Information Security Controls Policy

PROJECT RESULTS Summary

Water Information Sharing and Analysis Center

Transcription:

Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT

2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert assistance and support to improve information security in Qatar and the region.

3 Q-CERT will: provide accurate and timely information about current and emerging cyber threats and vulnerabilities respond to significant threats and vulnerabilities in critical infrastructures by conducting and coordinating activities needed to resolve the threats serve as a central, trusted partner in security incident reporting and analysis promote and facilitate the adoption of standards, processes, methods, and tools that are most effective at mitigating the evolving risks provide unbiased information and training to build the management and technical skills needed for organizations to effectively manage their cyber risk

4 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training Tailored workshops based on needs analysis Public workshops based on recognized needs Outreach to region

5 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training Tailored workshops based on needs analysis Public workshops based on recognized needs Outreach to region Critical Infrastructure Protection Assist key national resources in addressing information security vulnerabilities and threats Assist in creating an Information Security management framework Develop and provide approaches for risk assessments and risk mitigation

6 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training Tailored workshops based on needs analysis Public workshops based on recognized needs Outreach to region Critical Infrastructure Protection Assist key national resources in addressing information security vulnerabilities and threats Assist in creating an Information Security management framework Develop and provide approaches for risk assessments and risk mitigation Incident Management Establish a national and regional center for threat, vulnerability, and security event data. Establish and operate mechanisms for responding to cyber threats and vulnerabilities Assist law enforcement and other responders organizations.

7 Q-CERT Potential Range of Activities

8 Q-CERT Constituency - National Q-CERT Qatar Constituents General Public Government Industry

9 Q-CERT Constituency - Regional Q-CERT Qatar Constituents General Public Government KSA Industry Oman Regional Security Teams Bahrain UAE Kuwait

10 Q-CERT Constituency - Global Q-CERT Qatar Constituents General Public Government KSA Industry Oman Regional Security Teams Bahrain UAE Kuwait Global Law Enforcement Global Security Teams

11 Incident Management Mission The mission of Q-CERT Incident Management is to enable our constituents to reduce the risk to their information (processed on computers and networks), through timely and effective provision of advice about threats and vulnerabilities and in response to incidents (where a compromise of information has occurred).

12 Components of Risk Asset RISK Threat Vulnerability

13 Incident Management Activities WATCH AND WARNING (WAW) Mission.The mission of WAW is proactive to reduce the risk of compromise of constituent information by timely, accurate and relevant advance, guidance or best practice information to the constituent about vulnerabilities and threats to their information and networks.

14 WATCH AND WARNING (WAW) ACTIVITIES Vulnerabilities Role identifies critical vulnerabilities relevant to Qatar and Region and disseminates to CSOs (primary) and citizens (secondary) Generates vulnerability reports from all available existing vulnerability information. Scours websites for best practice including Middle East North Africa (MENA) sites. Arabic capability. Generates vulnerability reports primarily by email but also via e.g. SMS/website to mailing lists for focused output to constituents

15 WATCH AND WARNING (WAW) ACTIVITIES Threats Role identifies serious generic and specific threats to Qatar CSO and Region and informs selected recipients. Looks at open-source threat information Scours websites / hacker-sites / chatrooms Links to SSB Arabic capability Generates threat reports to tailored community. Runs honeynet / analyses data Disseminates reports/briefings

16 WATCH AND WARNING (WAW) ACTIVITIES Netflow analysis Role analyses packet traffic across national gateways to determine specific threats to nation and informs selected recipients Analyses IDS data Analyses Net SA data Disseminates reports/briefings to selected recipients

17 Incident Management Activities INCIDENT RESPONSE AND INVESTIGATIONS (IRI) Mission.The mission of IRI is a reactive response to reduce the risk of further compromise of constituent information by responding promptly to an incident and providing timely, accurate and relevant advance, guidance or best practice information to the constituent and to follow up incidents through investigation, analysis and reporting..

18 INCIDENT RESPONSE AND INVESTIGATIONS (IRI) Role to provide an incident response capability to enable Qatari and Regional CSOs to reduce their risk following a compromise. Provides 24 x 7 cover for immediate incident response Triage Hotline / website / email etc. Site visits for investigation Artifact collection Artifact analysis / forensics Constituent / law enforcement / global liaison Investigation including technical / procedural and forensic Briefings and report writing.

19 Incident Management Activities Incident and Crisis management coordination co-ordination of localized incidents and major crises across sectors and between regional CERTs.

20 Specialist Lab Services Vulnerability Assessment Malware Analysis Open Source Threat Analysis Vulnerability Analysis Computer Forensics Honeypot Analysis Network Flow Analysis

21 IM Organisation

22 Cyber Security Network The Cyber Security Network has been created to bring together the Critical Sector Organisations in Qatar and the region, to better understand their information security requirements and to enable Q-CERT to focus its output to meet them.

23 Cyber Security Network Q-CERT can help CSO s to reduce the risk to their critical information. Q-CERT works with other security teams world-wide to maintain awareness of global trends and respond to international threats. Q-CERT provides a range of services. Q-CERT can help organizations improve their internal first responder practices.

24 Cyber Security Network Joining the program: Non-Disclosure Agreement (NDA) Establish formal points of contact. Orientation briefings Ongoing training Long-term Critical Infrastructure Protection (CIP) program

25 ITU - Incident Management Capabilities Develop a national cyberspace security response system to prevent, predict, detect, respond to, and recover from cyber incidents. Watch, Warning, Response & Recovery Develop a national cyberspace incident management program in coordination with the intelligence and law enforcement communities. Participate in watch, warning, and incident response information sharing mechanisms.

26 ITU National Computer Security Incident Response Team Capabilities Identify or Establish a National Computer Security Incident Response Team (N- CSIRT) Ensure N-CSIRT Coordination with Industry Establish Points of Contact with N-CSIRT Participate in International Cooperative and Information Sharing Activities Develop N-CSIRT Tools and Procedures Develop N-CSIRT Capability to Respond and Recover Promote Responsible Disclosure Practices Promoting a National Culture of Cybersecurity

27 Incident Management Points of Contact Report Incidents by: Website (using proforma): www.qcert.org Email: incidents@qcert.org Phone: +974 493 3408 Incident Manager Ian M Dowdeswell imd@qcert.org Fax: +974 483 9953

28 Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback