Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Similar documents
IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Regional Cyber security Forum for Africa and Arab States, Tunis, Tunisia 4 th -5 th June 2009

INTERNATIONAL TELECOMMUNICATION UNION

INTRODUCTION OVERVIEW ON CYBERCRIME

Cybersecurity for ALL

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Bradford J. Willke. 19 September 2007

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

BUILDING AND MAINTAINING SOC

Symantec Security Monitoring Services

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Building Global CSIRT Capabilities

Defining Computer Security Incident Response Teams

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

CERT.be Brussels 2011

CIRT: Requirements and implementation

Stakeholders Analysis

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

The Case for National CSIRTs

Implementation Strategy for Cybersecurity Workshop ITU 2016

ITU-IMPACT. Regional Cybersecurity Forum - CLMV

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Continuous protection to reduce risk and maintain production availability

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Grid-CERT Services. Modification of traditional and additional new CERT Services for Grids

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

locuz.com SOC Services

BHConsulting. Your trusted cybersecurity partner

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Enabling Security Controls, Supporting Business Results

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

DHS Cybersecurity: Services for State and Local Officials. February 2017

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

Protecting organisations from the ever evolving Cyber Threat

Proactive Security Monitoring From Security watch to the independent SOC organization. November 22 nd 2012, Marek Deml

BHConsulting. Your trusted cybersecurity partner

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

Digital Health Cyber Security Centre

Port Facility Cyber Security

Best Practices in Public Information Management in Sri Lanka. Presented by Nimal Athukorala D.C. Dissanayake

An overview of the CERT/CC and CSIRT Community

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

How AlienVault ICS SIEM Supports Compliance with CFATS

Security

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Strategic and operational threat analysis at Europol's EC3

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

Security and resilience in Information Society: the European approach

Nebraska CERT Conference

OAS Cybersecurity Capacity Building Efforts

Water Information Sharing and Analysis Center

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Vulnerability Management. June Risk Advisory

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Directive on Security of Network and Information Systems

Track 1 // Collaboration & Partnerships

Securing Your Digital Transformation

Cyber Security. Building and assuring defence in depth

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

CIRCULAR. CIR/MRD/CSC/148/2018 December 07, 2018

Electric Sector Security & Privacy Plans for 2011

Centre for cybersecurity Belgium : Role, Missions et future capacities

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Global Security Consulting Services, compliancy and risk asessment services

A practical guide to IT security

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Commissioner Ian Dyson SRO, National Enabling Programmes IMORCC

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RESOLUTION 130 (REV. BUSAN, 2014)

CYBER RESILIENCE & INCIDENT RESPONSE

Cyber Security Technologies

Information Security Controls Policy

Strategic threat advisory services

Cyber Security Stress Test SUMMARY REPORT

CORPORATE PRESENTATION

CSIRT SERVICES. Service Categories

The Resilient Incident Response Platform

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Gujarat Forensic Sciences University

Your Trusted Partner in Europe European Business Reliance Centre

Transcription:

Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

IMPACT Service offerings Global Response Centre CIRT Lite

Need for GRC Access to the right information at the right time Too many sources of information Information is duplicated across various information sources Very few security incident feeds are customised for a country or region No effective collaboration channels Any single country is vulnerable against a well co-ordinated international cyber attack There is a significant pool of untapped expertise within the security industry and the academia

What does the GRC offer? Syndicate information from various trusted sources to enable effective remediation of security incidents Automate the process of collecting, monitoring, selecting, retrieving, tagging, cataloging, visualising and disseminating data on security incidents Collaborate with member Governments agencies, members of academia, members of the security industry and trusted experts to provide resolution to security incidents Operate a 24x7 Response Centre

Global Response Centre - Components The GRC s Network Early Warning System (NEWS) seeks to assist member countries in the early identification of cyber-threats and to provide guidance on the necessary remedial measures. Current partners for the GRC include Symantec Corporation, Kaspersky Labs, F-Secure, Trend Micro, Microsoft, SANS Institute among others.

Global Response Centre - Components The GRC's Electronically Secure Collaborative Application Platform for Experts (ESCAPE). ESCAPE is a unique framework that enables authorised cyber experts across different countries to pool resources and remotely collaborate with each other in a secure and trusted environment. ESCAPE enables the GRC to act as a one-stop coordination centre for countries in times during emergencies, allowing for swift identification and sharing of available resources across borders.

GRC Features Definition Early Warning System Expertise Finder IMPACT Community Remediation Facility Malware Threat Analyzer Trend Libraries Global Visualization of Threats Visualization of Threats by Countries Incident & Case Management Trend Monitoring & Analysis Knowledgebase Reporting IMPACT Honeynet Video Broadcasting Threat Route Plotter Resolution Finder Remote GRC Integration Real-time Information mashup from various sources Facilitates Expert Knowledge Exchange Network and Real-time communication Social Networking Facility for IMPACT members Research and Development Lab Malware Submission Facility - Automated Threat Analysis System Trend Archive Global Security Health Check. Global Threat Map Threats by Countries Case Management and Incident Escalation (Cross-CERT compliant) Trend Dynamic Data Analysis and Assessment Libraries of Security Documents and Information Executive and Technical Report Generation Facility IMPACT Integrated Honeynet Framework Video broadcasting of emergency news from IMPACT Security Threat Trails Map Resolution to Security Threats Country based GRC integration with IMPACT

Information sources for NEWS SANS Secunia Arbor Kaspersky Networks SRI-MTC F-Secure Trend Micro SOPHOS 7

IMPACT in Action IMPACT 2008

IMPACT in Action IMPACT 2008

IMPACT in Action IMPACT 2008

IMPACT 2008

Basic setup framework A framework is necessary for outlining the implementation plan as guiding principles, so that the basic infrastructure and services are put in place in order to operationalise the national CIRT. Below are the components proposed for the national CIRT Technical Solution Organisation structure and manpower planning Policies/procedures Training for CIRT staff

IMPACT CIRT setup stages

Technical components of CIRT Lite Optional: - IMPACT Local Honeypot Deployment

IMPACT s CIRT-Lite Architecture CIRT Lite

Technical components Incident Management Internal ticket handling and tracking for CIRTs Role based workflows for ticket handling Processing of vulnerability and incident information Incident tracking Advisories Authoring and publishing system for advisories Databases for vulnerability information and artifacts

Technical components Mailing list solution for : Technical Cyber Security Alerts Cyber Security Bulletins Cyber Security Alerts Cyber Security Tips Current Activity Public Portal Content Management System to manage the CIRT s web presence IMPACT ESCAPE and NEWS integration to CIRT-Lite Optional: IMPACT local HoneyNet deployment

Incident and Advisory management

Incident and Advisory Management

Incident and Advisory Management The IDMEF - Intrusion Detection Message Exchange Format console

CIRT-Lite - Mailing List Mailing List Portal

CIRT-Lite - Mailing List

CIRT-Lite Public Portal examples

Organisation Structure Head of National CIRT Security Analyst I Security Analyst II * Public Relations/ Legal (Optional) *Public Relations/Legal Optionally expertise and budgets permitting the CIRT can also look at additional resource for Public Relations/Legal

Policies and Procedures Policies are governing principles adopted by CIRTs. In Phase 1, IMPACT will help put the following policies in place:

CIRT STAFF TRAINING Training will include:

Implementation Phases An integrated plan for the national CIRT setup is divided in 3 phases: Phase 1: (CIRT Lite) Basic infrastructure and services to include; Reactive services: Incident response & handling, alerts & warnings Proactive services: Announcements Phase 2: Enhanced services to include: Reactive services: Vulnerability analysis and handling Proactive services: Technology watch Security quality management: Training and awareness Phase 3: Advanced CIRT services Proactive services: Security audits & assessments Reactive service: Forensics analysis Security quality management services: Risk Analysis, Security Consulting

Implementation Phases (Cont )

Solution delivery Three (3) people/representative selected by each member s country will attend a regional workshop for five days During the Workshop representatives will be provided with necessary technical knowledge and hardware required in implementing CIRT at their own country Representatives will then set up the CIRT in their country IMPACT will assist member s country in configuring hardware and customising the process while setting up the CIRT

E-mail : anuj.singh@impact-alliance.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback