Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Similar documents
RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

ITU Regional Cybersecurity Forum for Asia-Pacific

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Strategic and operational threat analysis at Europol's EC3

AIL Framework for Analysis of Information Leaks From a CSIRT use-case towards a generic analysis open source software

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Centre for cybersecurity Belgium : Role, Missions et future capacities

Dan Lobb CRISC Lisa Gable CISM Katie Friebus

Cyber Security Development. Ghana in Perspective

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Medical Device Vulnerability Management

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

The Scenes of Cyber Crime

Cyber Partnership Blueprint: An Outline

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

Legal Foundation and Enforcement: Promoting Cybersecurity

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

Provisional Translation

Criminal Justice Statistics on Cybercrime & Electronic Evidence

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

MELANI: Information exchange a story of success

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Directive on security of network and information systems (NIS): State of Play

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

The Impact of Cybersecurity, Data Privacy and Social Media

The Case for National CSIRTs

Business continuity management and cyber resiliency

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

An overview of the CERT/CC and CSIRT Community

Monthly Cyber Threat Briefing

Chapter X Security Performance Metrics

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

locuz.com SOC Services

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Managed Security Services - Endpoint Managed Security on Cloud

Defining Computer Security Incident Response Teams

CIRT: Requirements and implementation

Defensible Security DefSec 101

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

ISE Cyber Security UCITS Index (HUR)

Cyber Security in Europe

Cybersecurity is a Team Sport

California Cybersecurity Integration Center (Cal-CSIC)

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

Statement for the Record

Next Steps for WHOIS Accuracy Global Domains Division. ICANN June 2015

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

Stakeholders Analysis

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

Cybersecurity in Higher Ed

Incident Response Services

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Cybersecurity: Incident Response Short

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Securing Europe's Information Society

Co-operation against cybercrime CSIRTs LE private sector

AfricaCERT Workshop on CSIRTs in NRENs

National Communications Authority

Itu regional workshop

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Cyber Intel within European Cybercrime Center Ops

Department of Homeland Security Updates

DHS Cybersecurity: Services for State and Local Officials. February 2017

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Dr. Herbert Gustav Yankson GLACY+ Ghana National Team (Member)

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Medical Device Cybersecurity: FDA Perspective

Maintaining Trust: Visa Inc. Payment Security Strategy

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Cyber Resilience - Protecting your Business 1

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

Systemic Analyser in Network Threats

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

Jeff Wilbur VP Marketing Iconix

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Defending Our Digital Density.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Bradford J. Willke. 19 September 2007

Italian government CERT: INITIAL RESULTS

Getting Security Operations Right with TTP0

Cyber Security & Homeland Security:

Microsoft Security Management

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Global cybersecurity and international standards

Transcription:

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence Accra, Ghana 29-31 March 2016 By Eric Akumiah Member, GLACY+ National Team Member

Agenda CERT-GH Collection of Statistics Processing Statistics Reporting and Analysis Challenges Conclusion 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 2

CERT-GH Charter & Mission CERT-GH provides information and assistance to its constituents in implementing proactive measures to reduce the risks of computer security incidents. 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 3

Functions of CERT-GH Provide a single point of contact for reporting security incidents Assists the organizational constituency and general computing community in preventing and the handling of computer security incidents Shares information and lessons learnt with other response teams Collaborate with law enforcement agencies and local authority bodies

Services of CERT-GH Incident Triage Incident Coordination Incident Resolution Proactive Activities. Determining whether an incident is authentic. Determine the involved organizations. Advice local security teams on appropriate actions. CERT-GH tries to raise security awareness in its constituency. Assessing and prioritizing the incident. Contact the involved organizations to investigate the incident and take the appropriate steps. Follow up on the progress of the concerned local security teams. Collect contact information of local security teams. Facilitate contact to other parties which can help resolve the incident. Ask for reports. Publish announcements concerning serious security threats. Send reports to other CERTs Report back. Observe current trends in technology and distribute relevant knowledge to the constituency. CERT-GH will also collect statistics about incidents within its constituency. Provide results for community building and information exchange within the constituency. 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 5

Services of CERT-GH Cont d Proactive Services (80%) Reactive Services (20%) Preventing criminal from Exploiting software vulnerabilities to attack systems Coordinate Incident handling with constituents for cyber Attacks Receive real-time (+24hrs) feed from International probes on issues on Ghana networks Prepare Alerts and Advisories to network operators on how to keep networks clean Provide to network operators latest updates from Original Equipment Manufacturers (OEM) and software manufacturers on latest updates Newsletter to inform Government Website defacements Malware attacks (e.g. Ransomware attacks) 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 6

Collection of Statistics Phone & Email Webform 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 7

Other Forms of Collection Receive Intelligent feed from International Cyber Monitoring Servers and probes on Ghana Receive Direct request from other National CERTs US-CERT Canada CERT Australia AfricaCERT CERT/CC 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 8

Processing Statistics All incidents received inputted into the Incident Request Handling Systems Ticketing System to track case from start to end Systems categorize request Reports generated from Systems on demand CERT-GH has automated feed from international probes (Cyber Risk and attacks) Reports generation Daily Report Weekly Report Monthly Report Designated period desired (Quarterly, Annual etc) 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 9

RTIR Ticketing Systems 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 10

CERT-GH Automated Feed Platform 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 11

Reporting & Analysis 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 12

Axis Title Threat Landscape : Ghana National Networks 2015 Ghana National Network Attacks and Vulnerabilities 200000 180000 160000 140000 120000 100000 80000 60000 40000 20000 0 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV Botnet Infections 49960 43395 36370 65151 57481 54126 46162 62828 58478 86172 48394 Website Defacements 162 140 184 121 236 46 59 8 31 44 178 SSL Breaches 449 71852 178822 72403 38389 28246 29874 41117 38613 33246 37182 DNS Open Resolver Vulnerabilities 10950 10587 7575 10026 12882 10516 11662 12475 16236 29008 27778 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 13

Axis Title Threat Landscape : Government Networks 2015 Ghana Government Network Attacks & Vulnerabilities 400 350 300 250 200 150 100 50 0 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV Botnet Infections 370 336 305 182 218 22 45 13 18 25 45 DNS Open Resolver Vulnerabilties 125 81 63 56 103 92 108 155 126 126 131 SSL Breaches 0 0 71 171 221 120 143 101 92 77 81 Compromised Websites 11 1 0 0 0 0 1 0 0 0 1 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 14

450000 Early Warning on Ghana Networks 400000 350000 300000 250000 200000 150000 100000 50000 0 1 Ghana Chargen Reports DNS Open Resolver IPMI Memcached Mongodb Mssql NAT_PMP Netbios NTP Version NTPmonitor Poodle Qotd Redis SNMP SSDP SSL Freak 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 15

Uses of Statistics Indication of Ghana s Cyber hygiene Inform Policy decision 2015 Annual report informed organization of National Cyber Awareness week with capacity building on incident handling Provides good bases on how National Cyber security Strategy can be implemented. What type of national Awareness for what stakeholder? What must Network operators focus on? Information Sharing for improved cybersecurity 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 16

Challenges Lack of visibility of the CERT-GH reporting mechanism on Portal Lack of response from constituencies when Alerts and advisorirees are sent to them 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 17

Information Sharing: Ghana Cybersecurity Information exchange Platform(GCIXP) CERT-GH has platform for incident handling Create a multi-stakeholder joint ownership Enable and support other interest groups to create similar Early Warning Alert Reporting Platform (EWARP) e.g. SCADA, Cybercrime, Academic & Financial Sector etc Attempt to expand platform for sharing security Information Membership of partnership required to create new EWARP Agreement to share info embedded in Terms of use Data Protection assured 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 18

31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 19

Conclusion Awareness creation for CERT-GH incident reporting mechanism will improve cybersecurity in Ghana and minimize incident of cybercrime. Government can use statistics reported in CERT-GH to inform public policy on cybersecurity. Public private collaboration can improve sharing of cyber intelligence to improve cybersecurity 31/03/2017...CERT-GH, Sharing Information for enhance Cyber security 20

Thank you? team@cert-gh.org www.cert-gh.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback