1 © 1999, Cisco Systems, Inc. CRC-PSIRT Cisco PUBLIC Cisco Product Security Incident Response Product Security Incident Response Team

Slides:



Advertisements
Similar presentations
Identifying and Responding to Security Incidents in the Law Firm
Advertisements

Philippine Cybercrime Efforts
Computer Emergency Response Teams
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Security Controls – What Works
Chapter 7 HARDENING SERVERS.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)
Computer Security Fundamentals
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Network Security Monitoring By Bea Wilds CS Dec 06.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
 Southwest Florida Local Managed Services Company  Technicians throughout Florida, North Carolina, and New York  Knowledgeable Core Team  Certified.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
PCI: As complicated as it sounds? Gerry Lawrence CTO
Drive Customer Satisfaction. Cut Costs. Improve Efficiencies. Oracle i Support Chris Kirby Senior Sales Consultant Oracle.
The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
Introduction to Computer Ethics
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Lesson 4: Taking Perspectives on Cyberbullying THE CYBER BULLYING VIRUS
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Communications-Electronics Security Group. Excellence in Infosec.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Cybercrime What is it, what does it cost, & how is it regulated?
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.
Role Of Network IDS in Network Perimeter Defense.
26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
FBI Phoenix Computer Crime Squad SA Tom Liffiton 10/23/2003 Maricopa Association of Governments Telecommunications Advisory Group.
1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Add video notes to lecture
Fusion Center ITS security and Privacy Operations Joe Thomas
Cybersecurity - What’s Next? June 2017
Welcome to Cisco! Getting Started…
Security Standard: “reasonable security”
Systems Security Keywords Protecting Systems
Responding to Intrusions
Computer Security Fundamentals
Cybersecurity Policies & Procedures ICA
Call Now : ( Toll Free ) Call Now : ( Toll Free )
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Organisation Model Assistant Director: IT & Digital
AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele
Protective Security Advisor Program Brief
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Security week 1 Introductions Class website Syllabus review
Anatomy of a Common Cyber Attack
Public Safety Analytics Market Research Report By Forecast to 2023 Industry Survey, Growth, Competitive Landscape and Forecasts to 2023 PREPARED BY Market.
Penetration Testing Market Research Report By Forecast to 2023 Industry Survey, Growth, Competitive Landscape and Forecasts to 2023 PREPARED BY Market.
Presentation transcript:

1 © 1999, Cisco Systems, Inc. CRC-PSIRT Cisco PUBLIC Cisco Product Security Incident Response Product Security Incident Response Team

2 © 1999, Cisco Systems, Inc. CRC-PSIRT Cisco PUBLIC Product Security Incident Managers : Jim Duncan Lisa Napier Damir Rajnovic PSIRT Evangelist: Richard Aceves Serviceability Design Product Security Incident Managers : Jim Duncan Lisa Napier Damir Rajnovic PSIRT Evangelist: Richard Aceves Serviceability Design 2 © 1999, Cisco Systems, Inc. Network Security Response 101

3 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC About PSIRT The PSIRT covers ALL Cisco products! (Not just security products) Handle customer’s security incidents Our service is free of charge Liaison member of FIRST (Infosec is the full member) One of the several groups which deals with security (some of the others are: Infosec, SecurityConsulting, SNS, Consulting)

4 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Product Security Incident Manager Incident Manager is a member of the Escalation Team Responds to active attacks; mostly intrusions or denial-of-service (DoS) attacks Assists with computer and network forensics: analysis, packet traces, logs, second opinions Point-of-Contact for receiving and pursuing external reports of vulnerabilities in Cisco products Proactive work on new products and evaluation of existing ones

5 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC External Liaisons PSIRT members are active in US and EU area: FBI (EU) National Infrastructure Protection Center (US) Internet Crime Forum (UK) National Criminal Intelligence Service (UK) G8 Hi-Tech Crime Subcommittee Partnership for Critical Infrastructure Security (US)

6 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Who Qualifies for PSIRT Help? Cisco products likely to be involved, but not required No maintenance contract required Case will be send to PSIRT if customer specifically asks The same if caller is identified as law enforcement officer or member of an incident response team Otherwise the normal queue process applies

7 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Don’t Send This Stuff to PSIRT Proactive setup or general configuration questions Security policy or design questions Hypothetical questions Ordinary (non-security) bugs with Cisco products Lost enable passwords

8 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Confidentiality Confidentiality is even more important for security incidents than ordinary cases Information leaks can hurt the customer and Cisco Minimize discussion to maintain confidentiality

9 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Confidentiality (cont.) PSIRT uses its own tracking system which is separate from the rest of the company Only PSIRT members do have access to it Mailing list is closed with strictly controlled members Strict application of need-to-know rules for every information and issue which we are handling

10 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC Contacting PSIRT for non-emergency messages for emergencies (toll-free in North America) (elsewhere in the world) If no response, contact Incident Managers separately Fallback provided by PSIRT liaison members, Escalation Teams, and the TAC Manager on Duty

11 CRC-PSIRT © 1999, Cisco Systems, Inc. Cisco PUBLIC References PSIRT web page html Security Advisories and guides on CCO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.