1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Slides:

Advertisements

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Advertisements

DISASTER PLANNING: Do it Before Disaster Strikes Community Issues Satellite Workshops Department of Commerce & Economic Opportunity.

The Greening of North Carolina Network NCSU IES: GNCN:

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Building Capabilities for Incident Handling and Response

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

Dr. Julian Lo Consulting Director ITIL v3 Expert

Security Controls – What Works

IT Strategic Planning Project – Hamilton Campus FY2005.

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

4 4 By: A. Shukr, M. Alnouri. Many new project managers have trouble looking at the “big picture” and want to focus on too many details. Project managers.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.

Allen Hepner Senior Planning & Performance Manager September 22, 2011

NGAC Interagency Data Sharing and Collaboration Spotlight Session: Best Practices and Lessons Learned Robert F. Austin, PhD, GISP Washington, DC March.

Solution Overview for NIPDEC- CDAP July 15, 2005.

WHAT IS “CLASS”? A BRIEF ORIENTATION TO THE CLASS METHODOLOGY.

Use of OCAN in Crisis Intervention Webinar October, 2014.

Methods in Implementing an Effective CQI Program in a Social Services Setting Mid-Cumberland Community Services Agency Nashville, Tennessee Shirley Crawford,

From Evidence to Action: Addressing Challenges to Knowledge Translation in RHAs The Need to Know Team Meeting May 30, 2005.

2014 E DUCATIONAL T ECHNOLOGY P LAN P ROJECT K ICKOFF.

Learner-Ready Teachers  More specifically, learner-ready teachers have deep knowledge of their content and how to teach it;  they understand the differing.

1 Implementing Computer Applications in Counseling James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson, Jr. All rights reserved.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

1 What is CPI and what can it do for California Communities?

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Resources to Support Training Programs for CSIRTs.

Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Community Assessment Process WHY?? To identify and document the opportunities, challenges, strengths, and needs of a specific geographic community and.

GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.

European Broadband Portal Phase II Application of the Blueprint for “bottom-up” broadband initiatives.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

A National approach to Cyber security/CIIP: Raising awareness.

One Voice – One Plan Office of Education Improvement and Innovation MI-CSI: Gather Stage Get Ready.

ITIL Overview 1 Configuration Management Working Group February 8, 2011.

Evaluation Highlights from Pilot Phase July 2005 – June 2007 Prepared for Leadership Team Meeting January 11, 2008.

Georgia Institute of Technology CS 4320 Fall 2003.

Community Board Orientation 6- Community Board Orientation 6-1.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

1 Conservation and Development Network A Smithsonian Institution and the World Bank collaborative effort within the Global Tiger Initiative Smithsonian.

Mountains and Plains Child Welfare Implementation Center Maria Scannapieco, Ph.D. Professor & Director Center for Child Welfare UTA SSW National Resource.

EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Planning for School Implementation. Choice Programs Requires both district and school level coordination roles The district office establishes guidelines,

ICANN Strategic Initiatives for Security, Stability and Resiliency - DNS CERT Posted for Public Comment at 1.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

DEVELOPMENT OF UNIFORM CONTRACTING AND PROCUREMENT POLICIES  Procurement Reform Task Force Recommendation #7  Approach  Key Initiatives  “Go Forward”

Continual Service Improvement Methods & Techniques.

Principles of Information System Security: Text and Cases

Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Tools for Mainstreaming Disaster Risk Reduction: Guidance Notes for Development Organisations Charlotte Benson and John Twigg Presented by Margaret Arnold.

A Framework for Evaluating Coalitions Engaged in Collaboration ADRC National Meeting October 2, 2008 Glenn M. Landers.

CHILDREN OF PRISONERS PARTNERSHIP What is the Children of Prisoners (CP) Partnership? The CP Partnership is a funding project between PFI and selected.

Building Global CSIRT Capabilities Barbara Laswell, Ph. D

Ian Bird GDB Meeting CERN 9 September 2003

ServiceNow Implementation Knowledge Management

Capacity Building for HMIS Leads

Computer Emergency Response Team

Presentation transcript:

1 CREATING AND MANAGING CERT

2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf

3 Introduction Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new "e" product and each new intruder tool.

4 Introduction Most organizations realize that there is no one solution or panacea for securing systems and data; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is the creation of a Computer Security Incident Response Team, generally called a CSIRT.

5 Motivation Motivators driving the establishment of CERT: –A general increase in the number of computer security incidents being reported. –Organizations on the need for security policies and practices as part of their overall risk-management strategies. –New laws and regulations. –System and network administrators alone cannot protect organizational systems and assets –Prepared plan and strategy is required

6 What is a CERT? An organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents.

7 Process versus Technology Incident handling is not just the application of technology to resolve computer security events –It is the development of a plan of action. –It is the establishment of processes for Notification and communication Collaboration and coordination Analysis and response

8 Benefits of CERT Reactive –Focused response effort –More rapid and standardized response –Stable cadre of staff with incident handling expertise, combined with functional business knowledge. –Coordination with others in security community.

9 Benefits of CERT Proactive : –- Enabler of organizational business goals. –- Value-added services to business processes. –- Input into product development cycle or network operations. –- Assistance in performing vulnerability assessments and development of security policies.

10 What Does a CERT Do? In general CERT –Provides a single point of contact for reporting local problems –Assists the organizational constituency and general computing community in preventing and handling computer security incidents –Shares information and lessons learned with other response teams and other appropriate organizations and sites

11 General Categories of CERT Internal CERT –Educational –Governmental –Commercial Coordination Centers –Country –State –Region Analysis Centers Vendor Incident response provider

12 Stages of CERT Development Stage 1Educating the organization Stage 2Planning effort Stage 3Initial implementation Stage 4Operational phase Stage 5Peer collaboration

13 Creating an Effective CERT To be effective, a CERT requires four basic elements –An operational framework –A service and policy framework –A quality assurance framework –The capability to adapt to a changing environment and changing threat profiles

14 Implementation Recommendations Get Management buy-in and organizational consensus Match goals to parent or constituent organizational policies and business goals Select CERT development project team. Communicate throughout the process Start small and grow Use what exists, if appropriate. (Re-use is good.)

15 Implementation Steps: Get approval and support from management Identify who will need to be involved Have an announcement sent out by management Select a project team Collect information –Research what other organizations are doing –Identify existing processes and workflows –Interview key stakeholders and participants

16 Implementation Steps With input from stakeholders determine –CERT mission CERT range and levels of service CERT reporting structure, authority and organizational model Identify interactions with key parts of the constituency Define roles and responsibilities for interactions –Create a plan based on the vision or framework. –Obtain feedback on the plan –Build CERT –Announce CERT –Get feedback

17 Common Problems Failure to –Include all involved parties –Achieve consensus –Develop and overall vision and framework –Outline and document policies and procedures Organizational battles Taking on too many services Unrealistic expectations or perceptions Lack of time staff, and funding

18 Think Big Start Small Scale Fast !!!!!!!!!!!!

19