Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Emergency Response Team

Published byἸοκάστη Σπανός Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Emergency Response Team"— Presentation transcript:

1 Computer Emergency Response Team
CERT Computer Emergency Response Team Mubashir Sargana

2 OUTLINE CYBER SECURITY CONCEPT OF CERT ACRONYMS HISTORY OF CERT
CERTs IN THE WORLD CERT TYPES CERT SERVICES CERT FRAMEWORK ORGANIZATIONAL MODEL CERT: to do list STEPS FOR CREATING A CERT

3 CYBER SECURITY CIA

4 CYBER SECURITY Risk Management Approach Security is a Process
Risk = Threats + Vulnerabilities Known & Unknown Priorities & Strategies Approach Awareness and Capacity Building Technical Capabilities Security is a Process Up-to-date & Well Aware Preparedness & Readiness

5 CONCEPT OF CERT A Cybersecurity incident is a violation or imminent threat of violation of cyber security policies, acceptable use policies, or standard security practices. Examples: An attacker commands a botnet to send high volumes of connection requests to a web server, causing it to crash. Users are tricked into opening a “quarterly report” sent via that is actually malware; running the tool has infected their computers and established connections with an external host. An attacker obtains sensitive data and threatens that the details will be released publicly if the organization does not pay a designated sum of money. (Source: NIST SP800-61Incident Handling Guide)

6 CONCEPT OF CERT A CERT is an organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents.

7 ACRONYMS Various acronyms and titles have been given to CERT organizations over the years. These titles include CSIRT - Computer Security Incident Response Team CSIRC - Computer Security Incident Response Capability or Center CIRC - Computer Incident Response Capability or Center CIRT - Computer Incident Response Team IHT - Incident Handling Team IRC - Incident Response Center or Incident Response Capability IRT - Incident Response Team SERT - Security Emergency Response Team SIRT - Security Incident Response Team

8 HISTORY OF CERT Brain -The first computer virus was created in 1986 by two brothers from Pakistan. They just wanted to prevent their customers of making illegal software copies.

9 HISTORY OF CERT Morris is accompanied by his mother, after a day of jury selection in his trial on charges of infiltrating a nationwide computer network in Nov. 1988

10 HISTORY OF CERT Robert Tappan Morris then student at Cornell University launched on November 2, from MIT the first and fast self-replicating computer worms via the Internet. Crippled almost 10% (6000) of the computer connected to the Internet in Nov 1988.

11 CERTs IN THE WORLD

12 OUR NATIONAL CERT

13 CERT TYPES There could be some of the following types of CERTs:
Regional CERT National CERT GovCERT Military CERT § Police CERT Finance CERT Health CERT Academic CERT ISP CERT Industry CERT

14 CERT SERVICES

15 CERT FRAMEWORK Constituency Mission Funding and Cost CERT Authority
CERT Organizational Placement Policy and procedures Models and Legal Basis of Cooperation

16 ORGANIZATIONAL MODELS
Security Team Internal Distributed CERT Internal Centralized CERT Combined Distributed & Centralized CERT Coordinating CERT

17 CERT: to do list Identify Stakeholders and participants
Obtain management support and sponsorship Develop a CERT project plan Gather Information Identify the CERT Constituency Defined the CERT mission Secure funding for CERT operations Decide on the range and level of services the CERT will offer Determine the CERT reporting structure, authority and organizational model

18 CERT: to do list Identify required resources such as staff equipment and infrastructure Define interaction and interfaces Define roles responsibilities and the corresponding authority Document the workflow Develop policies and corresponding procedures Create and implementation plan and solicit feedback Announce the CERT when it becomes operational Define methods for evaluating the performance of the CERT Have a backup plan for every element of the CERT BE FLEXIBL

19 STEPS FOR CREATING A CERT
Steps for Creating a CSIRT Stage 1 – Educate stakeholders about the development of CERT Stage 2 – Plan the CERT Stage 3 – Implement the CERT Stage 4 – Operate the CERT Stage 5 – Collaboration

20 Your Role?

21

22 WWW. Mubashir.pk

Download ppt "Computer Emergency Response Team"

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Computer Emergency Response Teams

Computer Emergency Response Teams
Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.

Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.
IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.

IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Building Capabilities for Incident Handling and Response

Building Capabilities for Incident Handling and Response
A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
1. 2 The Public Health Agency of Canada Pandemic Influenza Preparedness: An Overview Dr. Paul Gully Deputy Chief Public Health Officer Ottawa, 19 January.

1. 2 The Public Health Agency of Canada Pandemic Influenza Preparedness: An Overview Dr. Paul Gully Deputy Chief Public Health Officer Ottawa, 19 January.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google