Presentation is loading. Please wait.

Presentation is loading. Please wait.

CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army CIRC.

Published byTeresa Byrd Modified over 9 years ago

Similar presentations

Presentation on theme: "CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army CIRC."— Presentation transcript:

1 CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army Aneta.Coufalikova@army.cz www.circ.army.czwww.circ.army.cz, www.circ.acrwww.circ.acr CIRC Technical Centre

2 Basic information Experience and cooperation History Structure Information Portal CIRC Monitoring Technology Incident Desk Incident and Vulnerability Handling Content

3 Essential element The Ministry of Defense in cyber security Part of Communication and Information Systems Base Dislocated in Brno MAIN GOALS: Proactively identify security threats and incidents (monitoring) Analyses Rapid response Reporting among administrators of military ICT systems Share information and alerts with relevant partners in cyber defense field Security awareness Basic information

4 Participating in many exercises (ICDW, Cyber Coalition,etc.) and conferences (NIAS,CYTER, etc.) Cooperating with many other institutions in part of cyber defense field (NCIRC TC, Nebraska University, University of Defense in Brno, Masaryk University, etc.) Experience and cooperation

5 Established in 2007 as equivalent to NCIRC Technical Centre Reached basic capability in monitoring and analyzing events in military network Implemented IDS/IPS and NETFLOW sensors Starting professional web Portal CIRC to build security awareness Building up testing environment Running WSUS server for patch distribution in military networks Starting Incident desk for ticketing system History

6 StructureDirector CIRC Coordination Department Incident and Vulnerability Department Security Technologies Department Support

7 Security technology Cyber Security Management & Information Systems include: Information Portal CIRC (www.circ.acr), External Information Portal (www.circ.army.cz), Incident Desk, Secure shared storage, Link to SIEM (Security Information and event manager) Alerter, Central storage for collected data, Wiki. CSMIS

8 Information Portal CIRC Provides every day awareness of possible cyber dangers and threats Instruct users about security threats Allows to report the security incident Secure zone as a tool for communication between security network administrators and CIRC Technical Centre staff Knowledge base, Link to Incident desk, cyber defence instructions for IT specialists

9

10 Portal parts: Daily News (cyber security news) Security (security threats descriptions, security recommendetions, instructions, reports and statistics) Software (freeware tools for detecking and removing different kind of threats) Critical Security Paches (Microsoft, Adobe, browsers) Publications (CIRC Bulletins, materials from workshops, dictionary …) FAQ (the most frequent security topics) About us (departments introduction and contacts) WSUS, NTP Server (Network Time Protocol) Information Portal CIRC

11 Monitoring Technology Monitoring of Military networks Monitoring of data flows Evaluation events of IPS/IDS Processing logs of critical devices SIEM – Security Information and event manager Monitoring functionality of cyber security technologies Incident Desk

12 Monitoring Technology

13 Incident Desk Basic tool of incident handling Management system for ticketing Early warning system in case of cyber attack Information support for ICT administrators & supervisors Reports and statistics

14 Incident and Vulnerability Handling Cell of Watchkeepers Service 24/7 Detection Describing events in the tickets Basic analyze Cell of Analysts / Vulnerability Comprehensive analysis of events Technical support for Watchkeepers Determination of false positive Incident identification Recommendation escalate event to cyber security incident Cell of Coordination Escalation of events to security incident Classification of the incidents Cooperation in resolving the incident Incident Reporting Incident closure Detection Analysis and Recommendation Classification Resolving and Incident closure

15 Workflow SCIRC – Local Administrators Is LA available? LA User YesNo www.circ.acrwww.circ.acr, www.circ.army.cz www.circ.army.cz User is responsible for reporting every security offence including suspicion for possible incident to Local administrator In case of absence LA user reports via special form „Reporting of security incident“ on Portal CIRC (www.circ.acr or www.circ.army.cz), or use e-mails KOCIRC@sis.acr or CIRC-IHO@army.cz.www.circ.acrwww.circ.army.czKOCIRC@sis.acrCIRC-IHO@army.cz During nonworking hours user reports via e-mails operatorCIRCMO@sis.acr operatorCIRCMO@sis.acr or CIRC-WK@army.cz,CIRC-WK@army.cz

16 Aneta.Coufalikova@army.cz

Download ppt "CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army CIRC."

Similar presentations

Security and Protection of Information 2009 BUILDING CIRC CAPABILITIES IN THE CZECH ARMY 6/5 2009, BRNO IDET 2009 LtCol. Roman SEKANINA, Cpt. Milan DANĚK.

Security and Protection of Information 2009 BUILDING CIRC CAPABILITIES IN THE CZECH ARMY 6/5 2009, BRNO IDET 2009 LtCol. Roman SEKANINA, Cpt. Milan DANĚK.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Republic of Yemen Presidency of the Republic The National Information Center Start.

Republic of Yemen Presidency of the Republic The National Information Center Start.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI

Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Information and Communication Technologies in the field of general education in Armenia 2011 2011 NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.

Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.
FACULTY OF ELECTRICAL ENGINEERING DEPT. OF TELECOMMUNICATION ENGINEERING CZECH TECHNICAL UNIVERSITY IN PRAGUE ITU Centre of the Czech Technical.

FACULTY OF ELECTRICAL ENGINEERING DEPT. OF TELECOMMUNICATION ENGINEERING CZECH TECHNICAL UNIVERSITY IN PRAGUE ITU Centre of the Czech Technical.
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Similar presentations

Ads by Google