Download presentation
Presentation is loading. Please wait.
1
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE
2
2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf
3
3 CERT Main Services 1.Alerting 2.Reporting 3 Examples: AusCERT CERT-CC GOVCERT.NL
4
4 Alerting Services: Purpose of the alerting Service: –AusCERT: To provide timely early warning advice to the Australian public about computer network threats and vulnerabilities which could compromise confidentiality, integrity of availability
5
5 Alerting Services: Purpose of the alerting Service: –CERT-CC: To provide information on critical incidents and vulnerabilities to system and network administrators around the globe and to other CSIRT teams.
6
6 Alerting Services: Purpose of the alerting Service: –GOVCERT.NL: To create an independent and free alerting service for IT security related incidents aimed at Dutch home users and small companies (up to 10 PCs)
7
7 Sponsors of the alerting service: AusCERT: The Australian Commonwealth Government. CERT-CC: The U.S. government and industry. GOVCERT.NL: The ministry of economic affairs in the Netherlands.
8
8 Alerting Services Target Groups of the alerting service: –AusCERT: The target group is Australian individuals and small to medium Enterprises (SMEs). –CERT-CC: System and network administrators, technology managers, other CSIRT teams around the world. –GOVCERT.NL: Target Group of the service is Dutch home users and small enterprises (up to 10 PC’s)
9
9 Reporting Services What is a Reporting service: –A system to collect, process and analyze computer security incident reports and share sanitized aggregate reporting to appropriate audience.
10
10 Reporting Services Purpose of the reporting service: –AusCERT: To provide a source of “current” data about malicious network activity which, when collated and analyzed can provide meaningful intelligence about: –Computer network attack trends, malicious network attack activity, threats and vulnerabilities, To provide reporting groups (and others if appropriate) access to sanitized aggregate reporting to : –Promote the use of appropriate mitigation strategies –Raise awareness of computer security issue –Keep them up to date with changing or emerging threat activity and trends –Give them access to computer network attack data beyond their own networks (which they would not otherwise obtain) –Provide value-added assessment of aggregate data trends and activity to encourage their continued reporting
11
11 Reporting Services Purpose of the reporting service: –GOVCERT.NL: Improving the quality of GOVCERT.NL’s output by acting as an extra CERT-Source Generating trends analysis of IT related security incidents for stakeholders Central reporting and monitoring point for (relevant) IT related security incidents
12
12 How to set up an alerting and reporting services? (GOVCERT.NL) –Operational CERT: Center of operations Technical expertise Information process up & running –Technical Systems: Web Server Content management system Mailing list software –Organization (project team): Project and office management Technical, communication, legal, information analysis
13
13 How to set up an alerting and reporting services? –Legal: Develop General terms & conditions Develop privacy policy and disclaimers Take position in Market regulation issues Develop Contracts and Service level agreements –Communication and PR: Organize Content-production and editing Determine your media mix for alerts Organize Co-writing of alerts for website, e-mail and SMS Organize public campaign management –Internal Processes: Revise your information and operational processes Establish escalation procedures for public warning.
14
14
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.