Download presentation
Presentation is loading. Please wait.
Published byArlene Loraine Pitts Modified over 8 years ago
1
August 1999 e-mail: mfinley2@csc.com e-mail: mfinley2@csc.com Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation
2
Why do you need a CERT Security Breaches Employee access abuse Unauthorized access by outsiders Leak of proprietary data Theft/destruction of computing resources Viruses Access abuse by nonemployee authorized users
3
Building a response team Senior Management Support Right mix of people with right skill sets Intrusion-Detection Systems Work area Training SW/HW new technologies Funding
4
Building a response team Establish Policies and Procedures Have a Concept of Operations Internal / External Coordination Be Flexible Establish Trust Know your users/customers Know your limits
5
Building a response team Test your response procedures against critical business functions Do you have proper plans in place Personnel notification plan Disaster recovery plan Contingency plan Processing agreement plan
6
Typical CERT duties Monitor, audit, and test systems and networks for possible security problems Provide investigation, coordination, reporting, and follow up of network security incidents Test and install security infrastructure to tools Test and install patches and fixes for security vulnerabilities in vendor software Stay current on security technology Advocate corporate computer security policy
7
Incident response Determine the nature and scope of the incident Contact key management personnel Solve problem and get system back to normal operations Execute nontechnical actions Learn from the incident
8
Where can you go for help Incident response centers CERT coordination center (www.cert.org) Computer Incident Advisory Capability CIAC (www.ciac.llnl.gov) Forum of Incident Response and Security Teams FIRST (www.first.org)
9
Security Web Sites www.cs.purdue.edu/coast www.securityportal.com www.itpolicy.gsa.gov www.java.sun.com/security www.icsa.net www.ers.ibm.com
10
Security mailing list Best-of Security-request@cyber.com.au Cert-advisory-request@cert.org Coast security archive Coast-request@cs.purdue.edu The risk forum- majordomo@csl.sri.com Intrusion detection-majordomo@uow.edu NT Bugtraq- listserv.ntbugtraq.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.