Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Similar presentations


Presentation on theme: "1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The."— Presentation transcript:

1 1 CREATING AND MANAGING CERT

2 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf

3 3 Introduction Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new "e" product and each new intruder tool.

4 4 Introduction Most organizations realize that there is no one solution or panacea for securing systems and data; instead a multi-layered security strategy is required. One of the layers that many organizations are including in their strategy today is the creation of a Computer Security Incident Response Team, generally called a CSIRT.

5 5 Motivation Motivators driving the establishment of CERT: –A general increase in the number of computer security incidents being reported. –Organizations on the need for security policies and practices as part of their overall risk-management strategies. –New laws and regulations. –System and network administrators alone cannot protect organizational systems and assets –Prepared plan and strategy is required

6 6 What is a CERT? An organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents.

7 7 Process versus Technology Incident handling is not just the application of technology to resolve computer security events –It is the development of a plan of action. –It is the establishment of processes for Notification and communication Collaboration and coordination Analysis and response

8 8 Benefits of CERT Reactive –Focused response effort –More rapid and standardized response –Stable cadre of staff with incident handling expertise, combined with functional business knowledge. –Coordination with others in security community.

9 9 Benefits of CERT Proactive : –- Enabler of organizational business goals. –- Value-added services to business processes. –- Input into product development cycle or network operations. –- Assistance in performing vulnerability assessments and development of security policies.

10 10 What Does a CERT Do? In general CERT –Provides a single point of contact for reporting local problems –Assists the organizational constituency and general computing community in preventing and handling computer security incidents –Shares information and lessons learned with other response teams and other appropriate organizations and sites

11 11 General Categories of CERT Internal CERT –Educational –Governmental –Commercial Coordination Centers –Country –State –Region Analysis Centers Vendor Incident response provider

12 12 Stages of CERT Development Stage 1Educating the organization Stage 2Planning effort Stage 3Initial implementation Stage 4Operational phase Stage 5Peer collaboration

13 13 Creating an Effective CERT To be effective, a CERT requires four basic elements –An operational framework –A service and policy framework –A quality assurance framework –The capability to adapt to a changing environment and changing threat profiles

14 14 Implementation Recommendations Get Management buy-in and organizational consensus Match goals to parent or constituent organizational policies and business goals Select CERT development project team. Communicate throughout the process Start small and grow Use what exists, if appropriate. (Re-use is good.)

15 15 Implementation Steps: Get approval and support from management Identify who will need to be involved Have an announcement sent out by management Select a project team Collect information –Research what other organizations are doing –Identify existing processes and workflows –Interview key stakeholders and participants

16 16 Implementation Steps With input from stakeholders determine –CERT mission CERT range and levels of service CERT reporting structure, authority and organizational model Identify interactions with key parts of the constituency Define roles and responsibilities for interactions –Create a plan based on the vision or framework. –Obtain feedback on the plan –Build CERT –Announce CERT –Get feedback

17 17 Common Problems Failure to –Include all involved parties –Achieve consensus –Develop and overall vision and framework –Outline and document policies and procedures Organizational battles Taking on too many services Unrealistic expectations or perceptions Lack of time staff, and funding

18 18 Think Big Start Small Scale Fast !!!!!!!!!!!!

19 19


Download ppt "1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The."

Similar presentations


Ads by Google