We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJoshua Clark
Modified about 1 year ago
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training and Education Center Sponsored by the U.S. Department of Defense August 7, 2003 CERT ® Centers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213
© 2003 Carnegie Mellon University slide 2 What is a CSIRT? An organization or team within a defined constituency that provides services and support for preventing and responding to computer security incidents.
© 2003 Carnegie Mellon University slide 3 The Old “Net”
© 2003 Carnegie Mellon University slide 4 Early History* *Timeframe: Approximate number of hosts: 60,000K
© 2003 Carnegie Mellon University slide 5 Initial Formation of Teams FIRST Founding Members* Air Force Computer Emergency Response Team (AFCERT) CERT Coordination Center Defense Communication Agency/Defense Data Network Department of Army Response Team Computer Incident Advisory Capability (CIAC) Goddard Space Flight Center NASA Ames Research Center NASA Space Physics Analysis Network (SPAN CERT) Naval Computer Incident Response Team (NAVCIRT) National Institute of Standards and Technology Computer Security Resource and Response Center (CSRC) SPAN-France *Timeframe: Number of DNS advertised hosts: 340K
© 2003 Carnegie Mellon University slide 6 Source: The New “Net”
© 2003 Carnegie Mellon University slide 7 Attack Sophistication vs. Required Intruder Knowledge
© 2003 Carnegie Mellon University slide 8 Growth in Number of Incidents Reported to CERT/CC
© 2003 Carnegie Mellon University slide 9 Growth in Number of Vulnerabilities Reported to CERT/CC
© 2003 Carnegie Mellon University slide 10 Impact on CSIRTs Today’s dynamic environment means less time for CSIRTs to react. Therefore, teams require a method for quick notification established and understood policies and procedures automation of incident handling tasks methods to collaborate and share information with others easy and efficient way to sort through all incoming information
© 2003 Carnegie Mellon University slide 11 Current Situation Many organizations do not have a formalized incident response capability. There is a shortage of effective CSIRTs and trained staff to respond to current and emerging computer security threats. A growing number of organizations are being mandated or required by laws/regulations to have an incident response plan in place proactively seeking to implement a CSIRT as a part of their information security program.
© 2003 Carnegie Mellon University slide 12 Number of Known Teams* *Timeframe: Number of DNS advertised hosts: billion. Note: These are teams we know about, there are many more teams that exist.
© 2003 Carnegie Mellon University slide 13 Growth in CSIRTs by Region
© 2003 Carnegie Mellon University slide 14 Geographic Dispersion
© 2003 Carnegie Mellon University slide 15 Where Do You Start?
© 2003 Carnegie Mellon University slide 16 Stages of CSIRT Development Stage 1Educating the organization Stage 2Planning effort Stage 3Initial implementation Stage 4Operational phase Stage 5Peer collaboration Stage 2 Planning Stage 4 Operation Stage 3 Implementation Stage 5 Collaboration Stage 1 Education Expert Novice
© 2003 Carnegie Mellon University slide 17 CSIRT Related Projects A sample of current CSIRT projects include State of the Practice of CSIRTs IETF Incident Handling Working Group (INCH WG) and Intrusion Detection Working Group (IDWG) Automated Incident Reporting (AirCERT) Incident Detection, Analysis, and Response (IDAR) Project Clearing House for Incident Handling Tools (CHIHT) Common Advisory Interchange Format (CAIF) Best Practices Documents (RFC 3227, 2350)
© 2003 Carnegie Mellon University slide 18 Current CSIRT Discussion Topics Legal issues and impacts Automation and standardization of CSIRT tools Data sharing and collaboration Certification for incident handlers and teams Regionalization efforts
© 2003 Carnegie Mellon University slide 19 AirCERT Components include: sensor(s) and site database(s) at a participating organization - a set of defined attack signatures - a central database at the CERT/CC - a mechanism for the transmission of data between sensors and the site database between the site and central databases communication protocols - sensor-to-site database - site database-to-central database
© 2003 Carnegie Mellon University slide 20 Benefits of AirCERT For participants: collect information on activity within their organizations receive aggregated feedback from the CERT/CC use defined methods of collecting and sharing incident information* For the Internet community: receive and collate data in near real-time provide timely information about attacks faster release of new attack signatures provide structured and statistically significant data *IETF, Intrusion Detection Message Exchange Requirements
© 2003 Carnegie Mellon University slide 21 For More Information CSIRT Development Team CERT ® Training and Education Center CERT® Centers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA USA +1 (412)
Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
ICT Environment: Internet Architecture, Growth, Governance and Security Overview EACO ICT Conference on Broadband Access for All.
A Survey on Languages, Enumerations and Other Tools used for Security Information Communication and Sharing LACNIC XI - Salvador May 28th, 2008 Presented.
Project of Establishment of Agricultural Information Centre in Three Governorates of Iraq Food and Agriculture Organization of the United Nations An Overview.
The U.S. Department of Transportation and the Next Generation Jenny Hansen, Contractor – NG9-1-1 Project Coordinator USDOT/NHTSA.
Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
Mobilizing the Community Unit 5 A Guide to Strengthen the Capacity of Promotoras.
Principles of Information Security, 3rd Edition 2 Explain what contingency planning is and how incident response planning, disaster recovery planning,
Case Study One UN ICT Infrastructure Mozambique ToT Common Services and Harmonized Business Practices, New York 14 – 17 September 2010.
Future Of OASIS Conference March 29, 2005 Future of OASIS Conference Related Industry Initiatives NAESB - Robert Harshbarger OASIS IA Task Force and ESS.
A Knowledge Innovation TM Project Proposal for Egypts Negotiating Body Making Negotiation a National Duty 26 June 2005, RITSEC.
CPAS Workshop / Chapel Hill, North Carolina March 4, 2008 Mike Brewer 1, Tim Owen 2, Roger Pulwarty 3, and Mark Svoboda 4 1. NOAAs National Weather Service,
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
Actions From Yesterday ~ Ideas For Tomorrow Join Together Project Accomplishment and Goal Statements Advisory Board Meeting 2/15/06.
1 of 13 Organization and Management Information Management in Your Organization IMARK Investing in Information for Development Organization and Management.
1 Standards Compliant? Give Me Your Data? What Community of Practice Do You Belong To? Now we know why cats dont like to be herded!
CIRT/CERT Baseline Capabilities Anuj Singh, Director – Global Response Centre Regional Arab Forum on Cybersecurity, Cairo, Egypt 19 th December 2011.
Query Health Pilots Sub-Work Group December 8, 2011.
European Standardization of Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein chairman of CEN/TC 251 convenor of ISO/TC.
Best Practices to Deploy a Successful Portal Carol Penne – International Monetary Fund Zach Wahl – Project Performance Corporation March 18, 2005 Portal.
Module 2: National IEA process design and organization.
GRID Security Workshop, 5-6 December 2002©The JNT Association, 2002 Computer Emergency Response Teams Andy Bone JANET-CERT Manager
Cybersecurity and eTrust in the ESCWA Region Matthew Perkins 19 December 2011.
Federal Aviation Administration NAS Enterprise Information System Security (NEISS) Vic Patel, FAA ICAP, ACP WG-I May 28 th – 30 th 1.
Incident Response Managing Security at Microsoft Published: April 2004.
Best Current Operational Practices – Efforts from the Internet Society Deploy360 – Internet Society.
How to Create an IT Security Program Tracy Mitrano Steve Schuster R. David Vernon Copyright Tracy Mitrano, Steven Schuster and David Vernon, This.
Management Information Systems, 4 th Edition 1 Chapter 10 Organizing Information Technology Resources.
© 2016 SlidePlayer.com Inc. All rights reserved.