We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDevin Lancaster
Modified over 2 years ago
© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)
© 2004 APCERT Introduction APCERT (Asia Pacific Computer Emergency Response Team) is a coalition of the forum of CSIRTs (Computer Security Incident Response Teams). The organization was established to encourage and support the activity of CSIRTs in the Asia Pacific region.
© 2004 APCERT Membership The geographical boundary of APCERT activity is the same as that of APNIC. It comprises 62 economies in the Asia and Pacific region. 2 levels of membership Full membership General membership POC Scheme Membership opens to all CSIRTs being existing in AP region Current members: 15 teams from 12 economies
© 2004 APCERT 2003 Activities Representation to other Regional and International Bodies TF-CSIRT EGC FIRST APEC-TEL APNIC
© 2004 APCERT 2003 Events APSIRC 2003 Was held in conjunction with APRICOT conference, hosted by TWCERT/CC and TWSIRC in Taipei APSIRC 2004 Was held in conjunction with APRICOT conference, hosted by MyCERT in KL APCERT Information Day Organized in conjunction with the FIRST Technical Colloquium (TC) and hosted by JPCERT/CC in Tokyo APSIRC 2005 Will be holding in conjunction with APRICOT conference, will be hosted by JPCERT/CC in Kyoto, Japan, February Official face to face meeting with FIRST SC and APCERT SC FIRST conference 2005 in Singapore!!!
© 2004 APCERT Outcomes 2003
© 2004 APCERT APCERT membership Accreditation Scheme Accreditation scheme was accepted by the APCERT members at APSIRC 2004 Malaysia meeting. APCERT Member Requirements APCERT Application Form SC and Sponsors Check List Team Mission Criteria 1. Teams must do Incident Response or Security Research within Asia Pacific Area (APNIC boundary) 2. Teams must make a contribution to security community in Asia Pacific region.
© 2004 APCERT Application Process (1) General member: 1.Submit an application form to secretariat 2.Secretariat send an application to SC 3.SC member review the application form for a week and if no objection - acceptance (2) Full member: 1.Submit an application form to secretariat 2.Secretariat send an application to SC 3.SC votes for the general member 4.Candidate decide to upgrade the membership 5.Candidate submit an application form to secretariat 6.Candidate or SC assign a sponsor team from the full members for the candidate 7.Candidate goes though Sponsor Process to upgrade the membership 8.SC member vote for the Full member after the process – 2/3 majority
© 2004 APCERT Special Properties of Accreditation for the Full membership Check Items for a Sponsor and SC (for vote) 1. Relevance of organizations services to the security field i.e. Services such as IRT, Security Consulting, Security Research i.e. Staff skill-set requirements for each service [ ] Check all the items of service and skill-set on the application form to insure the APCERT requirements. 2. Contribution to the APCERT community/Expectation of the applicant team - What is the teams Focus, Mission, number of Resources. - Expectation of ROI from joining APCERT [ ] Check all the items of Mission statement of the application form to insure the APCERT requirements. [ ] Check the teams track record i.e. to see how many times does the team attends conferences? i.e. How many times the teams give presentations? [ ] What is their main contribution to the security committee? ( ) Writing papers ( ) documents ( ) developing security tools ( ) public announcements (alerts, advisories) ( ) holding a workshop if its own? [ ] Get a list of the teams expectation of APCERT
© 2004 APCERT Special Properties of Accreditation for the Full membership: Conti 3. Trust - APCERT should clarify its policy with regards to; [ ] Check the security policy how to handle the sensitive information. ( ) How is incoming information tagged or classified? ( ) How is information handled, especially with regards to exclusively? ( ) What considerations are adopted for the disclosure of information, especially incident related information passed on to other teams or to sites? ( ) Are there legal considerations to take into account with regards to the information handling? ( ) Policy on use of cryptography to shield exclusivity & integrity in archives and/or in data communication, specially . [ ] Check track record of working relationship with other teams. [ ] Is the response quick? How many days it take to get the reply from them? ( ) Quick( ) Reasonable( ) Slow [ ] Check the applicants policies on: ( ) Type of incidents and level of support ( ) Co-operation, interaction and disclosure of information ( ) Communication and authentication Future Plan: -Integrate/standardize CSIRT accreditation globally. (Trusted Introducer, FIRST Sponsorship scheme, APCERT accreditation, etc) -Send liaison member to FIRST accreditation WG.
© 2004 APCERT Outreach to multiple sectors One important role of APCERT is education and training to raise awareness and encourage best practice. APEC-TEL: APCERT provided the recommendation/ advice to AP region intergovernmental initiative as security experts group in AP ASEAN: APCERT members provide CSIRT training and Outreach program to newcomer economies Future Plan: Support standard CSIRT training material, add regional modules on top of the core material. TRANSIT Program – from EU Cooperation with the FIRST
© 2004 APCERT Traffic Data Share Project in AP Traffic monitoring Workshop at APSIRC 2004 at KL. For the accuracy of the internet traffic trend – sharing traffic monitoring data within wide region is useful. For the accurate analysis of internet trend, sharing analysis methodology, techniques is useful. Kicked off Traffic monitoring data share WG – two projects will be planned to expand to APCERT members. IODEF Portal site Early warning scheme within the APCERT scheme
© 2004 APCERT Thank you. Yurie Ito Tel:
EVALUATOR ORIENTATION Serving on Off-Site and On-Site Committees OVERVIEW.
Internet Corporation for Assigned Names and Numbers Presidents Report São Paulo December 2006.
Knowledge without boundaries Planning, creating, managing and sustaining a successful library consortium. TEMPUS workshop November.
Admissions Policy and HE Strategy Professionalising Admission to Higher Education in Further Education Conference Tuesday 2 March 2010 Annie Doyle, Senior.
1 Alliance of Information and Referral Systems Accreditation Presented by Charlene Hipes AIRS Conference May 2010.
Module 2: National IEA process design and organization.
CERTIFIED GUIDING LION PROGRAM A Course for Success.
13 th Meeting of the Interagency Working Group (IWG) on ICT November 20, 2009, UNCC, Bangkok by Asia-Pacific Telecommunity APT Initiatives on Disaster.
A Knowledge Innovation TM Project Proposal for Egypts Negotiating Body Making Negotiation a National Duty 26 June 2005, RITSEC.
Technical and Program Committee Chair Training Laura McGill, VP - Technical Activities, Jim Neidhoefer,
MCCC AND WHAT IT MEANS TO BE A DELEGATE Lisa Christine Meredith Executive Director, MCCC.
Bringing New Work to the IETF Thomas Narten IETF 68 Prague, Czech Republic March 18, 2007.
By Fouad Bajwa Co-Vice Chair APRALO ICANNs At-Large (individual Internet user community) for the Asian-Australian-Pacific Region.
The Role of Governments Caribbean Telecommunications Union Ministerial Seminar May 29, 2012 Heather Dryden Chair - Governmental Advisory Committee, ICANN.
Tips for Training (module 6.2). Objectives Know what user training resources are available to you for HINARI Consider your institutions training resources.
1 Seminar 4A - Effective Security Practices Eoghan Casey, Security Consultant Jack Suess, CIO, UMBC EDUCAUSE Mid-Atlantic Regional Conference - Baltimore,
InfoDay 2012 Civil Protection Work Programme 2012 Brussels, Friday, 2 March 2012InfoDay 2012 Civil Protection Work Programme 2012 Brussels, Friday, 2 March.
Title VI, Environmental Justice, and Customer Service January 24, 2013 Presented by: Robbie L. Sarles, President RLS & Associates, Inc.
Conducting a Successful Agency Orientation Field Instructor Training September 17, 2008.
AEE Accreditation Program. Provide an overview of AEEs Accreditation Program process program policy standards.
2012 SQA Central Training (New Centers) Venue – BISU, Beijing 9, Sept am– 5:00 pm Mary Gao.
COMPLIANCE360 compliance made simple !. Governance And Accountability Governance And Accountability Provides A Focus For Business Practices That Promote.
Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.
African Views Organization Presentation By: Wale Idris Ajibade, Director of Research and Strategy | Tel:
Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.
© 2005, EDUCAUSE/Internet2 Computer and Network Security Task Force Information Security Governance: The Buck Stops Where? Mark Luker Vice President, EDUCAUSE.
New Initiatives Subcommittee TAC Report Tuesday, May 10th,
Quality developments in VET An overview of the work of the European Forum on Quality in VET.
NATIONAL LAND SURVEY OF FINLAND – DOWN TO EARTH From SDI to GSDI with special focus on Regional SDI in Europe (INSPIRE) Jarmo Ratia Director General, National.
© 2016 SlidePlayer.com Inc. All rights reserved.