Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resources to Support Training Programs for CSIRTs.

Published byHugh Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Resources to Support Training Programs for CSIRTs."— Presentation transcript:

1 Resources to Support Training Programs for CSIRTs

2 Problem There is a long trend which shows CSIRTs are having a problem training their staff A recent survey* by Jeff Yuetter had two interesting results – Staff expertise or availability is a very challenging problem to 49% of teams (51 responded) – 54% of the teams do not have a formal training or mentoring program in place (56 responded) Similar findings were reported by – CERT/CC in 2009 – CERT/CC in 2003 * update d version of CSIRT State of the Practice independently carried out by Jeff in Fall 2011

3 Causes We assume that there will be multiple causes for this issue. We will primarily focus on: – Lack of identified resources to compose a comprehensive training plan – Lack of knowledge on how to prepare and execute a training plan Thus, we believe the major issues are related to building and executing Training Plans

4 Major Steps to Creating a Training Plan (1) Identify all of the topics required (2) Create a check-list that summarizes all the training topics (3) Identify the resources (4) Develop a procedure for evaluation and correction (to include assessment materials)

5 A Relook at Causes We assume that there will be multiple causes for this issue. We will primarily focus on: – Lack of identified resources to compose a comprehensive training plan This is step (3) in Creating a Training Plan – Lack of knowledge on how to prepare and execute a training plan This is part of step (4) in Creating a Training Plan This means the major issues are related to executing Training Plans

6 What has been done What about steps (1) and (2)? The (U.S.) National Initiative for Cybersecurity Education (NICE) has a framework – http://csrc.nist.gov/nice/framework/ http://csrc.nist.gov/nice/framework/ – Nice addresses steps (1) and (2)

7 What Can We do We are proposing that a pilot could focus on Incident Responders. In NICE this is – Protect and Defend: Incident Response: Tasks and KSAs (pgs 70-73) http://csrc.nist.gov/nice/framework/documents/NICE- Cybersecurity-Workforce-Framework-printable.pdf http://csrc.nist.gov/nice/framework/documents/NICE- Cybersecurity-Workforce-Framework-printable.pdf We could identify and document the resources for the tasks and KSAs [step (3)]

8 The Pilot Pilot: An attempt to address step (3) Identify resources for NICE specialty areas tasks/KSAs – Focus on specialty area - Incident Responders Protect and Defend: Incident Response: Tasks and KSAs (pgs 70-73) We believe this material is part of the missing information needed by CSIRT managers to develop a training plan

9 Pilot Work with 6 to 7 domain experts within a community to identify resources to match against Tasks and KSAs – This would also identify gaps We could either host the material on our website or assist with the community hosting it on theirs – Initially we think a wiki format might be best

10 Benefits If we can identify what resources will be required to meet specific Tasks and KSAs at various levels, it will also assist with – Management of professional development for staff – Better inform Human Resources in recruiting – Inform new recruits what the expectations are for role/position within a team

11 Long Term It is not sufficient to just have resources and a plan Assessments of the resources(4) will be required before we have a complete solution for CSIRTs

12 OVERVIEW OF NICE

13 NICE Framework -1 Generic Outline – Framework Category Specialty Area – Tasks – KSAs (Knowledge, Skills, and Abilities) Example – Protect and Defend Incident Response – 16 Tasks – 26 KSAs

14 NICE Framework - Categories There are seven framework categories – Securely Provision (SP) – Operate and Maintain (OM) – Protect and Defend (PD) – Investigate (IN) – Operate and Collect (OC) – Analyze (AN) – Support (S)

15 NICE Framework - Specialty Areas There are a total of 31 Specialty Areas SP: Information Assurance CompliancePD: Computer network Defense Infrastructure Support SP: Software EngineeringPD: Security Program Management SP: Enterprise ArchitecturePD: Vulnerability Assessment and Management SP: Technology DemonstrationIN: Digital Forensics SP: Systems Requirements PlanningIN: Investigation SP: Test and EvaluationOC: Collection Operations SP: Systems DevelopmentOC: Cyber Operations Planning OM: Data AdministrationOC: Cyber Operations OM: Info Systems Security ManagementAN: Cyber Threat Analysis OM: Knowledge ManagementAN: Exploitation Analysis OM: Customer Service and Technical SupportAN: All Source Intelligence OM: Network ServicesAN: Targets OM: System AdministrationS: Legal Advice and Advocacy OM: System Security AnalysisS: Strategic Planning and Policy Development PD: Computer Network DefenseS: Education and Training PD: Incident Response

16

17

18

19 Similar Initiatives

20 Matrix: NICE specific specialty areas to training/classes Training Plans: Interview teams to create generic training plans for the CSIRT community

21 Initiative: Matrix We would like to create a Matrix that would identify by NICE framework specialty areas what training courses or college classes (language unspecific) meet the Tasks and/or KSAs An example of a similar project done by SANS can be found at (pg 2): www.sans.org/critical- security-controls/winter-2012-poster.pdfwww.sans.org/critical- security-controls/winter-2012-poster.pdf

22

23 Initiative: Matrix cont. For a pilot we will be working with the FIRST Education and Training Committee – We are looking for a few more experts to join the effort Our initial area of focus will be the Protect and Defend framework category – We would further subdivide each specialty area into Junior / Intermediate / Senior Instead of freely available resources we will take a different look to address step (3) – Training Classes – College Classes (to include freely available online)

24 Initiative: Training Plans Use the resource from the 2 previous Pilots Interview CSIRTs with existing training plans Develop templates and resources to assist CSIRT managers in creating and managing training within their organization

Download ppt "Resources to Support Training Programs for CSIRTs."

Similar presentations

Vanja Ivosevic Centre for Education Policy Becici, 24 April 2010 Mapping policies and practices for the preparation of teachers for inclusive education.

Vanja Ivosevic Centre for Education Policy Becici, 24 April 2010 Mapping policies and practices for the preparation of teachers for inclusive education.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
1 National Collaborative on Workforce and Disability for Youth Competencies for Working with Youth: Identify, Assess, and Build Them!

1 National Collaborative on Workforce and Disability for Youth Competencies for Working with Youth: Identify, Assess, and Build Them!
Comparative Study of MOPAN and EvalNet Approaches to Assessing Multilateral Organizations’ Development Effectiveness James Melanson Director, Development.

Comparative Study of MOPAN and EvalNet Approaches to Assessing Multilateral Organizations’ Development Effectiveness James Melanson Director, Development.
Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.

1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.

Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Roles of IT Personnel Unit 4520. Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,

Roles of IT Personnel Unit Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Copyright 2003 Cuyahoga Community College District Knowledge Management: Making it Fly in Higher Education Presenter: Amy C. Eugene Director, Knowledge.

Copyright 2003 Cuyahoga Community College District Knowledge Management: Making it Fly in Higher Education Presenter: Amy C. Eugene Director, Knowledge.
project management office(PMO)

project management office(PMO)
Schools’ Data Collection for National Partnerships Agreements (NPA) Educational Measurement and School Accountability Directorate (EMSAD)

Schools’ Data Collection for National Partnerships Agreements (NPA) Educational Measurement and School Accountability Directorate (EMSAD)

Similar presentations

Ads by Google