CTO-CybersecurityForum-2010-Steve Purser

840 views
788 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
840
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Presentation’s introduction / agenda
  • CSIRTs primarily focus on the response to ICT related security incidents on behalf of one or more stakeholders, or interested parties. The stakeholder(s) of a CSIRT are its constituency. The customer-base of a CSIRT is called constituency within the CSIRT community. In this document we will use the term constituency to refer to the constituents of a CSIRT CSIRT stands for Computer Security Incident Response Team. The name CSIRT is the name used predominantly in Europe for the protected CERT© or CERT-CC name. There are various abbreviations used for the same sort of teams: CERT© or CERT-CC (Computer Emergency Response Team) CSIRT (Computer Security Incident Response Team) IRT (Incident Response Team) CIRT (Computer Incident Response Team) SERT (Security Emergency Response Team) A Abuse Team is not a CSIRT Its a response facility, usually operated by an ISP, who professionally handles "Internet-abuse" reports or complaints. (e.g. spam, viruses, offensive mails, etc.), with a team of people, on a relatively large scale. >> And is not ideally handling computer incidents like a CSIRT team is doing
  • CSIRTs primarily focus on the response to ICT related security incidents on behalf of one or more stakeholders, or interested parties. The stakeholder(s) of a CSIRT are its constituency. The customer-base of a CSIRT is called constituency within the CSIRT community. In this document we will use the term constituency to refer to the constituents of a CSIRT CSIRT stands for Computer Security Incident Response Team. The name CSIRT is the name used predominantly in Europe for the protected CERT© or CERT-CC name. There are various abbreviations used for the same sort of teams: CERT© or CERT-CC (Computer Emergency Response Team) CSIRT (Computer Security Incident Response Team) IRT (Incident Response Team) CIRT (Computer Incident Response Team) SERT (Security Emergency Response Team) A Abuse Team is not a CSIRT Its a response facility, usually operated by an ISP, who professionally handles "Internet-abuse" reports or complaints. (e.g. spam, viruses, offensive mails, etc.), with a team of people, on a relatively large scale. >> And is not ideally handling computer incidents like a CSIRT team is doing
  • Presentation’s introduction / agenda
  • CTO-CybersecurityForum-2010-Steve Purser

    1. 1. ENISA & The CERT Community Steve Purser Head of Technical Competence Department 17 June 2010
    2. 2. Who are we? <ul><li>The European Network & Information Security Agency (ENISA) was formed in 2004. </li></ul><ul><li>The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. </li></ul><ul><li>We facilitate the exchange of information between EU institutions, the public sector and the private sector. </li></ul>
    3. 3. Activities <ul><li>The Agency’s principal activities are as follows: </li></ul><ul><ul><li>Advising and assisting the Commission and the Member States on information security. </li></ul></ul><ul><ul><li>Collecting and analysing data on security practices in Europe and emerging risks. </li></ul></ul><ul><ul><li>Promoting risk assessment and risk management methods. </li></ul></ul><ul><ul><li>Awareness-raising and co-operation between different actors in the information security field. </li></ul></ul>
    4. 4. Supporting The CERT Community <ul><li>CERT is an acronym for Computer Emergency Response Team. </li></ul><ul><li>ENISA supports the Member States and other stakeholders to establish and operate CERTs by: </li></ul><ul><ul><li>Providing help with the establishment of new CERTs. </li></ul></ul><ul><ul><li>Identifying good practice on how to operate CERTs. </li></ul></ul><ul><ul><li>Supporting training and exercises. </li></ul></ul><ul><ul><li>Recommending a set of “baseline capabilities” for national / governmental CERTs. </li></ul></ul><ul><li>See : https://www.enisa.europa.eu/act/cert/ </li></ul>
    5. 5. National / Governmental CERTs <ul><li>National / governmental CERTs are of particular interest to ENISA due to their link with policy makers. </li></ul><ul><li>These CERTs play a major role in protection of CIIP in the Member States. </li></ul><ul><li>The EC CIIP Communication, states that a “well functioning” national / governmental CERT in each Member State is mandatory”. </li></ul>
    6. 6. Evolution (1) National / Government CSIRTs in Europe 2005 National / Government CSIRTs in Europe spring 2010 Finland France Germany Hungary The Netherlands Norway Sweden UK PLANNED: Czech Republic Cyprus Iceland Ireland Greece Luxembourg Poland Portugal Slovakia Outside EU: Most former Soviet Republics South Africa PLUS: Austria Belgium Bulgaria Estonia Italy Latvia Lithuania Spain
    7. 7. Evolution (2) <ul><li>The number of national / governmental CERTs is growing, but still there are gaps. </li></ul><ul><li>Capabilities of national / governmental CERTs still vary a lot among the Member States. </li></ul><ul><li>Cross-border cooperation among teams exists, but can be improved. </li></ul><ul><li>The level of responsibility and number of tasks assigned to CERTs is increasing. </li></ul>http://www.enisa.europa.eu/act/cert/background/inv
    8. 8. WARPs <ul><li>WARP is an acronym for Warning, Advice and Reporting Point. </li></ul><ul><li>Main role is to facilitate the exchange of security related information within the community. </li></ul><ul><li>ENISA believes that WARPs are an excellent alternative to CERTs for small, trusted communities of users with similar levels of expertise. </li></ul><ul><li>ENISA featured the WARP model in the European Information Sharing and Alert System Feasibility study (EISAS). </li></ul>
    9. 9. Good Practice Guides <ul><li>ENISA helps CERTs to enhance their capabilities by developing good practice guides . </li></ul><ul><li>Examples include: </li></ul><ul><ul><li>Setting-up and operating CERTs </li></ul></ul><ul><ul><li>Training, exercising and piloting of projects </li></ul></ul><ul><ul><li>Basic services like incident handling </li></ul></ul><ul><ul><li>Enhancing cross-border cooperation </li></ul></ul>
    10. 10. 2010: CERT Baseline Capabilities […] 2009: CERT Exercises Pilots Work To Date 2005: Stocktaking 2006: Setting up & Cooperation 2007: Support Operation Quality Assurance 2008: CERT Exercises
    11. 11. <ul><li>Step-by-step description on how to establish a CERT. </li></ul><ul><ul><li>Overall strategy for planning and setting up a CERT. </li></ul></ul><ul><ul><li>Developing the Business Plan. </li></ul></ul><ul><ul><li>Promoting the Business Plan. </li></ul></ul><ul><ul><li>Examples of operational and technical procedures (workflows). </li></ul></ul><ul><ul><li>CERT training. </li></ul></ul><ul><ul><li>Exercise: Producing an advisory. </li></ul></ul><ul><ul><li>Project Plan. </li></ul></ul>Example: CERT Establishment
    12. 12. A students version … … a teachers version … … plus Live-DVDs … … EXERCISE! Based on “real” life examples! Example: CERT Exercise material
    13. 13. Example: CERT exercise pilots
    14. 14. Questions?

    ×