Your SlideShare is downloading. ×
0
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
CERT Certification
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CERT Certification

172

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
172
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • The first major outbreak of a worm in the global IT infrastructure occurred in the late 1980s. The worm was named Morris2 and it spread swiftly, effectively infecting a great number of IT systems around the world. This incident acted as a wake-up call: suddenly people got aware of a strong need for cooperation and coordination between system administrators and IT managers in order to deal with cases like this. Due to the fact that time was a critical factor, a more organised and structural approach on handling IT security incidents had to be established. And so a few days after the “Morris-incident” the Defence Advanced Research Projects Agency (DARPA) established the first CSIRT: the CERT Coordination Center (CERT/CC3), located at the Carnegie Mellon University in Pittsburgh (Pennsylvania). This model was soon adopted within Europe, and 1992 the Dutch Academic provider SURFnet launched the first CSIRT in Europe, named SURFnet-CERT4. Many teams followed and at present ENISAs Inventory of CERT activities in Europe5 lists more than 100 known teams located in Europe.
  • As Louis Pasteur put it in a lecture in the University of Lille, “in the fields of observation chance favours only the prepared mind”. Likewise, governments, companies and individuals need to be prepared to observe, detect and respond to all kinds of unpredictable technical threats and incidents. This need led to the proliferation of CERTs that must share information and coordinate for reasons of efficiency, preventing duplication of efforts, and avoiding sending out incoherent or even contradictory warnings and alerts.
  • The EuroCERT was funded by TERENA with money collected from voluntaries wishing to participate and contribute to the project. Since TERENA was established for research and academic networks, all participants came from this area. It was expected however that commercial ISPs would join by the end of the pilot. The pilot did not work as well as expected. One of the problems was that with different set of services delivered by each team, it was very hard to define the scope of work for EuroCERT that would satisfy the needs of all sponsors without overlapping with work that others are already doing for their own constituencies. Other problems were caused by the need of acceptance of submission to an external authority, e.g. giving up direct personal links. The fact that Europe if a multinational and multicultural structure and that work of a CERT team within national research network would be coordinated with international EuroCERT which was an international entity did not make things any easier. The EuroCERT services, and thus the project SIRCE itself ended in September 1999, two months before the scheduled date, due to lack of interest and funding.
  • Transcript

    • 1. May/Madrid 2007Con la colaboración dey el patrocinio de CERT Certification Vicente Aceituno
    • 2.  As Louis Pasteur put it in a lecture in the University of Lille: “In the fields of observation chance favors only the prepared mind”.
    • 3. What? CERT or CERT/CC (Computer Emergency Response Team / Coordination Center) CSIRT (Computer Security Incident Response Team) IRT (Incident Response Team) CIRT (Computer Incident Response Team) SERT (Security Emergency Response Team)
    • 4. CERT A Computer Security Incident Response Team (CSIRT) is a service organization that is responsible for receiving, reviewing, and responding to computer security incident reports and activity. Their services are usually performed for a defined constituency that could be a parent entity such as a corporation, governmental, or educational organization; a region or country; a research network; or a paid client. (CERT/CC)
    • 5. CERT - Benefits Centralized coordination for IT security issues within the organization. Specialized handling of and response to IT incidents. Dealing with legal issues and preserving evidence in the event of a lawsuit. Keeping track of developments in the security field. Stimulating cooperation within the constituency on IT security (awareness building).
    • 6. CERT - Types Academic Sector CSIRT Commercial CSIRT Governmental Sector CSIRT Internal CSIRT Military Sector CSIRT National CSIRT Small & Medium Enterprises (SME) Sector CSIRT Vendor CSIRT
    • 7. CERT - Services Reactive Services  Alerts and Warnings  Incident Handling  Vulnerability Handling  Artifact Handling
    • 8. CERT - Services Proactive Services  Technology Watch  Announcements  Security Audit or Assessments  Configuration and Maintenance of Security Tools, Applications and Infrastructures  Development of Security Tools  Intrusion Detection Services  Security-Related Information Dissemination
    • 9. CERT - Services Security Quality Management Services  Risk Analysis  Business Continuity & Disaster Recovery Planning  Security Consulting  Awareness Building  Education / Training  Product Evaluation or Certification
    • 10. CERTs in Europe
    • 11. Trust Building Team – Team Association Inter - Association Personal relationships. Certification - Trusted Introducer. Agreements:  Code of Conduct.  Memoranda of Understanding.  SLAs. Adherence to standards.
    • 12. Association - FIRST Mission:  FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.  FIRST members develop and share technical information, tools, methodologies, processes and best practices  FIRST encourages and promotes the development of quality security products, policies & services  FIRST develops and promulgates best computer security practices  FIRST promotes the creation and expansion of Incident Response teams and membership from organizations from around the world  FIRST members use their combined knowledge, skills and experience to promote a safer and more secure global electronic environment.
    • 13. Certification - Trust A way to evidence the organizations stance on security; A part of a contract to ensure commitment by one of the parties to security management; A mechanism to ensure mutual understanding of the services obtained from a provider. Trust relationships with Third Parties, like Partners, Customers and Suppliers.
    • 14. CERT Certification What is certification good for?  It is a driver for implementation of better IS practices.
    • 15. Certification - Trust What is certification good for?  Establishing trust relationships.
    • 16. Certification - Challenges Challenges  Certification doesn’t guarantee performance. Performance depends on the budget, the capability and the commitment of those involved in running it.  Certification only guarantees that the cause of faults is not poor process design.  Poor performers and bogus certifications lower the reputation of the certification and damage the reputation of all certificate holders.
    • 17. Certification - Challenges Specification
    • 18. Certification - Challenges Different Implementations
    • 19. Certification - ChallengesIf you get thesame certificate
    • 20. Certification - ChallengesFor differentimplementations
    • 21. Certification - ChallengesThe marketreputation youwill get is that ofthe worstimplementation
    • 22. Certification - Challenges Challenges:  Some threats fall out of the scope of information security: – Human error; – Incompetence; – Fraud; – Corruption.
    • 23. Certification - Challenges
    • 24. Certification - Summary  Certification doesn’t guarantee performance.  Bad performers damage the reputation of all certificate holders.
    • 25. Accreditation Accreditation Entity Accreditation Entity Certification Entity Final User
    • 26. Trusted Introducer (TERENA) The Trusted Introducer (TI) is a trust broker for European CERTs with three levels:  Listed – any team identified within the scope of TI  Accreditation Candidate – a team which received and accepted invitation for Accreditation process  Accredited – a team which successfully completed accreditation / verification process
    • 27. Certification – Challenges Certification is not enough! Accreditation is necessary:  Verification of personnels competence.  Verification of teams procedures and policies  Verification of financial stability and sustainability.  Verification of basic operational factors, such as reachability or response times.
    • 28. Sources CMU/SEI Handbook for Computer Security Incident Response Teams (CSIRTs) ENISA’s CERT in Europe v1.4 ENISA’s CERT cooperation and its further facilitation by relevant stakeholders. ENISA’s Information Security Certification Schemes Workshop 2006 Minutes, materials and Report. ENISA’s Inventory of CERT activities in Europe. ENISA www.enisa.europa.eu/cert%5Finventory/index_inventory.htm EA 7/03 Guidelines for the Accreditation of Bodies Operating Certification/Registration of Information Security Management Systems. FIRST - www.first.com ISM3 v2.00 ISO/IEC 27001:2005 Information technology — Security techniques — Information security management systems — Requirements Information Security Management Maturity Model v2.00 ISO/IEC 19011:2002 Guidelines for quality and/or environmental management systems auditing Terena’s Trusted Introducer Service (TI) Terena’s TF-CSIRT. Terena’s A Trusted CSIRT Introducer in Europe.
    • 29. May/Madrid 2007Con la colaboración dey el patrocinio de THANKS
    • 30. Creative Commons Attribution-NoDerivs 2.0You are free:•to copy, distribute, display, and perform this work•to make commercial use of this workUnder the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work.For any reuse or distribution, you must make clear to others the license terms of this work.Any of these conditions can be waived if you get permission from the author.Your fair use and other rights are in no way affected by the above.This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copyof this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to CreativeCommons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
    • 31. Trusted Introducer (TERENA) An invitation to start the accreditation process can be sent to a "Listed" team upon its request or e.g. by recommendation of an already "Accredited" CERT. The process of accreditation requires the team to declare its support for a number of criteria and provide a standardized set of information about itself. This data is then kept and maintained by the TI to ensure it is correct and up to date. Gaining the "Accredited" level results in access to numerous services, e.g. a database of in-depth operational contacts of all accredited teams, the TI mailing lists open to accredited CERTs only, PGP key signing, etc. The services of the TI are provided by an independent contractor appointed by TERENA and supervised by TI Review Board consisting of 5 members: a TERENA representative, three members elected by accredited teams and the chair of TERENA TF-CSIRT ex officio.

    ×