Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Creating a CERT at WARP Speed

1,986 views

Published on

My presentation at BruCON and Source Barcelona on how I set up the Irish CERT (IRISSCERT www.iriss.ie) using the WARP platform

Published in: Technology
  • Be the first to comment

Creating a CERT at WARP Speed

  1. 1. Creating A CERT at WARP Speed<br />
  2. 2. 2004 – The Journey Begins<br />Copyright © 2010 IRISS www.irissie<br />2<br />
  3. 3. What’s Missing?<br />3<br />Copyright © 2010 IRISS www.irissie<br />
  4. 4. Situation<br /><ul><li>Knowledge Economy
  5. 5. “Silicon Valley” Europe
  6. 6. Over 97% of Irish Businesses are SME
  7. 7. <50 Employees and Annual Turnover <€10m
  8. 8. Ever Increasing Dependence on ICT
  9. 9. No Independent Source of InfoSec information
  10. 10. Economy At Risk
  11. 11. National Security and CNI at Risk
  12. 12. Lack of Data for Law Enforcement
  13. 13. Soft Back Door to UK CNI</li></ul>4<br />Copyright © 2010 IRISS www.irissie<br />
  14. 14. Not a Fair Fight !<br />5<br />Copyright © 2010 IRISS www.irissie<br />
  15. 15. Stakeholders<br />6<br />Copyright © 2010 IRISS www.irissie<br />
  16. 16. Does Ireland Need a CERT?<br />7<br />Copyright © 2010 IRISS www.irissie<br />
  17. 17. 8<br />Job Complete?<br />Copyright © 2010 IRISS www.irissie<br />
  18. 18. 9<br />Estonia Effect<br />Copyright © 2010 IRISS www.irissie<br />
  19. 19. 10<br />Job Complete?<br />Copyright © 2010 IRISS www.irissie<br />
  20. 20. 11<br />IRISS Is Born<br />Copyright © 2010 IRISS www.irissie<br />
  21. 21. Who is IRISS-CERT?<br /><ul><li>Ireland’s First CSIRT(Computer Security Incident Response Team)
  22. 22. Provide Services On Information Security
  23. 23. Services Provided Free of Charge
  24. 24. Not For Profit Organisation</li></ul>12<br />Copyright © 2010 IRISS www.irissie<br />
  25. 25. Services Offered<br />Irish Focused Alerts and Warnings<br />Vulnerability Awareness<br />Incident Awareness<br />Sanitised Attack Notifications<br />Coordination Service<br />Irish Focused Research<br />Trends and Metrics<br />General Awareness<br />Knowledge Sharing<br />Informal discussion<br />Information Sharing & Dissemination<br />13<br />Copyright © 2010 IRISS www.irissie<br />
  26. 26. We Serve<br />Government Bodies and Agencies<br />Private Sector Companies<br />SME Sector <br />Industry Bodies<br />Other CERTs<br />14<br />Copyright © 2010 IRISS www.irissie<br />
  27. 27. 15<br />IRISS Associations<br />Copyright © 2010 IRISS www.irissie<br />
  28. 28. 16<br />Sponsors<br />Copyright © 2010 IRISS www.irissie<br />
  29. 29. Reaction<br />17<br />Copyright © 2010 IRISS www.irissie<br />
  30. 30. The Future<br />18<br />Copyright © 2010 IRISS www.irissie<br />
  31. 31. 19<br />Planning Your CERT<br />Copyright © 2010 IRISS www.irissie<br />
  32. 32. 20<br />Engage With Stakeholders<br />Copyright © 2010 IRISS www.irissie<br />
  33. 33. 21<br />Identify Your Clients<br />Copyright © 2010 IRISS www.irissie<br />
  34. 34. 22<br />Identify Services<br />Copyright © 2010 IRISS www.irissie<br />
  35. 35. 23<br />Establish Your Requirements<br />Copyright © 2010 IRISS www.irissie<br />
  36. 36. 24<br />Identify Tools<br />Copyright © 2010 IRISS www.irissie<br />
  37. 37. 25<br />Get Funding & Support<br />Copyright © 2010 IRISS www.irissie<br />
  38. 38. 26<br />Practise, Practise, Practise<br />Copyright © 2010 IRISS www.irissie<br />
  39. 39. 27<br />Establish the IRT<br />Copyright © 2010 IRISS www.irissie<br />
  40. 40. 28<br />Deliver Your Services<br />Copyright © 2010 IRISS www.irissie<br />
  41. 41. 29<br />Be Prepared<br />Copyright © 2010 IRISS www.irissie<br />
  42. 42. 30<br />Hurdles<br />Copyright © 2010 IRISS www.irissie<br />
  43. 43. 31<br />IRISS Is A WARP<br />Copyright © 2010 IRISS www.irissie<br />
  44. 44. 32<br />What Is A WARP?<br />Copyright © 2010 IRISS www.irissie<br />
  45. 45. 33<br />WARP MSP<br />Copyright © 2010 IRISS www.irissie<br />
  46. 46. 34<br />WARP MSP<br />Copyright © 2010 IRISS www.irissie<br />
  47. 47. 35<br />WARP MSP<br />Copyright © 2010 IRISS www.irissie<br />
  48. 48. 36<br />WARP MSP<br />Copyright © 2010 IRISS www.irissie<br />
  49. 49. 37<br />WARP FWA<br />Copyright © 2010 IRISS www.irissie<br />
  50. 50. 38<br />Copyright © 2010 IRISS www.irissie<br />
  51. 51. Why A WARP?<br />39<br />Copyright © 2010 IRISS www.irissie<br />
  52. 52. 40<br />More Resources<br />ENISA - A step-by-step approach on how to set up a CSIRT <br />http://enisa.europa.eu/cert_guide/downloads/CSIRT_setting_up_guide_ENISA.pdf<br />CERT-in-a-box<br />http://www.govcert.nl/render.html?it=69<br />Handbook for CSIRTs (CERT/CC)<br />http://www.cert.org/archive/pdf/csirt-handbook.pdf<br />Forming an Incident Response Team<br />http://www.auscert.org.au/render.html?it=2252<br />NIST Computer Security Incident Handling Guide<br />http://www.securityunit.com/publications/sp800-61.pdf<br />CSIRT Starter Kit <br />http://www.terena.org/activities/tf-csirt/starter-kit.html<br />Trusted Introducer for CSIRTs in Europe<br />http://www.ti.terena.nl/<br />Warning Advice and Warning Point (WARP)<br />http://www.warp.gov.uk/<br />Copyright © 2010 IRISS www.irissie<br />
  53. 53. Questions ?<br />

×