introduction to csirts

Security Incident Response Capabilities & CSIRTs Adli Wahid Security Specialist [email protected]

Upload: apnic

Post on 15-Apr-2017

213 views

Category:

Internet

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

SecurityIncidentResponseCapabilities&CSIRTs

[email protected]

AdliWahid

• SecuritySpecialist@APNIC• [email protected]• MemberofINTERPOLCyberCrimeExpertGroup• Let’sConnect

• Twitter:@adliwahid• Linkedin:AdliWahid• APNIC’sBlog:https://blog.apnic.net

SecurityResilience

SecuritybyDesign

SecurityinDeployment

SecurityinOperation

SecurityinBreach

EcosystemNetwork

Operators/ServiceProviders

LawEnforcement/

Judiciary

PolicyMakers EndUsers/Consumers

NationalCERTs/CSIRTs|CyberSecurity

Agency

Hardware/SoftwareVendors

Why?

1. Getnotified2. ReduceImpactofSecurityIncident3. Understandthe(root)cause4. DoSomethingAboutIt

GetNotified• HowcanotherCERTs/CSIRTcontactyou?

o Incidentso SourceofSecurityIncidentso Suspiciousactivitieso ThreatInformation

• Whois db andothermeanso APNIC’sWhois Accuracyinitiative

• Willyoudosomethingaboutit?o Awarenesso Capabilitieso Policies&Procedures

• Alloftheabove:Preparedness

irt:IRT-APNIC-IS-APaddress:SouthBrisbane,Australiae-mail:[email protected]:[email protected]:AIC1-APtech-c:AIC1-APauth:#Filteredremarks:APNICInfrastructureServicesmnt-by:MAINT-APNIC-IS-APchanged:[email protected] 20110704source:APNIC

https://blog.apnic.net/2016/09/27/lea-stakeholders-enter-whois-discussion/

ReducePotentialImpact• Timeliness• SecurityIncidentshaveaffectconstituent’s

• Operation• Business• Image/Brand• Safety

• Understandthe(root)causeoAdvise/Alerttheconstituents

• Reducecostrequiredtofix

Cryptolocker

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

DoSomethingAboutIt• Remediation

oAnalysisoCollaborationo Escalation

• DDoSExampleo Fixing/removingvulnerablehostso Fixing/removingvulnerableservicesoBCP38/SourceAddressValidationoContinuousMonitoring

• Joinindustry-wideinitiatives

ShadowServer Foundation

https://www.cybergreen.net

Mapping Threat to Incident Response

l© NIST

NIST SP 800-61 rev 2 (2012

CommunityofCSIRTs• Trustedgroup• InformationSharing• Beyondthat

o LessonsLearnedo JointProjects(Standards,Tools,Frameworks)o JointActivities(Events,Drills)oResources(Training,Trainers)oMentoring

oExamples:o FIRST.org ,APCERT,NZITF

FIRST.org Fellows

https://www.first.org

CERT/CSIRTActivitiesinAPRegion• Partnerships

• CollaborationwithFIRST.org• MoUwithAsiaPacificComputerEmergencyResponseTeams(APCERT)

• Shareresources,promoteinitiatives• Activities

• FIRSTTechnicalColloquia(SecurityTrack)atAPRICOT&APNICSupportedEvents

• CyberSecurityWorkshops• Training/E-Learning

• 2017• FIRST-TC@APRICOT• Moreactivitiesbeingplanned

TongaCERTDiscussion

SecurityWorkshopinBhutan

ThankYou

[email protected]

Improving the effectiveness of · PDF fileImproving the effectiveness of CSIRTs ... the authors would like to thank Mr. Damir Rajnovic, ... 1.1 Scope and purpose

COOPERATION ACROSS CSIRTS, LE AND THE JUDICIARY · LE asks for the list of log entries that could help to identify users connecting to the internet using computer with IP address

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak [email protected] [email protected] [email protected]

BEHAVIOURAL ASPECTS OF COOPERATION BETWEEN CSIRTS … · behavioural aspects of cooperation between csirts and le december 2019 2 table of contents 1. what you will learn 3 1.1 thematic

Aspects of Cooperation between CSIRTS and LE

Incident Management and Computer Security Incident Response Teams · PDF file · 2010-08-13Incident Management and Computer Security Incident Response Teams (CSIRTs) Cristine Hoepers

CESNET-CERTS.FIRST.Academic CSIRTs meeting.20120617 · CESNET-CERTS Education: workshops presentation at local conferences education of members of security forces Working group CESNET

Understanding Cyber Security Incident Response Teams (CSIRTs) as Multiteam Systems (MTSs)

Defining Incident Management Processes for CSIRTs: A Work in

COOPERATION ACROSS CSIRTS, LE AND THE …...Trainees further acquire a better understanding of the tools and methods used for the cooperation between CSIRTs and LE and their interaction

TECHNICAL ASPECTS OF COOPERATION BETWEEN CSIRTS AND LE · material: ENISA reports ENISA presentations Trainer’s notes based on recommended material and sources Learning outcomes

Barriers to CSIRTs cooperation. Challenge in practice ... · Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits related to networking Networking

ENISA EU CYBERSECURITY AGENCY - CNCS · ENISA –EU CYBERSECURITY AGENCY Krzysztof Silicki ENISA, Deputy Chair of Management ... Guidelines for national CSIRTs on physical security,

WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure

Improving Cooperation between CSIRTs and Law Enforcement

Handbook for Computer Security Incident Response Teams ... Handbook for... · Incident Response Teams (CSIRTs) Moira J. West-Brown Don Stikvoort Klaus-Peter Kossakowski December 1998

Supporting CSIRTs in the EU - imf-conference.org · option • must - role and responsibility of a n/g CERT is clearly communicated to all relevant stakeholders, national and in international

Resources to Support Training Programs for CSIRTs

Asia Pacific Computer Emergency Response Team › documents › pdf › annualreport2003.pdf · 2020-03-04 · Asia Pacific Computer Emergency Response Team ... (CSIRTs) from the

PAPER SERIES: NO. 23 — DECEMBER 2015 … SERIES: NO. 23 — DECEMBER 2015 Combatting Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity Samantha Bradshaw

TECHNICAL ASPECTS OF COOPERATION BETWEEN CSIRTS AND … · TECHNICAL ASPECTS OF COOPERATION BETWEEN CSIRTS AND LE DECEMBER 2019 5 Figure 1.2: Ransomware infection scenario Figure

An Anthropological Approach to Studying CSIRTs · 2020-01-04 · Genevieve Bell, a cultural anthropologist at Intel, explored the social and cultural aspects of ubiquitous computing

Internet Governance Forum - FIRST · 1 Internet Governance Forum Best Practices Forum on Establishing and Supporting Computer Security Incident Response Teams (CSIRTs) for Internet

Introduction to Computer Security & Incident Response ... · Issue Date: Revision: APNIC e-Learning: Introduction to Computer Security & Incident Response Teams (CSIRTs) 1February

EU - Network and Information Security (NIS) Directive...EC, ENISA CSIRT Network •Operational cooperation between National CSIRTs, CERT-EU, ENISA National CSIRT - Mandate •OCECPR

Developing CSIRTs in Brazilian NREN - LACNIC - SLIDESslides.lacnic.net/wp-content/uploads/2017/05/cais-csirts.pdf · Security incidents and critical vulnerabilities grew last years

Community-oriented Computer Security Incident Response Teams (C-CSIRTS)

Creating and Managing CSIRTs - APRICOT · 2017-02-06 · Creating and Managing CSIRTs Page 1 ... Incident Reports are Increasing Above represents reports submitted to the CERT Coordination

FIRST CSIRT Framework › standards › frameworks › csirts › ...FIRST CSIRT Framework Computer Security Incident Response Team (CSIRT) Services Framework Version 1.1.1

Organizational Models for Computer Security Incident Response Teams (CSIRTs)

Meletis Belsis -CSIRTs

BEHAVIOURAL ASPECTS OF COOPERATION BETWEEN CSIRTS …

CSIRT capacity building in Europe - ENISA · 2 Capacity and community building for CSIRTs 2005 Start up program for CSIRTs (ENISA guidelines and support on how to set up and operate