CSIRT-Coordination-and-Collaboration-Overview.pptx

MuhammadSalahuddien 52 views 24 slides Aug 18, 2024
Slide 1
Slide 1 of 24
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24

About This Presentation

CSIRT Coordination and Collaboration

Size: 1.31 MB
Language: en
Added: Aug 18, 2024
Slides: 24 pages

Slide Content

CSIRT Coordination And Collaboration Overview BY M. S. MANGGALANNY

Agenda Our discussion will cover: the basics of CSIRT, why coordination is important, the benefits of collaboration, the challenges in coordination efforts, and tips on overcoming those challenges.

Most Affected Sectors Government Web Defacement Malware Attack DDoS Phishing Digital Economy Malware Attack Phishing Credential Leakage Financial Malware Attack Phishing Education Web Defacement Malware Attack Industry Malware Attack Phishing

Why CSIRT is Needed?

But, the Real Reason is Required by laws, regulation, policy, standards, audit, international agreement/treaty Business compliances, market/users demand, best practices and competitive advantages Point of contact who responsible for immediate action and coordination among party involved Expert group who provide recommendation and to discuss security issues and updates When reality bites and incident will cost you!

The Importance Role of CSIRT Computer security incident response today has become an embedded component of information technology (IT) programs Cybersecurity-related attacks have become not only more numerous and diverse but also more damaging and disruptive New types of security-related incidents emerge frequently, collabpration is a necessity Preventive activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring IT service

CSIRT by Definition An organization or capability that provides services and support to a defined constituency for preventing, handling and responding to computer/cyber security incidents No specific hierarchical position for CSIRT’s within the organizational structure. It depends on function, an authority given, and constituencies Every team unique : different mission, authority, and roles within the management process or service Acknowledgements: rely on personal engagement, or state to state (countries), between CSIRT’s/counterparts and partners

Typical CSIRT Activity Provides a single point of contact in every local problems Identify, analyze, impact of treat and or incidents (event) Research, solution, mitigation, strategy, planning, training Share experiences, response information, lesson learned etc. Awareness, capacity building, networking (within community) Response, damage control, recovery/remediation, minimizing risk and management, prevention/recurrent, defense, and resilience

CSIRT Capability CSIRT with Operational capability: Has direct authority to the constituency and its assets Provide incident related services (Proactive and Reactive) CSIRT with Coordination capability: No direct authority to the constituency and its assets As a Coordination Center for others Operational CSIRT Provide limited non incident related services (Security Assurance)

Proactive Services [Incident Related] Reactive Services [Incident Related] Security Quality Management Services Technology Watch, Review Security Audit, Assessment Configuration, Maintenance Security Tools, Applications, Infrastructures Development Security Tools Intrusion Detection Services (Early Warning) Security Related Information Dissemination Incident Response Plan, Incident Preparedness Alert and Warnings Incident Handling Analysis Response on Site Response Support Response Coordination Vulnerability Handling Analysis Response Response Coordination Artifact Handling Analysis Response Response Coordination Asset Valuation, Risk Analysis, and Management Business Continuity (BCP) , Disaster Recovery, (DRP) Security Consulting Awareness Building Education/Training, Cyber Exercise/Drill Product Evaluation, Certification Cyber Hygiene, Resilience

Various Kind of CSIRT by Structure provide incident handling services to parent organization e.g. Bank CSIRT, Gov-CSIRT Internal CSIRT provide incident handling services to a country. Maintaining national security and interest i.e. conducting Critical Infrastructure Protection (CIP’s) e.g. CISA (US), ENISA (EU) National CSIRT coordinate and facilitate the handling of incidents across various CSIRT’s at the national level e.g. inter-sector CSIRT’s and regional level e.g. JP-CERT/CC, My-CERT/CC Coordination Center (CC)

Various Kind of CSIRT by Functions Intelligence Analysis handle reports of vulnerabilities in their software or hardware products (solution) e.g. social media security team, application specific security team etc. Vendor Teams offering an incident handling services commercially e.g. security managed services Incident Response Providers Synthesizing data from various sources to determine trends and patterns in incident activity ( RND ) e.g. Security Operation Center (SOC’s), in-depth cyber threat and attack analysis

Regional Forum / Organization for Coordination and Collaboration CSIRT Teams Security Teams Technology Vendors Expert and Academia FIRST The Forum of Incident Response and Security Teams – Global Community European National CSIRT European CIP/CIIP Agencies ASEAN National CSIRT EU CSIRTs Network, ANSAC The ASEAN Network Security Action Council Asia Pacific National CSIRT Organization of Islamic Cooperation Organizational Members Expert and Academia APCERT The Asia Pacific CERT, OIC CERT The OIC CERT

Sectors of Constituency National CSIRT Sectors CSIRT/CC Government CSIRT/CC Industry CSIRT Academic CSIRT Private CSIRT, Managed Services /CC and CIIP’s

National CSIRT Team with nationwide responsibilities serve as Country and/or economy representatives Acting as trusted single point of contact (SPOC) and the focal point for nationwide incident coordination, analysis, and response Resource for the government and or key critical infrastructure, collaboration with others counterparts and partners e.g. vendors Managing nationwide goals/task/program: developing national cyber security strategy, providing education and awareness, Serving constituencies (e.g. by sectors) including others CSIRTs Assist the establishment of others CSIRTs (e.g. by sectors) 24/7 incident reporting call center, monitoring, alert, early warning Assist law enforcement agencies, cybercrime investigation process

Sectors CSIRT/CC Team with per Sectors or CI responsibilities serve as Sectors or CI representatives Acting as trusted single point of contact (SPOC) and the focal point for per Sectors or CI incident coordination, analysis, and response Resource for the respected Sectors or CI, collaboration with others counterparts and partners e.g. vendors Managing per Sectors or CI goals/task/program: developing per Sectors or CI cyber security strategy, providing education and awareness, Serving constituencies (e.g. by industry) including others industry or organizational level CSIRTs Assist the establishment of others CSIRTs (e.g. by industry or organization) 24/7 incident reporting call center, monitoring, alert, early warning Assist law enforcement agencies, cybercrime investigation process

Role of Coordination and Collaboration Coordination in CSIRT refers to the process of bringing together various stakeholders, both internal and external, to effectively manage and resolve cybersecurity incidents and improving the level of cybersecurity resilience. Collaboration in CSIRT involves working together with other teams, sectors, industry, organizations, or even national CSIRTs to exchange information, share resources, knowledges, experiences and expertise, and to act collectively. Coordination and collaboration within a CSIRT are crucial for effective incident response and improving cybersecurity.

Relation Maps Constituency rep. Physical security Human resources Legal council/LE Analyst investigator Liaisons and PR Communication Operation Center Management CSIRT Constituency Physical HRD Legal/ LEA SOC/ Analyst Liaisons/ PR Communication Channel Management

Why is Collaboration Important? Maximizes Resources Effective coordination ensures that all available but limited resources are being used efficiently, minimizing time, effort and cost. Increase Effectiveness CSIRTs can perform better, faster, and more thoroughly when they work together to address a common goal and share expertise. Risk Reduction Well-coordinated CSIRT activities reduce the risk of duplication of efforts, conflicting actions, and knowledge gaps, which can result in ineffective security postures.

1 Shared Learning CSIRT collaboration creates opportunities to share knowledge, skills, and expertise, helping each member learn from one another's experiences. 2 Expand Resources Collaboration allows CSIRTs to access a range of additional resources that may not be available to them individually, providing greater capability to respond to potential threats. 3 Improve Response Capability With a collaborative approach, CSIRTs have more diverse opinions, strategies, and solutions to respond to incidents and improve their capabilities.

Coordination Challenges 1 Communication Barriers Language, culture, time zones, and limited communication channels can cause difficulties in information flow and understanding. 2 Non-standardized Processes Different CSIRTs may have diverse processes for handling incidents, which can cause confusion and disrupt coordination efforts. 3 Limited Resources Resource constraints can hamper cooperation efforts and limit the ability to share knowledge.

To Overcome The Challenges Standardize Procedures By implementing common standardized procedures, such as framework, incident classification, CSIRTs can agree upon a common language and procedures to help facilitate cooperation. Establish Communication Protocol CSIRTs should use a variety of communication channels to ensure the security of the information being shared, with a clear understanding of terminology, language to enable effective action. Establish Trust Building trust can be facilitated through regular communication, offline real human networking, mutual respect and transparencies. Regular readiness drill and exercise will improve trust.

References What Is: " Computer Security Incident Response Team (CSIRT) ” [article] National Cyber Security Council (NL): “ Starting a Collective CSIRT Guide ” [PDF] Carnegie Mellon University: “ The Sector CSIRT Framework: Developing Sector-Based Incident Response Capabilities ” [PDF]

Thank You! CSIRT . ID Indonesia Cyber Security Independent Resilience Team Email : [email protected] ; Author : [email protected]
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 52
  • Slides 24
  • Age 471 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category