1 creating and managing cert. 2 internet wonderful and terrible “the wonderful thing about the...
DESCRIPTION
3 Introduction Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new "e" product and each new intruder tool.TRANSCRIPT
1
CREATING AND MANAGING CERT
2
Internet Wonderful and Terrible
“The wonderful thing about the Internet is that you’re connected to everyone else.The terrible thing about the Internet is that you’re connected to everyone else.”Vint Cerf
3
Introduction
• Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new "e" product and each new intruder tool.
4
Introduction
• Most organizations realize that there is no one solution or panacea for securing systems and data; instead a multi-layered security strategy is required .
• One of the layers that many organizations are including in their strategy today is the creation of a Computer Security Incident Response Team, generally called a CSIRT.
5
Motivation
• Motivators driving the establishment of CERT:– A general increase in the number of computer security
incidents being reported.– Organizations on the need for security policies and
practices as part of their overall risk-management strategies.
– New laws and regulations.– System and network administrators alone cannot
protect organizational systems and assets – Prepared plan and strategy is required
6
What is a CERT?
• An organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents.
7
Process versus Technology
• Incident handling is not just the application of technology to resolve computer security events – It is the development of a plan of action. – It is the establishment of processes for
• Notification and communication • Collaboration and coordination • Analysis and response
8
Benefits of CERT
• Reactive – Focused response effort – More rapid and standardized response – Stable cadre of staff with incident handling
expertise, combined with functional business knowledge.
– Coordination with others in security community.
9
Benefits of CERT
• Proactive : – - Enabler of organizational business goals.– - Value-added services to business processes .– - Input into product development cycle or
network operations .– - Assistance in performing vulnerability
assessments and development of security policies .
10
What Does a CERT Do?
• In general CERT – Provides a single point of contact for reporting
local problems – Assists the organizational constituency and
general computing community in preventing and handling computer security incidents
– Shares information and lessons learned with other response teams and other appropriate organizations and sites
11
General Categories of CERT • Internal CERT
– Educational – Governmental – Commercial
• Coordination Centers – Country – State – Region
• Analysis Centers • Vendor • Incident response provider
12
Stages of CERT Development
• Stage 1 Educating the organization • Stage 2 Planning effort • Stage 3 Initial implementation • Stage 4 Operational phase • Stage 5 Peer collaboration
13
Creating an Effective CERT
• To be effective, a CERT requires four basic elements – An operational framework – A service and policy framework – A quality assurance framework – The capability to adapt to a changing
environment and changing threat profiles
14
Implementation Recommendations
• Get Management buy-in and organizational consensus
• Match goals to parent or constituent organizational policies and business goals
• Select CERT development project team. • Communicate throughout the process • Start small and grow • Use what exists, if appropriate. (Re-use is good.)
15
Implementation Steps:
• Get approval and support from management • Identify who will need to be involved • Have an announcement sent out by management • Select a project team • Collect information
– Research what other organizations are doing – Identify existing processes and workflows – Interview key stakeholders and participants
16
Implementation Steps
• With input from stakeholders determine – CERT mission
• CERT range and levels of service • CERT reporting structure, authority and organizational model • Identify interactions with key parts of the constituency • Define roles and responsibilities for interactions
– Create a plan based on the vision or framework. – Obtain feedback on the plan – Build CERT – Announce CERT – Get feedback
17
Common Problems
• Failure to – Include all involved parties – Achieve consensus – Develop and overall vision and framework – Outline and document policies and procedures
• Organizational battles • Taking on too many services • Unrealistic expectations or perceptions • Lack of time staff, and funding
18
Think Big
Start Small
Scale Fast!!!!!!!!!!!!
19