![Page 1: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/1.jpg)
1
CREATING AND MANAGING CERT
![Page 2: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/2.jpg)
2
Internet Wonderful and Terrible
“The wonderful thing about the Internet is that you’re connected to everyone else.The terrible thing about the Internet is that you’re connected to everyone else.”Vint Cerf
![Page 3: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/3.jpg)
3
Introduction
• Keeping organizational information assets secure in today's interconnected computing environment is a true challenge that becomes more difficult with each new "e" product and each new intruder tool.
![Page 4: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/4.jpg)
4
Introduction
• Most organizations realize that there is no one solution or panacea for securing systems and data; instead a multi-layered security strategy is required .
• One of the layers that many organizations are including in their strategy today is the creation of a Computer Security Incident Response Team, generally called a CSIRT.
![Page 5: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/5.jpg)
5
Motivation
• Motivators driving the establishment of CERT:– A general increase in the number of computer security
incidents being reported.– Organizations on the need for security policies and
practices as part of their overall risk-management strategies.
– New laws and regulations.– System and network administrators alone cannot
protect organizational systems and assets – Prepared plan and strategy is required
![Page 6: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/6.jpg)
6
What is a CERT?
• An organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents.
![Page 7: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/7.jpg)
7
Process versus Technology
• Incident handling is not just the application of technology to resolve computer security events – It is the development of a plan of action. – It is the establishment of processes for
• Notification and communication • Collaboration and coordination • Analysis and response
![Page 8: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/8.jpg)
8
Benefits of CERT
• Reactive – Focused response effort – More rapid and standardized response – Stable cadre of staff with incident handling
expertise, combined with functional business knowledge.
– Coordination with others in security community.
![Page 9: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/9.jpg)
9
Benefits of CERT
• Proactive : – - Enabler of organizational business goals.– - Value-added services to business processes .– - Input into product development cycle or
network operations .– - Assistance in performing vulnerability
assessments and development of security policies .
![Page 10: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/10.jpg)
10
What Does a CERT Do?
• In general CERT – Provides a single point of contact for reporting
local problems – Assists the organizational constituency and
general computing community in preventing and handling computer security incidents
– Shares information and lessons learned with other response teams and other appropriate organizations and sites
![Page 11: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/11.jpg)
11
General Categories of CERT • Internal CERT
– Educational – Governmental – Commercial
• Coordination Centers – Country – State – Region
• Analysis Centers • Vendor • Incident response provider
![Page 12: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/12.jpg)
12
Stages of CERT Development
• Stage 1 Educating the organization • Stage 2 Planning effort • Stage 3 Initial implementation • Stage 4 Operational phase • Stage 5 Peer collaboration
![Page 13: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/13.jpg)
13
Creating an Effective CERT
• To be effective, a CERT requires four basic elements – An operational framework – A service and policy framework – A quality assurance framework – The capability to adapt to a changing
environment and changing threat profiles
![Page 14: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/14.jpg)
14
Implementation Recommendations
• Get Management buy-in and organizational consensus
• Match goals to parent or constituent organizational policies and business goals
• Select CERT development project team. • Communicate throughout the process • Start small and grow • Use what exists, if appropriate. (Re-use is good.)
![Page 15: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/15.jpg)
15
Implementation Steps:
• Get approval and support from management • Identify who will need to be involved • Have an announcement sent out by management • Select a project team • Collect information
– Research what other organizations are doing – Identify existing processes and workflows – Interview key stakeholders and participants
![Page 16: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/16.jpg)
16
Implementation Steps
• With input from stakeholders determine – CERT mission
• CERT range and levels of service • CERT reporting structure, authority and organizational model • Identify interactions with key parts of the constituency • Define roles and responsibilities for interactions
– Create a plan based on the vision or framework. – Obtain feedback on the plan – Build CERT – Announce CERT – Get feedback
![Page 17: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/17.jpg)
17
Common Problems
• Failure to – Include all involved parties – Achieve consensus – Develop and overall vision and framework – Outline and document policies and procedures
• Organizational battles • Taking on too many services • Unrealistic expectations or perceptions • Lack of time staff, and funding
![Page 18: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/18.jpg)
18
Think Big
Start Small
Scale Fast!!!!!!!!!!!!
![Page 19: 1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The](https://reader035.vdocuments.site/reader035/viewer/2022062306/5a4d1b307f8b9ab05999ae1e/html5/thumbnails/19.jpg)
19