http://www.iriss.ie info@iriss.ie

Creating A CERT at WARP Speed

2004 – The Journey Begins

Copyright © 2010 IRISS www.irissie 2

What’s Missing?

3Copyright © 2010 IRISS www.irissie

Situation

4

Knowledge Economy “Silicon Valley” Europe

Over 97% of Irish Businesses are SME<50 Employees and Annual Turnover <€10mEver Increasing Dependence on ICTNo Independent Source of InfoSec information

Economy At RiskNational Security and CNI at RiskLack of Data for Law EnforcementSoft Back Door to UK CNI

Copyright © 2010 IRISS www.irissie

Not a Fair Fight !

5Copyright © 2010 IRISS www.irissie

Stakeholders

6Copyright © 2010 IRISS www.irissie

Does Ireland Need a CERT?

Do you think Ireland needs a CERT?

82.39%

17.61%

Yes

No

7Copyright © 2010 IRISS www.irissie

8

Job Complete?

Copyright © 2010 IRISS www.irissie

9

Estonia Effect

Copyright © 2010 IRISS www.irissie

10

Job Complete?

Copyright © 2010 IRISS www.irissie

11

IRISS Is Born

Copyright © 2010 IRISS www.irissie

Who is IRISS-CERT?

12

Ireland’s First CSIRT(Computer Security Incident Response Team)

Provide Services On Information Security

Services Provided Free of Charge

Not For Profit Organisation

Copyright © 2010 IRISS www.irissie

Services Offered

Irish Focused Alerts and WarningsVulnerability Awareness Incident AwarenessSanitised Attack NotificationsCoordination Service

Irish Focused ResearchTrends and MetricsGeneral Awareness

Knowledge Sharing Informal discussion Information Sharing & Dissemination

13Copyright © 2010 IRISS www.irissie

We Serve

Government Bodies and Agencies

Private Sector Companies

SME Sector

Industry Bodies

Other CERTs

14Copyright © 2010 IRISS www.irissie

15

IRISS Associations

Copyright © 2010 IRISS www.irissie

16

Sponsors

Copyright © 2010 IRISS www.irissie

Reaction

17Copyright © 2010 IRISS www.irissie

The Future

18Copyright © 2010 IRISS www.irissie

19

Planning Your CERT

Copyright © 2010 IRISS www.irissie

20

Engage With Stakeholders

Copyright © 2010 IRISS www.irissie

21

Identify Your Clients

Copyright © 2010 IRISS www.irissie

22

Identify Services

Copyright © 2010 IRISS www.irissie

23

Establish Your Requirements

Copyright © 2010 IRISS www.irissie

24

Identify Tools

Copyright © 2010 IRISS www.irissie

25

Get Funding & Support

Copyright © 2010 IRISS www.irissie

26

Practise, Practise, Practise

Copyright © 2010 IRISS www.irissie

27

Establish the IRT

Copyright © 2010 IRISS www.irissie

28

Deliver Your Services

Copyright © 2010 IRISS www.irissie

29

Be Prepared

Copyright © 2010 IRISS www.irissie

30

Hurdles

Copyright © 2010 IRISS www.irissie

31

IRISS Is A WARP

Copyright © 2010 IRISS www.irissie

32

What Is A WARP?

Copyright © 2010 IRISS www.irissie

33

WARP MSP

Copyright © 2010 IRISS www.irissie

34

WARP MSP

Copyright © 2010 IRISS www.irissie

35

WARP MSP

Copyright © 2010 IRISS www.irissie

36

WARP MSP

Copyright © 2010 IRISS www.irissie

37

WARP FWA

Copyright © 2010 IRISS www.irissie

38Copyright © 2010 IRISS www.irissie

Why A WARP?

39Copyright © 2010 IRISS www.irissie

40

More Resources

ENISA - A step-by-step approach on how to set up a CSIRT http://enisa.europa.eu/cert_guide/downloads/CSIRT_setting_up_guide_ENISA.pdf

CERT-in-a-boxhttp://www.govcert.nl/render.html?it=69

Handbook for CSIRTs (CERT/CC)http://www.cert.org/archive/pdf/csirt-handbook.pdf

Forming an Incident Response Teamhttp://www.auscert.org.au/render.html?it=2252

NIST Computer Security Incident Handling Guidehttp://www.securityunit.com/publications/sp800-61.pdf

CSIRT Starter Kit http://www.terena.org/activities/tf-csirt/starter-kit.htmlTrusted Introducer for CSIRTs in Europehttp://www.ti.terena.nl/

Warning Advice and Warning Point (WARP)http://www.warp.gov.uk/

Copyright © 2010 IRISS www.irissie

Questions ?