Understanding Cyber Security Incident Response Teams (CSIRTs) as Multiteam Systems (MTSs)
Introduction to CSIRTs
Transcript of Introduction to CSIRTs
![Page 2: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/2.jpg)
AdliWahid
• SecuritySpecialist@APNIC• [email protected]• MemberofINTERPOLCyberCrimeExpertGroup• Let’sConnect
• Twitter:@adliwahid• Linkedin:AdliWahid• APNIC’sBlog:https://blog.apnic.net
![Page 3: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/3.jpg)
SecurityResilience
SecuritybyDesign
SecurityinDeployment
SecurityinOperation
SecurityinBreach
![Page 4: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/4.jpg)
![Page 5: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/5.jpg)
EcosystemNetwork
Operators/ServiceProviders
LawEnforcement/
Judiciary
PolicyMakers EndUsers/Consumers
NationalCERTs/CSIRTs|CyberSecurity
Agency
Hardware/SoftwareVendors
![Page 6: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/6.jpg)
Why?
1. Getnotified2. ReduceImpactofSecurityIncident3. Understandthe(root)cause4. DoSomethingAboutIt
![Page 7: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/7.jpg)
GetNotified• HowcanotherCERTs/CSIRTcontactyou?
o Incidentso SourceofSecurityIncidentso Suspiciousactivitieso ThreatInformation
• Whois db andothermeanso APNIC’sWhois Accuracyinitiative
• Willyoudosomethingaboutit?o Awarenesso Capabilitieso Policies&Procedures
• Alloftheabove:Preparedness
irt:IRT-APNIC-IS-APaddress:SouthBrisbane,Australiae-mail:[email protected]:[email protected]:AIC1-APtech-c:AIC1-APauth:#Filteredremarks:APNICInfrastructureServicesmnt-by:MAINT-APNIC-IS-APchanged:[email protected] 20110704source:APNIC
https://blog.apnic.net/2016/09/27/lea-stakeholders-enter-whois-discussion/
![Page 8: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/8.jpg)
ReducePotentialImpact• Timeliness• SecurityIncidentshaveaffectconstituent’s
• Operation• Business• Image/Brand• Safety
• Understandthe(root)causeoAdvise/Alerttheconstituents
• Reducecostrequiredtofix
Cryptolocker
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 9: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/9.jpg)
DoSomethingAboutIt• Remediation
oAnalysisoCollaborationo Escalation
• DDoSExampleo Fixing/removingvulnerablehostso Fixing/removingvulnerableservicesoBCP38/SourceAddressValidationoContinuousMonitoring
• Joinindustry-wideinitiatives
ShadowServer Foundation
https://www.cybergreen.net
![Page 10: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/10.jpg)
Mapping Threat to Incident Response
l© NIST
NIST SP 800-61 rev 2 (2012
![Page 11: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/11.jpg)
CommunityofCSIRTs• Trustedgroup• InformationSharing• Beyondthat
o LessonsLearnedo JointProjects(Standards,Tools,Frameworks)o JointActivities(Events,Drills)oResources(Training,Trainers)oMentoring
oExamples:o FIRST.org ,APCERT,NZITF
FIRST.org Fellows
https://www.first.org
![Page 12: Introduction to CSIRTs](https://reader033.fdocuments.net/reader033/viewer/2022051503/5878838f1a28ab466c8b67f3/html5/thumbnails/12.jpg)
CERT/CSIRTActivitiesinAPRegion• Partnerships
• CollaborationwithFIRST.org• MoUwithAsiaPacificComputerEmergencyResponseTeams(APCERT)
• Shareresources,promoteinitiatives• Activities
• FIRSTTechnicalColloquia(SecurityTrack)atAPRICOT&APNICSupportedEvents
• CyberSecurityWorkshops• Training/E-Learning
• 2017• FIRST-TC@APRICOT• Moreactivitiesbeingplanned
TongaCERTDiscussion
SecurityWorkshopinBhutan