Security breaches are becoming a regular occurrence with many creating headlines. Yet, despite this publicity the details of breaches are often not disclosed so other organisations cannot learn from them. IRISSCERT has been contributing data on incidents in Ireland to the Verizon Data Breach Incident Report and will use this data to outline to those attending what types of attacks are happening to Irish organisations, what steps they can take to prevent becoming a victim of those same attacks and the lessons learnt to better improve their own incident response capabilities
4. What is IRISS-CERT?
Ireland’s First CSIRT
(Computer Security Incident Response Team)
Provide Services On Information Security
Services Provided Free of Charge
Not For Profit Organisation
5. Services Offered
Irish Focused Alerts and Warnings
Vulnerability Awareness
Incident Awareness
Sanitised Attack Notifications
Coordination Service
Irish Focused Research
Trends and Metrics
General Awareness
Knowledge Sharing
Informal discussion
Information Sharing & Dissemination
17. Other Key Achievements
Verizon Databreach Investigations Report
(DBIR) 2012 & 2013
Assisted NHTCU In Bredolab Cleanup
Hosted Transits Training for 35 CERT Personnel
From Around Europe
DNS Changer Cleanup
Participated in A CERT Exercises
Coordinated Vulnerability Disclosures (CNI,
vendors, & websites)
20. Recognised Threat
“the cyber threat to our nation
is one of the most serious
economic and national
security challenges we face.”
"industrial-scale processes
involving many thousands of
people lying behind both state
sponsored cyber espionage and
organised cyber crime".
42. 2012 - Incidents
Increase in Targeted Attacks
Increase in DDOS Attacks
Increase in Activism
Ransomware Attacks
43. 2012 - Incidents
Root Cause
Poor Passwords
Missing Patches
Vulnerabilities
Web Platforms
Out of Data Anti-Virus Software
Lack of Monitoring
2004 I identified that Ireland had no CERT. I felt that this was a major weakness in our security infrastructure at both an economic and national security point of view. In 2004 I took the decision to pursue the reasons why we had no CERT and based on the responses determine if we needed one. If it was determined we should have one then outline a way forward for Ireland to have a CERT
I met with the various stakeholders;
Department of Communications responsible for Internet security
Subsequent meetings with
An Garda Siochana (Irish Police)
Chambers Ireland
Irish Business and Employers Confederation
Enterprise Ireland
Irish Small & Medium Enterprises Association
Internet Service Provider Association of Ireland
Science Foundation Ireland
HEAnet CERT
Center for Cybercrime Investigation - University College Dublin
ISSA Ireland
Irish Information Systems Security Forum
The SANS Institute Europe
ENISA (the European Network and Information Security Agency )
Numerous Organisations of Varying Sizes
So I set up IRISS.
IRISS is a registered not for profit company.
Business Day coverage
Contactable by email & web.
Part Time Volunteer Staff
Irish Focused Security Information
The three certainties with regards to information security
Death and Taxes
You will have an incident.
How you respond to an incident will have a direct influence on the impact that incident may have to your costs, reputation and ability to conduct business.
Improved Response provides;
Positive Security Posture
Incidents Dealt with Quickly, Efficiently and Effectively
Rapid and Accurate Assessment of Incidents
Choosing Most Appropriate Response.
Shortened Recovery Times.
Minimised Business Disruption.
Confidence to Proceed with a Court Case.
Regulatory and Legal Compliance.
Potential Reduction in Incidents.
Accurate Reporting and Metrics
Impossible to monitor everything – add intelligence and automation