2023 NCIT: Essentials for a CERT

APNIC
APNICAPNIC
Essentials for a CERT : How Far Are We? Adli Wahid adli@apnic.net 1
Let’s Connect! Adli Wahid (LinkedIn) 2
CERT / CSIRT • Certificate • Computer Emergency Response Team • Computer Security Incident Response Team 3
My Perspective National CERT 2006 - 2012 Enterprise CSIRT 2012 - 2014 Support for new CERT/CSIRTS 2014 – now CERT Community (FIRST.org) 4
Where does it fit? Identify Protect Detect Respond Recover NIST Cyber Security Framework (v1) 5
Incidents Everywhere! Anticipate & Prepare Incident Response Plan / Playbook Mitigate & Share Lessons Learned 6
Entities & Capabilities CERT with National Responsibilities Enterprise CERTs/CSIRTs CERT of the Last Resort Ad-Hoc Incident Response Check out www.first.org Trusted Point of Contacts 7
Incident Response Process & Capabilities 8
Managing Things 9 • Managing Security Incidents o Reduce Impact of Security Incidents o Prevent Security Incident from Occurring o Fixing actual vulnerabilities o Gain insights about emerging threats or incidents (Information Security & Analysis Centers, Threat Intel Feeds) o Collaborate with other stakeholders (i.e. investigation, policy/strategy) • Managing Security Incident Response Teams o Establishing CSIRT o Operationalizing CSIRT o Having the right skill-sets, knowledge and tools o Being part of the community o Mentoring
Outcomes Co-ordination Reports with Context Information Sharing = Collaboration Actionable Plans Preparedness Better Policies / Strategy Education / Awareness (Targeted) 10
Don’t Phish Me! • Online Banking • Traditional Phishing (email -> Web) • Multiple Banks • CERT receiving reports but coordination is needed • Money Mules! • Outcomes – coordinated plan, LEA engagement, Awareness for Customers, Browser Plugin Anti Phishing Working Group (2007) 11
Key Ingredient – People • Who is going to work in the team • Role/Position = $$ • Training and capacity development oGo deeper and wider • Transitioning from non-security, non-secops • Upskilling for tech folks – management 12 Sri Lanka CERT Cyber Security Awareness Week (2016)
Annual National Cyber Security Exercise 2007 - XMAYA National Cyber Crisis Management Plan for Critical Infrastructure Process Coordination / Escalation People / Technology Capabilities and Communication o National Security Council o Support by Sector Lead of Critical Infrastructure o Drill Development & Preparation by National CERT o Good view of policy vs implementation o Roles & Responsibilities o Capacity Development – Experience Incident 13
Challenges • Different Set of Challenges for National vs Enterprise CERTs • Getting started ** • Organisational – Mandate/Responsibility, Sustainability and Expansion • Operational – visibility, resources, collaboration & coordination 14
Challenges - Continuity • Continuity – change is expected • Consistent policy, vision needed • Positive = CERT expanding into a cyber security agency • Negative = No funding for CERT, hostile takeovers • Strengthening the Stakeholders • User base and technology is dynamic • Supporting the ecosystem – Resources, Training & Infrastructure 15
CERT/CSIRT in the Pacific Project • Interest in setting up a National CERT (starting with CERT Tonga) in 2016 • Kick Start – Series of Workshops • Focus o Establishing & Operationalizing a CERT in the context of the Pacific o Collaboration + Networking (with other partners PACSON, APCERT & FIRST) o On the job training o Sharing ideas, success stories etc • Created momentum in other areas of cyber security i.e. education & awareness, support for LEAs and other stakeholders 16
Where are we? 1. Do you have an incident response plan? 2. What are the top 5 threats last year or last month? 3. Where do cyber security incidents* get reported? 4. Is there an active information sharing network for security practitioners or security teams? 5. Is there good visibility of what is happening in the environment? 6. Are organisations assessed to deal with data breach incidents or ransomware? How is the coverage? 7. Are there any activities related to the coordination of incidents within a specific economic sector or at the national level. 17
Cyber Security Ecosystem Network Operators Law Enforcement Policy Makers / Gov Researchers Vendors CERTS/ISACs /CSIRTs Individual Users Organizations 18
Take Aways • Appreciation of Incident Response in the Bigger Security Picture • Cyber Resilience is not an option • Continuous process • Dedicated Teams & Capabilities • Challenges – Getting Started, Expanding and Maintaining • Requires planning, resources and persistence • Our role – support & do something now 19
Thank you Adli Wahid (LInkedIn) adli@apnic.net www.apnic.net academy.apnic.net 20
1 de 20

2023 NCIT: Essentials for a CERT

Descargar para leer sin conexión
Internet

APNIC Senior Security Specialist Adli Wahid gave a keynote presentation on the essential component of a CERT at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.

APNIC
APNICAPNIC

Recomendados

2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...APNIC
236 vistas11 diapositivas
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionCylance
2.1K vistas21 diapositivas
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
1.4K vistas19 diapositivas
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
684 vistas31 diapositivas
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
535 vistas43 diapositivas
Why Your Company Needs A Privacy Culture & Where To StartWhy Your Company Needs A Privacy Culture & Where To Start
Why Your Company Needs A Privacy Culture & Where To StartTrustArc
252 vistas15 diapositivas

Más contenido relacionado

Similar a 2023 NCIT: Essentials for a CERT

Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
1.1K vistas21 diapositivas
The Permanent CampaignThe Permanent Campaign
The Permanent CampaignDenim Group
313 vistas20 diapositivas

Similar a 2023 NCIT: Essentials for a CERT(20)

Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk1.1K vistas
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group313 vistas
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
Denim Group351 vistas
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
centralohioissa1.4K vistas
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley881 vistas
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
Directorate of Information Security | Ditjen Aptika700 vistas
Building an Effective Data Privacy Program – 6 Steps from TRUSTeBuilding an Effective Data Privacy Program – 6 Steps from TRUSTe
Building an Effective Data Privacy Program – 6 Steps from TRUSTe
TrustArc1.4K vistas
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
Pedro Henriques1.2K vistas
Cybersecurity response in the PacificCybersecurity response in the Pacific
Cybersecurity response in the Pacific
APNIC525 vistas
Introducing Ethical Hacking to the Ministry of Defence.pdfIntroducing Ethical Hacking to the Ministry of Defence.pdf
Introducing Ethical Hacking to the Ministry of Defence.pdf
Association for Project Management 215 vistas
Stockholm Internet Forum 2017: Development of CERTs in the Asia PacificStockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
APNIC445 vistas
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
Ty Sbano124 vistas
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Steve Phelps1.8K vistas
Testing in the Year 2020: The Erosion of Governance, Management, and ExcellenceTesting in the Year 2020: The Erosion of Governance, Management, and Excellence
Testing in the Year 2020: The Erosion of Governance, Management, and Excellence
TechWell300 vistas
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group1.6K vistas
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall380 vistas
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja421 vistas
Towards data responsibility - how to put ideals into actionTowards data responsibility - how to put ideals into action
Towards data responsibility - how to put ideals into action
Mindtrek9 vistas
Digital crypto currency - Is it a game changer investment in India?Digital crypto currency - Is it a game changer investment in India?
Digital crypto currency - Is it a game changer investment in India?
Pavan Dikondkar41 vistas
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
Donald E. Hester693 vistas

Más de APNIC

KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status UpdateAPNIC
399 vistas25 diapositivas
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesAPNIC
405 vistas15 diapositivas
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South AsiaAPNIC
350 vistas52 diapositivas

Más de APNIC(20)

IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC15 vistas
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
APNIC346 vistas
KHNOG 5: RPKI Status UpdateKHNOG 5: RPKI Status Update
KHNOG 5: RPKI Status Update
APNIC399 vistas
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC Services
APNIC405 vistas
PITA Strategy Forum 2023: Internet resiliencePITA Strategy Forum 2023: Internet resilience
PITA Strategy Forum 2023: Internet resilience
APNIC438 vistas
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South Asia
APNIC350 vistas
SANOG 40: RPKI in South AsiaSANOG 40: RPKI in South Asia
SANOG 40: RPKI in South Asia
APNIC351 vistas
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypots
APNIC426 vistas
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
APNIC426 vistas
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining Bots
APNIC418 vistas
VNIX-NOG 2023: IPv6 Deployment in government networksVNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networks
APNIC425 vistas
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalidsVNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
VNIX-NOG 2023: State of RPKI in APAC - Cleaning up invalids
APNIC420 vistas
SGNOG 10: IPv6 Insights in South East AsiaSGNOG 10: IPv6 Insights in South East Asia
SGNOG 10: IPv6 Insights in South East Asia
APNIC416 vistas
mnNOG 5: Open source SD-WANmnNOG 5: Open source SD-WAN
mnNOG 5: Open source SD-WAN
APNIC482 vistas
mnNOG 2023: State of IPv6 in MongoliamnNOG 2023: State of IPv6 in Mongolia
mnNOG 2023: State of IPv6 in Mongolia
APNIC933 vistas
mnNOG 2023: On GEOs, LEOs and StarlinkmnNOG 2023: On GEOs, LEOs and Starlink
mnNOG 2023: On GEOs, LEOs and Starlink
APNIC495 vistas
AusNOG 2023: RPKI and whois updatesAusNOG 2023: RPKI and whois updates
AusNOG 2023: RPKI and whois updates
APNIC566 vistas
AusNOG 2023: A quick look at QUICAusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUIC
APNIC582 vistas
APrIGF 2023: Sustainability of Complementary Connectivity InitiativesAPrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APrIGF 2023: Sustainability of Complementary Connectivity Initiatives
APNIC528 vistas
APAN 56: APNIC Report APAN 56: APNIC Report
APAN 56: APNIC Report
APNIC293 vistas

Último

informing ideas.docxinforming ideas.docx
informing ideas.docxMollyBrown86
12 vistas10 diapositivas
Sustainable MarketingSustainable Marketing
Sustainable MarketingTheo van der Zee
6 vistas50 diapositivas

Último(20)

Pen Testing - Allendevaux.pdfPen Testing - Allendevaux.pdf
Pen Testing - Allendevaux.pdf
SourabhKumar328076 vistas
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
RIPE NCC9 vistas
informing ideas.docxinforming ideas.docx
informing ideas.docx
MollyBrown8612 vistas
Sustainable MarketingSustainable Marketing
Sustainable Marketing
Theo van der Zee6 vistas
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
OMS: Diretrizes para um controle da promoção comercial dos ditos substitutos ...
Prof. Marcus Renato de Carvalho87 vistas
WEB 2.O TOOLS: Empowering education.pptxWEB 2.O TOOLS: Empowering education.pptx
WEB 2.O TOOLS: Empowering education.pptx
narmadhamanohar218 vistas
PORTFOLIO 1 (Bret Michael Pepito).pdfPORTFOLIO 1 (Bret Michael Pepito).pdf
PORTFOLIO 1 (Bret Michael Pepito).pdf
brejess04106 vistas
google forms survey (1).pptxgoogle forms survey (1).pptx
google forms survey (1).pptx
MollyBrown8614 vistas
DU_SERIES_Session1.pdfDU_SERIES_Session1.pdf
DU_SERIES_Session1.pdf
RohitRadhakrishnan8773 vistas
informationinformation
information
khelgishekhar6 vistas
UiPath Document Understanding_Day 3.pptxUiPath Document Understanding_Day 3.pptx
UiPath Document Understanding_Day 3.pptx
UiPathCommunity83 vistas
DU Series - Day 4.pptxDU Series - Day 4.pptx
DU Series - Day 4.pptx
UiPathCommunity73 vistas
UiPath Document Understanding_Day 2.pptxUiPath Document Understanding_Day 2.pptx
UiPath Document Understanding_Day 2.pptx
RohitRadhakrishnan8250 vistas
childcare.pdfchildcare.pdf
childcare.pdf
fatma alnaqbi13 vistas
Audience profile.pptxAudience profile.pptx
Audience profile.pptx
MollyBrown8612 vistas
Serverless cloud architecture patternsServerless cloud architecture patterns
Serverless cloud architecture patterns
Jimmy Dahlqvist15 vistas
We see everywhere that many people are talking about technology.docxWe see everywhere that many people are talking about technology.docx
We see everywhere that many people are talking about technology.docx
ssuserc5935b5 vistas
FS Design 2024 V2.pptx FS Design 2024 V2.pptx
FS Design 2024 V2.pptx
paswanlearning7 vistas
Existing documentaries (1).docxExisting documentaries (1).docx
Existing documentaries (1).docx
MollyBrown8613 vistas
AI Powered event-driven translation botAI Powered event-driven translation bot
AI Powered event-driven translation bot
Jimmy Dahlqvist15 vistas

2023 NCIT: Essentials for a CERT

  • 1. Essentials for a CERT : How Far Are We? Adli Wahid adli@apnic.net 1
  • 3. CERT / CSIRT • Certificate • Computer Emergency Response Team • Computer Security Incident Response Team 3
  • 4. My Perspective National CERT 2006 - 2012 Enterprise CSIRT 2012 - 2014 Support for new CERT/CSIRTS 2014 – now CERT Community (FIRST.org) 4
  • 5. Where does it fit? Identify Protect Detect Respond Recover NIST Cyber Security Framework (v1) 5
  • 6. Incidents Everywhere! Anticipate & Prepare Incident Response Plan / Playbook Mitigate & Share Lessons Learned 6
  • 7. Entities & Capabilities CERT with National Responsibilities Enterprise CERTs/CSIRTs CERT of the Last Resort Ad-Hoc Incident Response Check out www.first.org Trusted Point of Contacts 7
  • 8. Incident Response Process & Capabilities 8
  • 9. Managing Things 9 • Managing Security Incidents o Reduce Impact of Security Incidents o Prevent Security Incident from Occurring o Fixing actual vulnerabilities o Gain insights about emerging threats or incidents (Information Security & Analysis Centers, Threat Intel Feeds) o Collaborate with other stakeholders (i.e. investigation, policy/strategy) • Managing Security Incident Response Teams o Establishing CSIRT o Operationalizing CSIRT o Having the right skill-sets, knowledge and tools o Being part of the community o Mentoring
  • 11. Don’t Phish Me! • Online Banking • Traditional Phishing (email -> Web) • Multiple Banks • CERT receiving reports but coordination is needed • Money Mules! • Outcomes – coordinated plan, LEA engagement, Awareness for Customers, Browser Plugin Anti Phishing Working Group (2007) 11
  • 12. Key Ingredient – People • Who is going to work in the team • Role/Position = $$ • Training and capacity development oGo deeper and wider • Transitioning from non-security, non-secops • Upskilling for tech folks – management 12 Sri Lanka CERT Cyber Security Awareness Week (2016)
  • 13. Annual National Cyber Security Exercise 2007 - XMAYA National Cyber Crisis Management Plan for Critical Infrastructure Process Coordination / Escalation People / Technology Capabilities and Communication o National Security Council o Support by Sector Lead of Critical Infrastructure o Drill Development & Preparation by National CERT o Good view of policy vs implementation o Roles & Responsibilities o Capacity Development – Experience Incident 13
  • 14. Challenges • Different Set of Challenges for National vs Enterprise CERTs • Getting started ** • Organisational – Mandate/Responsibility, Sustainability and Expansion • Operational – visibility, resources, collaboration & coordination 14
  • 15. Challenges - Continuity • Continuity – change is expected • Consistent policy, vision needed • Positive = CERT expanding into a cyber security agency • Negative = No funding for CERT, hostile takeovers • Strengthening the Stakeholders • User base and technology is dynamic • Supporting the ecosystem – Resources, Training & Infrastructure 15
  • 16. CERT/CSIRT in the Pacific Project • Interest in setting up a National CERT (starting with CERT Tonga) in 2016 • Kick Start – Series of Workshops • Focus o Establishing & Operationalizing a CERT in the context of the Pacific o Collaboration + Networking (with other partners PACSON, APCERT & FIRST) o On the job training o Sharing ideas, success stories etc • Created momentum in other areas of cyber security i.e. education & awareness, support for LEAs and other stakeholders 16
  • 17. Where are we? 1. Do you have an incident response plan? 2. What are the top 5 threats last year or last month? 3. Where do cyber security incidents* get reported? 4. Is there an active information sharing network for security practitioners or security teams? 5. Is there good visibility of what is happening in the environment? 6. Are organisations assessed to deal with data breach incidents or ransomware? How is the coverage? 7. Are there any activities related to the coordination of incidents within a specific economic sector or at the national level. 17
  • 18. Cyber Security Ecosystem Network Operators Law Enforcement Policy Makers / Gov Researchers Vendors CERTS/ISACs /CSIRTs Individual Users Organizations 18
  • 19. Take Aways • Appreciation of Incident Response in the Bigger Security Picture • Cyber Resilience is not an option • Continuous process • Dedicated Teams & Capabilities • Challenges – Getting Started, Expanding and Maintaining • Requires planning, resources and persistence • Our role – support & do something now 19
  • 20. Thank you Adli Wahid (LInkedIn) adli@apnic.net www.apnic.net academy.apnic.net 20