SlideShare una empresa de Scribd logo

Implementing CSIRT based on some frameworks and maturity model

Rakuten Group, Inc.
Rakuten Group, Inc.

We implemented CSIRT based on some frameworks and maturity model including FIRST Service Framework, SIM3 and some document devised in Japan. We will explain how to use these documents in this presentation.

Tecnología
1 de 27
Implementing CSIRT based on some framework and maturity model Jun 7, 2020 Akitsugu Ito Cyber Security Defense Department (CSDD) Rakuten, Inc.
2 Who am I? Akitsugu Ito (@springmoon6) Specialty I’ve worked security industry for 9 years. - information security management / incident handling - product security / quality assurance Previous Presentation - OWASP SAMM v2 Introduction (02/08/2020) https://speakerdeck.com/springmoon6/owasp-samm-ver-dot-2-introduction-en - Introduction of PSIRT Framework (08/29/2020) https://speakerdeck.com/springmoon6/psirt-service-framework-falsegoshao-jie
3 Agenda General Flow Directions Roles & Services Dissemination Operation Future Tasks
4 General Flow Direction Define Services Services & Roles Dissemination Operation JPCERT/CC CSIRTマテリアル (11/26/2015) https://www.jpcert.or.jp/csirt_material/ Concept Build Operation
5 Background CSIRT for communicating with external stakeholders Each industry has an exclusive security community, such as ICT-ISAC.They have hold very important information inside members limitedly. It is necessary to establish new Rakuten Mobile CSIRT to catch the cyber threat information from exclusive security community, and enhance the communication with external stakeholders to fight against malicious activity like Phishing. Rakuten HQ - CSDD Rakuten-CERT Tech Community - System Security Lead IPA Dept. Dept. Dept. Dept. Dept. JPCERT/CC CSIRT Promotion Div. Rakuten-MobileCSIRT Rakuten Mobile Development Team ICT-ISAC, NISC, JAIPA Police CSIRT for Telecom industry in Japan External Stakeholders Rakuten Mobile Security Team 1. Direction
6 Relationship between Stakeholders Business FunctionCorporate Function CSIRT Promotion Div. Broad sense of Rakuten-Mobile CSIRT Rakuten Mobile Security Team Service Experience Center (SXC) Narrow sense of Rakuten-Mobile CSIRT InfoSec Promotion Div. Legal UX Mobile PR Representative Director/CEO Narrow sense of Rakuten Mobile CSIRT is CSIRT Promotion office. Broad sense of RM-CSIRT is a virtual team across the company. 1. Direction
7 CSIRT Services (CMU) ・RiskAnalysis ・Business Continuity and Disaster Recovery Planning ・Security Consulting ・Awareness Building ・Education /Training ・Product Evaluation or Certification ・Announcements ・TechnologyWatch ・SecurityAudits or Assessments ・Configuration and Maintenance of SecurityTools, Applications, and Infrastructures ・Development of SecurityTools ・Intrusion Detection Services ・Security-Related Information Dissemination ・Alert and Warning ・Incident Handling - IncidentAnalysis - Incident response on site - Incident response support - Incident response coordination -Vulnerability Handling -Vulnerability analysis -Vulnerability response -Vulnerability response coordination ・Artifact Handling - Artifact analysis - Artifact response - Artifact response coordination Reactive Service Proactive Service Security Quality Management Service 1. Direction CSIRT Promotion Div. Rakuten Mobile Security Team CSIRT Services (11/2002) https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53046
8 Define roles and responsibility We defined our roles of CSIRT (broad sense) based on Nippon CSIRT Association (NCA) materials. We separate roles into two categories, War Time and Peace Time. Narrow sense of CSIRT is Point of Contacts (PoC). 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
9 Commander CSIRT General Manager PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Executives / External Stakeholders Internal system / related system Self Assessment Risk Assessment , Vulnerability Management Incident Manager Analysis the status of incidents Solution Analysts Design System Security , Assess the effectiveness Triage Coordinate affected systems Information Aggregation Status of response Explain current status Define Priority Implement Investigator Investigate Forensic Inquiry Instruct Response Inquiry Information Aggregation Define the effected area Information Aggregation Report the affected area Planning / Promote If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Information Sharing Incident Handler Vendor Management / Incident response Coordinate Researcher Information gathering / Monitoring Production Environment / Analysis Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. Roles of CSIRT (War Time) 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
10 Roles of CSIRT (Peace Time) Executives / External Stakeholders Researcher Information gathering / Monitoring Production Environment / Analysis Vulnerability Assessor Information Aggregation Judge security risk Confirm status Confirm status Feedback Training Regularly implemented Information Sharing Information Aggregation Define the effected area PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Internal system / related system Coordinate affected systems Commander CSIRT General Manager Solution Analysts Design System Security , Assess the effectivenessImplement Incident Manager Analysis the status of incidents Self Assessment Risk Assessment , Vulnerability Management Information Aggregation Report the affected area Planning / Promote Trainer Coordinate Explain current status Gather Information Incident Handler Vendor Management / Incident response If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
11 Creating Detailed Service Lists FIRST Services Framework are high level documents detailing possible services CSIRTs and PSIRTs may provide. FIRST Services Framework https://www.first.org/standards/frameworks/ 2. Services
12 Structure of CSIRT Service Framework Service Area Service Service Service Function Function Function Function Function Support Service CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 2. Services
13 Service Areas 2. Services CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1
14 Detailed Service Lists CSIRT Service Category CSIRT Services CSIRT Service Framework v2 v2 Service Area CSIRT Service Framework v2 v2 Services Reactive Service Alerts and warning Information security event management Monitoring and Detection Analyzing Incident response support Information security incident management Information security incident report acceptance Incident response coordination Information security incident coordination Vulnerability response coordination Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure Proactive Service Announcements Information security incident management Information security incident coordination Vulnerability coordination Security related information dissemination Situational Awareness Data Acquisition Analyze and interpret Communication 2. Services CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div.
15 What should we implement with high priority? We referred maturity model (Global CSIRT Maturity Framework based on SIM3). 2. Services Open CSIRT – SIM3 SelfAssessment http://sim3-check.opencsirt.org/#/
16 SIM3 (Security Incident Management Maturity Model ) The European Union Agency for Cybersecurity (ENISA) uses SIM3 to strengthen the national CSIRT of each EU country and also provides an online assessment tool based on SIM3. We can measure the maturity and/or capability of security incident management. The maturity model is built on three basic elements - Maturity Parameters (44) - Maturity Quadrants (4) - Maturity Levels (0-4) Each Parameter belongs to one of four Quadrants - the Quadrants are therefore the main four categories of Parameters: 2. Services Organization Human Tools Process SIM3 : Security Incident Management Maturity Model mkXVIII (03/30/2015) https://www.trusted-introducer.org/SIM3-Reference-Model.pdf
17 Global CSIRT Maturity Framework (GCMF) The Global CSIRT Maturity Framework is an approach from the GFCE for stimulating the development and maturity enhancements of national CSIRTs. Although it’s aimed toward national CSIRTs, the methodology and concepts can also be applied to other CSIRTs or incident response teams. The framework relies on two building blocks: the Security Incident Management Maturity Model (SIM3) and a three-tier CSIRT maturity approach by ENISA. - Basic - Intermediate - Advanced We set the our first goal on Basic Level. Organization Human Tools Process Measure and Improve the Maturity ofYour Incident Response Team (11/06/2019) https://securityintelligence.com/articles/measure-and-improve-the-maturity-of-your- incident-response-team/ 2. Services
18 Comparison table between CSIRT Service framework and SIM3 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service - 3 Information security event management Monitoring and Detection Analyzing 1 Information security incident management Information security incident report acceptance 2 Information security incident coordination 3 Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure 1 Information security incident management Information security incident coordination Vulnerability coordination 3 Situational Awareness Data Acquisition Analyze and interpret Communication 2
19 Enhance Support Service with PSIRT Framework The detail of support service is not described in CSIRT Framework. So we will enhance support service with Operational Foundation in PSIRT Framework. PSIRT framework has similar structure with CSIRT Service framework. Operation foundation is same service area with operational foundation and has more detailed services. 2. Services Service Area Service Service Service Function Function Function Function Function Support Service PSIRT Services Framework version 1.1 (Spring 2020) https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1 Service Area Service Service Service Function Function Function Function Function Operational Foundations CSIRT Service Framework PSIRT Service Framework
20 Comparison table between Enhanced Support Service and GCMF 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service – Strategic Executive Sponsorship 3 Stakeholder 3 Charter 3 Organizational Model 3 Management and Stakeholder Support 3 Support Service – Tactical Budget - Staff 3 Resources and Tools 1 Support Service – Operational Policies and Procedures 2 Evaluation and improvement 1
21 Making KSA of Narrow sense of CSIRT Staff service requires defining detailed tasks and KSA (Knowledge, Skills and Ability) of CSIRT Promotion Office. We implement it based on SECBOK. SECBOK is a KSA lists based on NICE Framework. JNSA セキュリティ知識分野(SecBoK2019)(03/18/2019) https://www.jnsa.org/result/2018/skillmap/ 2. Services
22 Dissemination and Coordination training 3. Dissemination Briefing session at All Hands Meeting Simple CoordinationTraining
23 4. Operation Advanced Appropriate Target Immature Organization Human Tools Process Assessment with GCMF
24 Future Tasks (1) Increase maturity of each area especially proactive services. - CSIRT Service Framework covered reactive service well but proactive service is not enough.
25 Future Tasks (2) Mature some PSIRT related areas - SIM3 covered vulnerability management but it’s not enough for development organization Software Assurance Maturity Model (OWASP SAMM) https://owaspsamm.org/
26 Summary - Thank you for listening We implemented CSIRT based on some frameworks and maturity model. - JPCERT/CC CSIRTマテリアル - CSIRT Services (CMU) - CSIRT 人材の定義と確保 - FIRST Services Framework (CSIRT / PSIRT) - SecBok - SIM3 - Global CSIRT Maturity Framework (GCMF) We plan to improve our CSIRT using some OWASP outputs. - OWASP SAMM
Implementing CSIRT based on some frameworks and maturity model

Recomendados

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterSylvio Verrecchia - IT Security Engineer
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 

Recomendados

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterSylvio Verrecchia - IT Security Engineer
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Secure remote work
Secure remote workSecure remote work
Secure remote workAllessandra Negri
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle ManagementFujitsu Middle East
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYharsh arora
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxAnalyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxjustine1simpson78276
 

Más contenido relacionado

La actualidad más candente

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 

La actualidad más candente (20)

Secure remote work
Secure remote workSecure remote work
Secure remote work
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 

Similar a Implementing CSIRT based on some frameworks and maturity model

The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxAnalyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxjustine1simpson78276
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxipalmer489
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Fox Theatre Institute
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...MaoTseTungBritoSilva1
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsIRJET Journal
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestrationChadni Islam
 

Similar a Implementing CSIRT based on some frameworks and maturity model (20)

The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxAnalyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptx
 
20180430 csirt eng
20180430 csirt eng20180430 csirt eng
20180430 csirt eng
 
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdfCybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptx
 
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
 

Más de Rakuten Group, Inc.

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話Rakuten Group, Inc.
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のりRakuten Group, Inc.
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Rakuten Group, Inc.
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みRakuten Group, Inc.
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開Rakuten Group, Inc.
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用Rakuten Group, Inc.
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャーRakuten Group, Inc.
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割Rakuten Group, Inc.
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Group, Inc.
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfRakuten Group, Inc.
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfRakuten Group, Inc.
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfRakuten Group, Inc.
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfRakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoRakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoRakuten Group, Inc.
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technologyRakuten Group, Inc.
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情Rakuten Group, Inc.
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャーRakuten Group, Inc.
 

Más de Rakuten Group, Inc. (20)

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Implementing CSIRT based on some frameworks and maturity model

  • 1. Implementing CSIRT based on some framework and maturity model Jun 7, 2020 Akitsugu Ito Cyber Security Defense Department (CSDD) Rakuten, Inc.
  • 2. 2 Who am I? Akitsugu Ito (@springmoon6) Specialty I’ve worked security industry for 9 years. - information security management / incident handling - product security / quality assurance Previous Presentation - OWASP SAMM v2 Introduction (02/08/2020) https://speakerdeck.com/springmoon6/owasp-samm-ver-dot-2-introduction-en - Introduction of PSIRT Framework (08/29/2020) https://speakerdeck.com/springmoon6/psirt-service-framework-falsegoshao-jie
  • 3. 3 Agenda General Flow Directions Roles & Services Dissemination Operation Future Tasks
  • 4. 4 General Flow Direction Define Services Services & Roles Dissemination Operation JPCERT/CC CSIRTマテリアル (11/26/2015) https://www.jpcert.or.jp/csirt_material/ Concept Build Operation
  • 5. 5 Background CSIRT for communicating with external stakeholders Each industry has an exclusive security community, such as ICT-ISAC.They have hold very important information inside members limitedly. It is necessary to establish new Rakuten Mobile CSIRT to catch the cyber threat information from exclusive security community, and enhance the communication with external stakeholders to fight against malicious activity like Phishing. Rakuten HQ - CSDD Rakuten-CERT Tech Community - System Security Lead IPA Dept. Dept. Dept. Dept. Dept. JPCERT/CC CSIRT Promotion Div. Rakuten-MobileCSIRT Rakuten Mobile Development Team ICT-ISAC, NISC, JAIPA Police CSIRT for Telecom industry in Japan External Stakeholders Rakuten Mobile Security Team 1. Direction
  • 6. 6 Relationship between Stakeholders Business FunctionCorporate Function CSIRT Promotion Div. Broad sense of Rakuten-Mobile CSIRT Rakuten Mobile Security Team Service Experience Center (SXC) Narrow sense of Rakuten-Mobile CSIRT InfoSec Promotion Div. Legal UX Mobile PR Representative Director/CEO Narrow sense of Rakuten Mobile CSIRT is CSIRT Promotion office. Broad sense of RM-CSIRT is a virtual team across the company. 1. Direction
  • 7. 7 CSIRT Services (CMU) ・RiskAnalysis ・Business Continuity and Disaster Recovery Planning ・Security Consulting ・Awareness Building ・Education /Training ・Product Evaluation or Certification ・Announcements ・TechnologyWatch ・SecurityAudits or Assessments ・Configuration and Maintenance of SecurityTools, Applications, and Infrastructures ・Development of SecurityTools ・Intrusion Detection Services ・Security-Related Information Dissemination ・Alert and Warning ・Incident Handling - IncidentAnalysis - Incident response on site - Incident response support - Incident response coordination -Vulnerability Handling -Vulnerability analysis -Vulnerability response -Vulnerability response coordination ・Artifact Handling - Artifact analysis - Artifact response - Artifact response coordination Reactive Service Proactive Service Security Quality Management Service 1. Direction CSIRT Promotion Div. Rakuten Mobile Security Team CSIRT Services (11/2002) https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53046
  • 8. 8 Define roles and responsibility We defined our roles of CSIRT (broad sense) based on Nippon CSIRT Association (NCA) materials. We separate roles into two categories, War Time and Peace Time. Narrow sense of CSIRT is Point of Contacts (PoC). 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 9. 9 Commander CSIRT General Manager PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Executives / External Stakeholders Internal system / related system Self Assessment Risk Assessment , Vulnerability Management Incident Manager Analysis the status of incidents Solution Analysts Design System Security , Assess the effectiveness Triage Coordinate affected systems Information Aggregation Status of response Explain current status Define Priority Implement Investigator Investigate Forensic Inquiry Instruct Response Inquiry Information Aggregation Define the effected area Information Aggregation Report the affected area Planning / Promote If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Information Sharing Incident Handler Vendor Management / Incident response Coordinate Researcher Information gathering / Monitoring Production Environment / Analysis Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. Roles of CSIRT (War Time) 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 10. 10 Roles of CSIRT (Peace Time) Executives / External Stakeholders Researcher Information gathering / Monitoring Production Environment / Analysis Vulnerability Assessor Information Aggregation Judge security risk Confirm status Confirm status Feedback Training Regularly implemented Information Sharing Information Aggregation Define the effected area PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Internal system / related system Coordinate affected systems Commander CSIRT General Manager Solution Analysts Design System Security , Assess the effectivenessImplement Incident Manager Analysis the status of incidents Self Assessment Risk Assessment , Vulnerability Management Information Aggregation Report the affected area Planning / Promote Trainer Coordinate Explain current status Gather Information Incident Handler Vendor Management / Incident response If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 11. 11 Creating Detailed Service Lists FIRST Services Framework are high level documents detailing possible services CSIRTs and PSIRTs may provide. FIRST Services Framework https://www.first.org/standards/frameworks/ 2. Services
  • 12. 12 Structure of CSIRT Service Framework Service Area Service Service Service Function Function Function Function Function Support Service CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 2. Services
  • 13. 13 Service Areas 2. Services CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1
  • 14. 14 Detailed Service Lists CSIRT Service Category CSIRT Services CSIRT Service Framework v2 v2 Service Area CSIRT Service Framework v2 v2 Services Reactive Service Alerts and warning Information security event management Monitoring and Detection Analyzing Incident response support Information security incident management Information security incident report acceptance Incident response coordination Information security incident coordination Vulnerability response coordination Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure Proactive Service Announcements Information security incident management Information security incident coordination Vulnerability coordination Security related information dissemination Situational Awareness Data Acquisition Analyze and interpret Communication 2. Services CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div.
  • 15. 15 What should we implement with high priority? We referred maturity model (Global CSIRT Maturity Framework based on SIM3). 2. Services Open CSIRT – SIM3 SelfAssessment http://sim3-check.opencsirt.org/#/
  • 16. 16 SIM3 (Security Incident Management Maturity Model ) The European Union Agency for Cybersecurity (ENISA) uses SIM3 to strengthen the national CSIRT of each EU country and also provides an online assessment tool based on SIM3. We can measure the maturity and/or capability of security incident management. The maturity model is built on three basic elements - Maturity Parameters (44) - Maturity Quadrants (4) - Maturity Levels (0-4) Each Parameter belongs to one of four Quadrants - the Quadrants are therefore the main four categories of Parameters: 2. Services Organization Human Tools Process SIM3 : Security Incident Management Maturity Model mkXVIII (03/30/2015) https://www.trusted-introducer.org/SIM3-Reference-Model.pdf
  • 17. 17 Global CSIRT Maturity Framework (GCMF) The Global CSIRT Maturity Framework is an approach from the GFCE for stimulating the development and maturity enhancements of national CSIRTs. Although it’s aimed toward national CSIRTs, the methodology and concepts can also be applied to other CSIRTs or incident response teams. The framework relies on two building blocks: the Security Incident Management Maturity Model (SIM3) and a three-tier CSIRT maturity approach by ENISA. - Basic - Intermediate - Advanced We set the our first goal on Basic Level. Organization Human Tools Process Measure and Improve the Maturity ofYour Incident Response Team (11/06/2019) https://securityintelligence.com/articles/measure-and-improve-the-maturity-of-your- incident-response-team/ 2. Services
  • 18. 18 Comparison table between CSIRT Service framework and SIM3 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service - 3 Information security event management Monitoring and Detection Analyzing 1 Information security incident management Information security incident report acceptance 2 Information security incident coordination 3 Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure 1 Information security incident management Information security incident coordination Vulnerability coordination 3 Situational Awareness Data Acquisition Analyze and interpret Communication 2
  • 19. 19 Enhance Support Service with PSIRT Framework The detail of support service is not described in CSIRT Framework. So we will enhance support service with Operational Foundation in PSIRT Framework. PSIRT framework has similar structure with CSIRT Service framework. Operation foundation is same service area with operational foundation and has more detailed services. 2. Services Service Area Service Service Service Function Function Function Function Function Support Service PSIRT Services Framework version 1.1 (Spring 2020) https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1 Service Area Service Service Service Function Function Function Function Function Operational Foundations CSIRT Service Framework PSIRT Service Framework
  • 20. 20 Comparison table between Enhanced Support Service and GCMF 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service – Strategic Executive Sponsorship 3 Stakeholder 3 Charter 3 Organizational Model 3 Management and Stakeholder Support 3 Support Service – Tactical Budget - Staff 3 Resources and Tools 1 Support Service – Operational Policies and Procedures 2 Evaluation and improvement 1
  • 21. 21 Making KSA of Narrow sense of CSIRT Staff service requires defining detailed tasks and KSA (Knowledge, Skills and Ability) of CSIRT Promotion Office. We implement it based on SECBOK. SECBOK is a KSA lists based on NICE Framework. JNSA セキュリティ知識分野(SecBoK2019)(03/18/2019) https://www.jnsa.org/result/2018/skillmap/ 2. Services
  • 22. 22 Dissemination and Coordination training 3. Dissemination Briefing session at All Hands Meeting Simple CoordinationTraining
  • 24. 24 Future Tasks (1) Increase maturity of each area especially proactive services. - CSIRT Service Framework covered reactive service well but proactive service is not enough.
  • 25. 25 Future Tasks (2) Mature some PSIRT related areas - SIM3 covered vulnerability management but it’s not enough for development organization Software Assurance Maturity Model (OWASP SAMM) https://owaspsamm.org/
  • 26. 26 Summary - Thank you for listening We implemented CSIRT based on some frameworks and maturity model. - JPCERT/CC CSIRTマテリアル - CSIRT Services (CMU) - CSIRT 人材の定義と確保 - FIRST Services Framework (CSIRT / PSIRT) - SecBok - SIM3 - Global CSIRT Maturity Framework (GCMF) We plan to improve our CSIRT using some OWASP outputs. - OWASP SAMM

Notas del editor

  1. Japanese National CSIRT JPCERT/CC offers the JPCERT/CC CSIRT Material at their web-site. This manual includes how to implement CSIRT at an organization. This material has three steps. Concept, Build and Operation. We referred this manual and built CSIRT in four stages, Direction, Define Services & Roles, Dissemination and Operation. I will explain each stages from now on.