cert spc role and mission
play

CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - - PowerPoint PPT Presentation

Dec 13, 2023 •260 likes •562 views

A modern approach to ICT security in pubblic administration CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009 Agenda SPCs architetture Scenario: security threats The CERT-SPC: role and

  1. A modern approach to ICT security in pubblic administration CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009

  2. Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani

  3. The digital administration code (CAD) In compliance with Article 117(2)(r) of the Constitution, and in compliance with the autonomy of the internal organisation of the information functions of the regions and local autonomies, the public connection system, hereinafter referred to as “SPC”, shall be defined and regulated in order to ensure information and computer coordination of data Scope between central, regional and local administrations and to promote uniformity in the creation and transmission of data, intended for the exchange and dissemination of information between public administrations and the creation of integrated services. cap. GdF Gabriele Cicognani

  4. The digital administration code (CAD) The SPC is all the technological infrastructures and technical regulations for the development, sharing, integration and dissemination of public administration information assets and data, necessary to ensure the basic and advanced interoperability and application cooperation Scope of computer systems and data flows, guaranteeing the security and confidentiality of information, as well as the autonomous protection of the information assets of each public administration. cap. GdF Gabriele Cicognani

  5. Domini/sottoreti Numero Accessi delle PAC 28 7360 12 2.669 Architecture 14 1.737 7 854 61 12620 cap. GdF Gabriele Cicognani

  6. Big Internet Big Internet Big Internet Big Internet PA PA- PA PA- -1 -1 PA-3 PA-3 PA PA 3 3 PA- PA- -2 -2 2 2 PA PA PA-4 PA-4 PA PA QXN QXN QXN QXN Architecture Fornitore - Fornitore - -1 -1 1 1 Fornitore - Fornitore - -2 -2 2 2 Fornitore Fornitore Fornitore Fornitore Intranet Intranet Infranet Infranet Infranet Internet Internet Internet cap. GdF Gabriele Cicognani

  7. COMMISSIONE DI COORDINAMENTO CERT RS GESTORE CONTRATTO Architecture IRT CG-SIC PKI CG-SPC ULS ULS SOC ULS SOC ULS SOC SOC ULS QCN 1 QISP 1 AMM.n QXN QCN n cap. GdF Gabriele Cicognani

  8. Security servicies ๏ Firewall management; ๏ Network Intrusion Detection; ๏ Event & log management; ๏ Antivirus & content filtering management; ๏ VPN management; ๏ Hardening; Architetture ๏ NAT management; ๏ Host Intrusion Detection System (HIDS) man.; ๏ Vulnerability assessment; ๏ Mantainance and assistance (SOC, Call Center, foult man., conf & change man.) cap. GdF Gabriele Cicognani

  9. Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani Rome, 02.09.2009

  10. Vulnerabilities disclosures Source: X-FORCE Any computer-related vulnerability, exposure or configuration setting that may result in a weakening or breakdown of the confidentiality, integrity, or accessibility of the computer system. cap. GdF Gabriele Cicognani

  11. Vulnerabilities ranking Source: X-FORCE cap. GdF Gabriele Cicognani

  12. Web apps vulnerabilities 1998-2008 Source: X-FORCE Percentage of disclosures that are Web apps vulnerabilities in 2008 cap. GdF Gabriele Cicognani

  13. Remotly exploitable vulnerabilities l Source: X-FORCE cap. GdF Gabriele Cicognani

  14. Source: X-FORCE Malware by categories cap. GdF Gabriele Cicognani

  15. Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani

  16. cap. GdF Gabriele Cicognani

  17. A CSIRT can most easily be described by analogy with a fire department. In the same way that a fire department has an emergency number that you can call if you have or suspect a fire, similarly a CSIRT has a number and an email address that you can contact for help if you have or suspect a computer security incident. A CSIRT service doesn’t necessarily provide response by showing up on your CSIRT doorstep (although some do offer that service); they usually conduct their interactions by telephone or via email Handbook for Computer Security Incident Response Teams (CSIRTs) cap. GdF Gabriele Cicognani

  18. Without providing at least a component of the incident handling service, the team cannot be called a CSIRT. Consider the analogy with a fire department. A fire department may provide a range of services (fire prevention, awareness, training), and it may undertake fire safety inspections. But at the core is the emergency response component. By providing the emergency fire department, it stays up-to-date and in touch with reality, and it gains community trust, respect, and CSIRT credibility. Similarly, in an attempt to reduce the effect of incidents through early detection and reporting or to prevent incidents, a team can be proactive through awareness, training, and other services; but without the incident handling service, the team is not a CSIRT. Handbook for Computer Security Incident Response Teams (CSIRTs) cap. GdF Gabriele Cicognani

  19. The Community for ICT security ULS-PAC PAT CG-SIC Internal CERT -SPC Centri CERT -R SOC servizio External Other L.E. Vendor CIIP CERTs CERT-SPC Prevention Handling Analysis cap. GdF Gabriele Cicognani

  20. Early warning CSIRT cap. GdF Gabriele Cicognani

  21. CG-SIC PAT ULS-PAC FLUSSI Esterni CERT -SPC External community Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani

  22. FLUSSI Esterni Prevention Handling Analysis cap. GdF Gabriele Cicognani

  23. FLUSSI Esterni Prevention Handling Analysis cap. GdF Gabriele Cicognani

  24. CVE is a dictionary of publicly-known information security vulnerabilities and exposures. This dictionary is maintained by MITRE Corporation The Common Vulnerability Scoring System v.2 is an industry standard for assessing the severity of computer system security FLUSSI vulnerabilities.It attempts to establish a measure of how much Esterni concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The score is based on a series of measurements (called metrics) based on expert Prevention assessment. Handling Analysis cap. GdF Gabriele Cicognani

  25. CG-SIC PAT ULS-PAC Bulletins CERT -SPC Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani

  26. CG-SIC PAT ULS-PAC CERT -SPC Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani

  27. CG-SIC CG-SIC PAT ULS-PAC CERT -SPC Prevention Handling CERT -R COMMISSIONE Analysis Centri SOC COORDINAMENTO servizio SPC cap. GdF Gabriele Cicognani

  28. Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani

  29. ➡ Shared standards ➡ Authority ➡ Organization model ➡ Information sharing cap. GdF Gabriele Cicognani

  30. - THANK YOU - cicognani@cnipa.it cert.spc@cnipa.it cap. GdF Gabriele Cicognani

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ROLE OF CERT-GOV-MD and cooperation at national level Na Natalia SPINU NU, Ch Chief, C ,

ROLE OF CERT-GOV-MD and cooperation at national level Na Natalia SPINU NU, Ch Chief, C ,

ROLE OF CERT-GOV-MD and cooperation at national level Na Natalia SPINU NU, Ch Chief, C , CERT-GO GOV-MD MD, S , S.E .E. C . CTS AGENDA 1. Introduction 2. CERT-GOV- MD: organization and operational capacities 3. CYBERSECURI TY

529 views • 32 slides
A Role for CERT in Social Media Monitoring Steve Peterson, President Montgomery County Community

A Role for CERT in Social Media Monitoring Steve Peterson, President Montgomery County Community

May 13-14, 2014 Walter E. Washington Convention Center Washington, DC A Role for CERT in Social Media Monitoring Steve Peterson, President Montgomery County Community Emergency Response Team (CERT) Agenda Share details on CERTs role in

848 views • 25 slides
CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007 Presentation FORUM: 19th Annual FIRST Conference SESSION: CCN Initiative of a Governmental CERT OBJECTIVE: Set the scope and goals of CCN

648 views • 28 slides
Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3

Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3

Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3 Team Chiropractor Kings College, Wilkes-Barre, PA History Concept developed by Kenzo Kase in the 70s Introduced to NATA in USA 1995

740 views • 32 slides
(E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT

(E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT

Egyptian Computer Emergency Readiness Team (E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT Hierarchy Operational Framework Key Cybersecurity Threats Capacity Building International

293 views • 14 slides
Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55 Incident Reporting Forms CERT Coordination Center (CERT/CC) Federal Computer Incident Response Capability (FedCIRC) National

437 views • 9 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

MAY 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Featured speaker Ben Koshy, Special Ops, MC-CERT Field Searches Outreach Outreach Items WHO: National Institute

599 views • 24 slides
Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani

Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani

Incident Response and its role in Protecting Critical Infrastructures Dr. Kaleem Ahmed Usmani Officer-In-Charge, Computer Emergency Response Team of Mauritius (CERT-MU) Presentation Outline What CERT-MU does? Critical Infrastructures

604 views • 32 slides
Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant

Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant

Hypoglycaemia in in Adults in in the Community: Recognition, Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant Diabetes Medicus Health Partners Presentation content Statistics relating to

605 views • 24 slides
Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training

Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training

8/3/17 Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training and Technical Assistance Errorless Network (PaTTAN) is to support the efforts and initiatives of the Bureau of Learning Special Education,

488 views • 20 slides
Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan <kaplan@cert.at> Tel: +43 1

Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan <kaplan@cert.at> Tel: +43 1

Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan <kaplan@cert.at> Tel: +43 1 505 64 16 / 78 Idea & credits: Florian Weimer, BFK pDNS @ CERT.at passive DNS: Idea to capture the DNS answers and give them a timestamp.

336 views • 6 slides
SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a

SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a

SETTING UP FOR SUCCESS: 15 THINGS NEW NONPROFITS SHOULD KNOW Mission Mission 1. Create a mission statement that helps avoid future mission creep. Founders Role Founders Role 2. Founders are not owners. Board of Directors Board of

526 views • 16 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule

Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule

JANUARY 2017 Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule GoTeam in 2017 Reports Reports Teen CERT Instructors needed; Contact Kathee if available Sessions are Sunday and

762 views • 38 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

JUNE 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Table toping an EVAC drill? Review protocol and technique Information needed; communications Stair chair;

402 views • 27 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

JANUARY 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Winter Preparedness Outreach Operations Santa Run Report Response was fair to good Sat. easier to staff

685 views • 53 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

SEPTEMBER 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Calendar review Guest Speakers Beth Anne Nesselt, MCFRS Community Outreach Bat. Chief James Resnick,

439 views • 32 slides
Exchange of Information amongst Competitors Dos and Donts Dos and Donts FEB

Exchange of Information amongst Competitors Dos and Donts Dos and Donts FEB

Exchange of Information amongst Competitors Dos and Donts Dos and Donts FEB Seminar, 22 June 2011 Lars Kjlbye Information exchange: exposure New chapter in Commission Guidelines on horizontal cooperation agreements New

269 views • 10 slides
Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation and Real Measurement Josef Weidendorfer KDE Developer Conference 2004 Ludwigsburg, Germany Agenda Agenda Introduction Performance

492 views • 30 slides
Coordinate Reference S y stems W OR K IN G W ITH G E OSPATIAL DATA IN P YTH ON Joris Van den

Coordinate Reference S y stems W OR K IN G W ITH G E OSPATIAL DATA IN P YTH ON Joris Van den

Coordinate Reference S y stems W OR K IN G W ITH G E OSPATIAL DATA IN P YTH ON Joris Van den Bossche Open so u rce so w are de v eloper and teacher , GeoPandas maintainer Coordinate Reference S y stem ( CRS ) Location of the Ei el To w

688 views • 39 slides
ENERGY INTERNATIONAL GDF SUEZ - Overview GDF SUEZ is a Global LNG portfolio player 3 rd

ENERGY INTERNATIONAL GDF SUEZ - Overview GDF SUEZ is a Global LNG portfolio player 3 rd

GDF Suez GEMI Symposium March 11 th , 2015 ENERGY INTERNATIONAL GDF SUEZ - Overview GDF SUEZ is a Global LNG portfolio player 3 rd largest importer of LNG in the world Involved in Liquefaction in the USA Global portfolio of LNG

246 views • 8 slides
The RESULTS S United ed National al Webin inar Welcome! 2 Remarks from Execu cutiv tive

The RESULTS S United ed National al Webin inar Welcome! 2 Remarks from Execu cutiv tive

The RESULTS S United ed National al Webin inar Welcome! 2 Remarks from Execu cutiv tive Director tor Dr. Joanne nne Carter rter 3 Our Anti-Oppressi ssion on Values RESULTS is a movement of passionate, committed everyday people.

458 views • 42 slides
October 9, 2014 San Joaquin Valley APCD State law requires the Office of Environmental

October 9, 2014 San Joaquin Valley APCD State law requires the Office of Environmental

October 9, 2014 San Joaquin Valley APCD State law requires the Office of Environmental Health Hazard Assessment (OEHHA) to develop guidelines for estimating health risk District utilizes OEHHA guidelines to calculate health risk:

327 views • 32 slides
Geospaal data processing for image automac analysis PyParis 2018 - 15/11/18 Raphal

Geospaal data processing for image automac analysis PyParis 2018 - 15/11/18 Raphal

Geospaal data processing for image automac analysis PyParis 2018 - 15/11/18 Raphal Delhome 1 Introduction Introduction 2 Oslandia... Oslandia... since 2009 Open Source specialist GIS experts (QGIS contributors) Provide

623 views • 33 slides
Mobile Resource Guarantees Ian Stark Laboratory for Foundations of Computer Science School of

Mobile Resource Guarantees Ian Stark Laboratory for Foundations of Computer Science School of

Mobile Resource Guarantees Ian Stark Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh David Aspinall, Stephen Gilmore, Don Sannella, *Kenneth MacKenzie, *Lennart Beringer, Michal Kone n LMU

146 views • 14 slides

More recommend