CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - - - PowerPoint PPT Presentation

cert spc role and mission
SMART_READER_LITE
LIVE PREVIEW

CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - - - PowerPoint PPT Presentation

Dec 13, 2023 260 likes •562 views

A modern approach to ICT security in pubblic administration CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009 Agenda SPCs architetture Scenario: security threats The CERT-SPC: role and

slide-1
SLIDE 1

Rome, 04.21.2009

A modern approach to ICT security in pubblic administration

  • Cap. G.di F. Gabriele Cicognani
  • CERT-SPC -

CERT-SPC: role and mission

slide-2
SLIDE 2
  • cap. GdF Gabriele Cicognani

Agenda

๏ The CERT-SPC: role and mission

๏ Scenario: security threats ๏ SPC’s architetture

๏ Key points

slide-3
SLIDE 3
  • cap. GdF Gabriele Cicognani

Scope

In compliance with Article 117(2)(r) of the Constitution, and in compliance with the autonomy of the internal organisation

  • f the information functions of the regions and local

autonomies, the public connection system, hereinafter referred to as “SPC”, shall be defined and regulated in order to ensure information and computer coordination of data between central, regional and local administrations and to promote uniformity in the creation and transmission of data, intended for the exchange and dissemination of information between public administrations and the creation of integrated services.

The digital administration code (CAD)

slide-4
SLIDE 4
  • cap. GdF Gabriele Cicognani

Scope

The SPC is all the technological infrastructures and technical regulations for the development, sharing, integration and dissemination of public administration information assets and data, necessary to ensure the basic and advanced interoperability and application cooperation

  • f computer systems and data flows, guaranteeing the

security and confidentiality of information, as well as the autonomous protection of the information assets of each public administration. The digital administration code (CAD)

slide-5
SLIDE 5
  • cap. GdF Gabriele Cicognani

Architecture

Domini/sottoreti delle PAC Numero Accessi 28 7360 12 2.669 14 1.737 7 854 61 12620

slide-6
SLIDE 6
  • cap. GdF Gabriele Cicognani

QXN QXN Big Internet Big Internet

Intranet PA PA-

  • 1

Infranet Internet PA PA-

  • 2

2 PA PA-3 3 PA PA-4

Fornitore Fornitore -

  • 2

2 Fornitore Fornitore -

  • 1

1 QXN QXN Big Internet Big Internet

Intranet PA PA-

  • 1

Infranet Infranet Internet Internet PA PA-

  • 2

2 PA PA-3 3 PA PA-4

Fornitore Fornitore -

  • 2

2 Fornitore Fornitore -

  • 1

1

Architecture

slide-7
SLIDE 7
  • cap. GdF Gabriele Cicognani

Architecture

QISP1 AMM.n QXN QCN1

CG-SPC

QCNn ULS ULS ULS ULS ULS CG-SIC

IRT PKI

GESTORE CONTRATTO RS

CERT

SOC SOC SOC SOC

COMMISSIONE DI COORDINAMENTO

slide-8
SLIDE 8
  • cap. GdF Gabriele Cicognani

Architetture

๏Firewall management; ๏Network Intrusion Detection; ๏Event & log management; ๏Antivirus & content filtering management; ๏VPN management; ๏Hardening; ๏NAT management; ๏Host Intrusion Detection System (HIDS) man.; ๏Vulnerability assessment; ๏Mantainance and assistance (SOC, Call Center, foult

man., conf & change man.)

Security servicies

slide-9
SLIDE 9

Rome, 02.09.2009

  • cap. GdF Gabriele Cicognani

Agenda

๏ The CERT-SPC: role and mission

๏ Scenario: security threats ๏ SPC’s architetture

๏ Key points

slide-10
SLIDE 10
  • cap. GdF Gabriele Cicognani

Source: X-FORCE

Any computer-related vulnerability, exposure or configuration setting that may result in a weakening or breakdown of the confidentiality, integrity, or accessibility of the computer system.

Vulnerabilities disclosures

slide-11
SLIDE 11
  • cap. GdF Gabriele Cicognani

Source: X-FORCE Vulnerabilities ranking

slide-12
SLIDE 12
  • cap. GdF Gabriele Cicognani

Source: X-FORCE Web apps vulnerabilities 1998-2008 Percentage of disclosures that are Web apps vulnerabilities in 2008

slide-13
SLIDE 13
  • cap. GdF Gabriele Cicognani

Remotly exploitable vulnerabilities Source: X-FORCE

l

slide-14
SLIDE 14
  • cap. GdF Gabriele Cicognani

Source: X-FORCE Malware by categories

slide-15
SLIDE 15
  • cap. GdF Gabriele Cicognani

Agenda

๏ The CERT-SPC: role and mission

๏ Scenario: security threats ๏ SPC’s architetture

๏ Key points

slide-16
SLIDE 16
  • cap. GdF Gabriele Cicognani
slide-17
SLIDE 17
  • cap. GdF Gabriele Cicognani

A CSIRT can most easily be described by analogy with a fire

  • department. In the same way that a fire department has an

emergency number that you can call if you have or suspect a fire, similarly a CSIRT has a number and an email address that you can contact for help if you have or suspect a computer security incident. A CSIRT service doesn’t necessarily provide response by showing up on your doorstep (although some do offer that service); they usually conduct their interactions by telephone or via email

Handbook for Computer Security Incident Response Teams (CSIRTs)

CSIRT

slide-18
SLIDE 18
  • cap. GdF Gabriele Cicognani

Without providing at least a component of the incident handling service, the team cannot be called a CSIRT. Consider the analogy with a fire department. A fire department may provide a range of services (fire prevention, awareness, training), and it may undertake fire safety inspections. But at the core is the emergency response component. By providing the emergency fire department, it stays up-to-date and in touch with reality, and it gains community trust, respect, and

  • credibility. Similarly, in an attempt to reduce the effect of

incidents through early detection and reporting or to prevent incidents, a team can be proactive through awareness, training, and other services; but without the incident handling service, the team is not a CSIRT.

Handbook for Computer Security Incident Response Teams (CSIRTs)

CSIRT

slide-19
SLIDE 19

Community for ICT security The Internal External

Other CERTs

L.E. Vendor CIIP

Prevention Handling Analysis ULS-PAC

SOC

CG-SIC Centri servizio

PAT

CERT

  • R

CERT

  • SPC

CERT-SPC

  • cap. GdF Gabriele Cicognani
slide-20
SLIDE 20

Early warning

CSIRT

  • cap. GdF Gabriele Cicognani
slide-21
SLIDE 21

FLUSSI

Analysis Prevention Handling

Esterni

ULS-PAC

CG-SIC

PAT

SOC

Centri servizio

CERT

  • R

CERT

  • SPC

External community

  • cap. GdF Gabriele Cicognani
slide-22
SLIDE 22

FLUSSI

Analysis Prevention Handling

Esterni

  • cap. GdF Gabriele Cicognani
slide-23
SLIDE 23

FLUSSI

Analysis Prevention Handling

Esterni

  • cap. GdF Gabriele Cicognani
slide-24
SLIDE 24

FLUSSI

Prevention

Esterni

  • cap. GdF Gabriele Cicognani

The Common Vulnerability Scoring System v.2 is an industry standard for assessing the severity of computer system security vulnerabilities.It attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The score is based

  • n a series of measurements (called metrics) based on expert

assessment. CVE is a dictionary of publicly-known information security vulnerabilities and exposures. This dictionary is maintained by MITRE Corporation

Analysis Handling

slide-25
SLIDE 25

Analysis Prevention Handling ULS-PAC

CG-SIC

PAT

SOC

Centri servizio

CERT

  • R

CERT

  • SPC

Bulletins

  • cap. GdF Gabriele Cicognani
slide-26
SLIDE 26

Analysis Prevention Handling ULS-PAC

CG-SIC

PAT

SOC

Centri servizio

CERT

  • R

CERT

  • SPC
  • cap. GdF Gabriele Cicognani
slide-27
SLIDE 27

Analysis Prevention Handling ULS-PAC

CG-SIC

PAT

SOC

Centri servizio

CERT

  • R

CERT

  • SPC

COMMISSIONE COORDINAMENTO SPC

CG-SIC

  • cap. GdF Gabriele Cicognani
slide-28
SLIDE 28
  • cap. GdF Gabriele Cicognani

Agenda

๏ The CERT-SPC: role and mission

๏ Scenario: security threats ๏ SPC’s architetture

๏ Key points

slide-29
SLIDE 29
  • cap. GdF Gabriele Cicognani

➡ Shared standards ➡ Authority ➡ Organization model ➡ Information sharing

slide-30
SLIDE 30
  • cap. GdF Gabriele Cicognani
  • THANK YOU -

cicognani@cnipa.it

cert.spc@cnipa.it