Cyber Incident Management -National and Regional Lessons Learned- - - PowerPoint PPT Presentation

cyber incident management national and regional lessons
SMART_READER_LITE
LIVE PREVIEW

Cyber Incident Management -National and Regional Lessons Learned- - - PowerPoint PPT Presentation

Sep 19, 2022 174 likes •231 views

ARF Seminar on Operationalizing Cyber CBMs at Singapore 21 22 October 2015 Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy Counsellor, NISC, Cabinet Secretariat, Japan Our organization NISC : N

slide-1
SLIDE 1

Cyber Incident Management

  • National and Regional Lessons Learned-

Masanori Sasaki

Deputy Counsellor, NISC, Cabinet Secretariat, Japan

ARF Seminar on Operationalizing Cyber CBMs at Singapore 21‐22 October 2015

slide-2
SLIDE 2

1

Deputy Director-General Comprehensive Measures for Government Agencies Incident Investigation and Analysis International Strategy Strategy and Policy Planning Integration and Coordination of Cybersecurity Information Cybersecurity Advisers Deputy Director-General Director-General

  • f NISC

Critical Information Infrastructure Protection

Our organization…

NISC: National center of Incident readiness and Strategy for Cybersecurity

  • 6 groups
  • Various project teams
slide-3
SLIDE 3

2

 Information on law, policy, and strategy

  • International
  • Domestic

 Situational Information:

  • Incident reports
  • Threat trends
  • Information on actors in cyberspace
  • Best practices and measures on cybersecurity

 Technical information:

  • Malware
  • Vulnerability

Information what NISC needs…

Strategic level Operational level

Collecting, processing, analyzing, and utilizing information for the national cybersecurity

slide-4
SLIDE 4

3

 Domestic:

  • GSOC [Government Security Operation Coordination team]
  • Each government agency’s CSIRT
  • JPCERT/CC and other partners
  • Law enforcement agencies
  • Private sector

 International:

  • Formal communication channels e.g. bilateral cyber-dialogues
  • Multilateral frameworks e.g. FIRST
  • Informal meetings and communications
  • poc@nisc.go.jp

Information Channels

slide-5
SLIDE 5
  • Real-time network monitoring
  • Malware analysis and information gathering
  • Prompt warnings on threats
  • Members: government officials with advanced

experiences and knowledge on cybersecurity

  • Be mobilized for serious impact cyber incidents

that require government-wide response

  • Provides technical assistance to the

government bodies for:

  • Accurate situational awareness & analysis
  • Incident response and damage control
  • Recovery from incidents
  • Recurrence prevention
  • Exercises and Trainings
  • Private sector
  • International partners, etc.

GSOC [Government Security Operation Coordination team] CYMAT [CYber incident Mobile Assistance Team]

  • Situational awareness and analysis
  • Incident response
  • Report to decision makers
  • Training and exercise
  • Information sharing and cooperation

Each Ministry’s CSIRT

Cooperation among CSIRTs

Ministry C CSIRT

GSOC Sensor

PoC

GSOC Sensor

Ministry B CSIRT

PoC

Incident management framework and information sharing…

Monitoring Technical Assistance Response

4

Ministry A CSIRT

PoC

GSOC Sensor

Technical assistance and advice Collaboration, information sharing Reports Request for assistance

Warnings & notifications Used effectively? Timely & precisely? Timely & effectively? Work practically?