developing csirts in brazilian nren rnp
play

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the - PowerPoint PPT Presentation

Aug 29, 2023 •146 likes •601 views

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the innovative use of advanced networks. Education and research community: Universities; National Libraries; Research Institutes; Museums; Teaching hospitals;

  1. Developing CSIRTs in Brazilian NREN

  2. RNP Mission: To promote the innovative use of advanced networks. Education and research community:  Universities;  National Libraries;  Research Institutes;  Museums;  Teaching hospitals;  Others;

  3. CAIS

  4. CAIS Lines of action Technical Security Incident Expertise Handling Information Security Security Vulnerability Awareness handling CSIRT Development

  5. PFSI Information Security Strengthening Program in RNP Customers

  6. PFSI Information Security Strengthening Program in RNP Customers Incident Security Management System (SGIS) Malicious Activity Combat Security Awareness Actions Support to Develop Security Policy Documents Support to Create and Develop CSIRTs

  7. Motivation Co Corpo porate e sec ecurity tea team and CSI CSIRT i is th the s e same th thing?

  8. Motivation  Security incidents and critical vulnerabilities Security overview grew last years. Security  Need to increase InfoSec capability in Brazilian Strengthening NREN. PROJECT CSIRTs in RNP Customers  Compliance with Brazilian legal regulations, Brazilian NREN especially for organizations that are part of Federal Public Administration Incident handling  Corporate security team ≠ CSIRT focus

  9. Goals CSIRTs in RNP Customers Project  Create a default and generic template to CSIRT Template of CSIRT establishment, applicable to Brazilian NREN environment.  Define a security incident management template, Incident with process and procedures to all steps of incident Management handling lifecycle. PROJECT CSIRTs in RNP Customers  Provide a guide and checklist to support Guide establishment of new CSIRTs.  Promote interaction between new and existing Interaction CSIRT teams.

  10. Technical Background ABNT ISO/IEC 27002:2013 Guidelines of Security Incident Management. Normative Instruction GSI/PR Nº1:2008 - Procedures and responsibilities; Standards - Security Information Events evaluation; RFC 2350 - Security Information Incidents response; - Evidence collection. ISO/IEC 27035:2016

  11. Technical Background Normative Instruction GSI/PR Nº1:2008 Disciplines creation of new CSIRT Complementary teams in Brazilian Federal Public Standard Administration departments and Standards nº 05/IN01/DSIC/GSIPR entities. Establishes guidelines for Incident Complementary Management in Brazilian Federal Standard Public Administration departments nº 08/IN01/DSIC/GSIPR and entities.

  12. Technical Background RFC 2350 Best Practices of CSIRTs Standards Mission statement and scope CSIRT Policies and procedures Security Communications Relationships between different CSIRTs

  13. Technical Background ABNT ISO/IEC 27035:2016 Security Incident Management guideline to Standards external organizations who provides Information security incident management services.

  14. Where to start? ? ? ? ? ?

  15. Methodology Planning Development Operation Implementation

  16. Step 1: Planning SWOT Analysis Methodology used to analyze internal and external environment of an organization. Data analysis with strategically positioning goal of an organization.

  17. Step 1: Planning Need to be Influence continuously involved Stakeholders and keep informed of Keep they all development - Project team informed, without direct - Board of directors involvement - InfoSec Management Commitee Interest - Legal team Keep they - Heritage sector Monitor the informed, without - IT Team attendance of its critical needs. responsibilities. - Employees - Students

  18. Step 2: Development Name of CSIRT

  19. Step 2: Development Constituency Mission Services Vision

  20. Step 2: Development Organizational Model Authority Organizational Structure

  21. Step 3: Implementation 1) Infrastructure 2) People Management 3) Funding 4) Policies and procedures

  22. Step 3: Implementation Infrastructure Recursos REDE EXTERNA REDE DE DADOS INTERNA DO CSIRT - External network - Hardware REDE DMZ - DMZ LOCAL EXTERNA - Software /securit rity - Internal Servers - Network - Testing SERVIÇOS PÚBLICOS DO CSIRT - LAN FIREWALL REDE DE TESTES SERVIDORES INTERNOS TESTE DE SOLUÇÕES E NOVOS SERVIÇOS SERVIÇOS INTERNOS DO CSIRT

  23. Step 3: Implementation People Management Hir Hirin ing Professi ssional develo lopme ment - Curriculum analysis - Follow up / coaching - Job interview - Events - Contract details * CERT.br Brazilian Forum of CSIRTs * Career path * SBSeg (Security Brazilian Society) * Workload (8x5? 24x7? Weekends?) * Security Leaders - Professional ethic * LACNIC / LACSEC Fir irin ing * FIRST Technical Colloquium - Delete user/e-mail account - Notice to organization

  24. Step 3: Implementation Funding FINANCIAMENTO - Specific budget to CSIRT - Partnership with other CSIRTs - Sale of services to customers - Submit projects to Research Funding Organizations Policies and Procedures - Information handling / Information classification - Resources usage policies - Password policies - Communication Plan - Security Awareness Plan

  25. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:

  26. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:  Security incident notification channels  Communication systems;  Malicious activity detection;  Security incident notification elements  Incident description  IP source / destination  Ports / protocols / compromised services  Date and time (with correct GMT)

  27. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:

  28. Step 4: Operation Disclosure Formalization - E-mail marketing - CSIRT formalization document template - Website - Awareness lectures Analysis - Statistics - Indicators * Incidents by time / category * Incidents closed in/out time * More used protocols * Incidents closed in certain period * IP address involved * Time spent to close incidents

  29. Step 4: Operation CSIRT formalization document sample Formalização

  30. Results – Establishment CSIRTs in Brazilian NREN Best Practices Guide

  31. Results – Establishment CSIRT Checklist

  32. Results – Documentation template

  33. Results

  34. Results

  35. Results

  36. Cases Salvador/BA Santa Maria/RS

  37. Cases TRIIF – Incident Response Team of Instituto Federal Farroupilha

  38. Cases TRIIF – Incident Response Team of Instituto Federal Farroupilha http://triif.iffarroupilha.edu.br

  39. Cases UFBA – Federal University of Bahia

  40. Cases UFBA – Federal University of Bahia

  41. Cases UFBA – Federal University of Bahia

  43. CSIRTs establishment support service

  44. Thanks! RNP – Brazilian Educational and Research Network CAIS – RNP Incident Security Response Team Rildo Souza Yuri Alexandro Security Analyst Security Analyst rildo.souza@rnp.br yuri.ferreira@rnp.br

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP Brazilian National Research and Education Network (RNP). Created in 1989. Implementing the first Latin American fiber network in 2005.

470 views • 22 slides
Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian Pharmacopoeia Coordination Brazilian Health Regulatory Agency ANVISA Arthur Leonardo Lopes da Silva Feb/2020 The views expressed herein are those of

555 views • 16 slides
Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this

Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this

Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this presentation are images of Centaurus Metals Projects. This presentation does not constitute investment advice. Neither this presentation nor the information

542 views • 23 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

654 views • 34 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

468 views • 36 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

470 views • 27 slides
NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc

NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc

Akademska in raziskovalna mrea Slovenije NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc Academic and Research Network of Slovenia tomi.dolenc@arnes.si Outline Outline Akademska in

628 views • 18 slides
Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki Mirosaw Maj NASK / CERT Polska 20th FIRST Annual Conference,

770 views • 37 slides
Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge

Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge

Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge Msulira Banda UbuntuNet Alliance WACREN 2016, Dakar, Senegal, 17-18 March 2016 1 Outline } Introduction } South Africa NREN Ecosystem } Purpose of

645 views • 22 slides
Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN SURFnet is the Dutch National Research & Education Network (NREN) Services, innovation, knowledge Not for profit Task organisation of

710 views • 28 slides
Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security Analyst Christian Van Heurck Coordinator 24 th annual FIRST conference Malta - 17-22 June 2012 Knowledge is power . Knowledge shared is

404 views • 39 slides
Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William Yurcik* <byurcik@gmail.com> Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham University of Texas at Dallas 20 th Annual FIRST

172 views • 15 slides
The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

SPECIAL Panel Session: The day disaster struck the northeastern part of Japan The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT Yoshinobu Matsuzaki , IIJ-SECT Teruo Fujikawa , NCSIRT Yusuke Gunji,

1.14k views • 54 slides
A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an organization 18 th June, 2012 NTT-CERT Ikuya HAYASHI Meiji Univ. Daisuke SUGIHARA Meiji Univ. Miyoko SUZUMURA Meiji Univ. Aki NAKANISHI Okinawa Univ.

730 views • 48 slides
Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor

Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor

W A S H I N G T O N D C O C T O B E R 2 0 1 0 Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor Relations Office- Manager Motivation Cost-Risk Analysis Long term view Model Description Connecting

753 views • 23 slides
distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants

distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants

What are the main drivers of Brazilian income distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants Brazil Principal and Junior Investigators: Marcelo Neri (lead, FGV) Ceclia Machado (FGV)

467 views • 19 slides
TTLink and Bias cables installation 4 l Extensive tests on TT-Link distribution by their fan-outs

TTLink and Bias cables installation 4 l Extensive tests on TT-Link distribution by their fan-outs

Status of TTLink and Wires bias cabling 1. Installation of the TTLink and Wire bias cables 2. Noise measurements using the TTLink 3. Tests to verify the impact on the noise measurements TPC WG WA104/ICARUS Technical Working Group Meeting

198 views • 8 slides
MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp

MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp

MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp Aula 1: Introduc ao e Fundamentos MC714 Sistemas Distrubu dos Professor Lucas Wanner lucas@ic.unicamp.br Hor ario Terc

585 views • 43 slides
r Author: Pedro Davi Drugowick Ferreira Sao Paulo, 2017 Results Motivatio ion to to study

r Author: Pedro Davi Drugowick Ferreira Sao Paulo, 2017 Results Motivatio ion to to study

Does crime affect economic growth? A case study of the city of Manaus r Author: Pedro Davi Drugowick Ferreira Sao Paulo, 2017 Results Motivatio ion to to study vio iole lence/crime in in Brazil Statistics 12 million Number of

886 views • 24 slides
Validation & Evaluation CS 7250 S PRING 2020 Prof. Cody Dunne N ORTHEASTERN U NIVERSITY

Validation & Evaluation CS 7250 S PRING 2020 Prof. Cody Dunne N ORTHEASTERN U NIVERSITY

Validation & Evaluation CS 7250 S PRING 2020 Prof. Cody Dunne N ORTHEASTERN U NIVERSITY Slides and inspiration from Michelle Borkin, Krzysztof Gajos, Hanspeter Pfister, 1 Miriah Meyer, Jonathan Schwabish, and David Sprague B URNING Q

673 views • 45 slides
Uncertainty, Default, and Risk (Welch, Chapter 06-A) Ivo Welch Maintained Assumptions Perfect

Uncertainty, Default, and Risk (Welch, Chapter 06-A) Ivo Welch Maintained Assumptions Perfect

Uncertainty, Default, and Risk (Welch, Chapter 06-A) Ivo Welch Maintained Assumptions Perfect Markets 1. No differences in opinion. 2. No taxes. 3. No transaction costs. 4. No big sellers/buyersinfinitely many clones that can buy or

819 views • 42 slides
Advanced Network Security 1. Course Outline Jaap-Henk Hoepman Digital Security (DS) Radboud

Advanced Network Security 1. Course Outline Jaap-Henk Hoepman Digital Security (DS) Radboud

Advanced Network Security 1. Course Outline Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh About me Jaap-Henk Hoepman // Radboud University Nijmegen //

1.12k views • 48 slides
Announcements HW4 is out! Due Thursday, July 12, 10 pm Midterm: Monday, July 16 in

Announcements HW4 is out! Due Thursday, July 12, 10 pm Midterm: Monday, July 16 in

CSE 331 Note Card Survey (Anonymous) Software Design and Implementation 1. Keep: What have I been doing well that I should continue doing? 2. Change: What is something I already do, but should change so I do it better? 3. Stop: What is one bad

402 views • 15 slides
Test-Driven Development (TDD) EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG DbC:

Test-Driven Development (TDD) EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG DbC:

Test-Driven Development (TDD) EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG DbC: Supplier DbC is supported natively in Eiffel for supplier : class ACCOUNT create make feature -- Attributes owner : STRING balance : INTEGER feature --

558 views • 37 slides

More recommend