How to set up a CSIRT in an ITIL driven organization Christian - - PowerPoint PPT Presentation

how to set up a csirt in an itil driven organization
SMART_READER_LITE
LIVE PREVIEW

How to set up a CSIRT in an ITIL driven organization Christian - - PowerPoint PPT Presentation

Jun 22, 2023 206 likes •381 views

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned How to set up a CSIRT in

slide-1
SLIDE 1

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH

slide-2
SLIDE 2

Raiffeisen Informatik | 26.01.2010 | 2 How to set up a CSIRT in an ITIL driven organization | public

  • Introduction R-IT CERT
  • Idea
  • Introduction to ITIL
  • Example Vulnerability Management
  • Lessons Learned
slide-3
SLIDE 3

Raiffeisen Informatik | 26.01.2010 | 3 How to set up a CSIRT in an ITIL driven organization | public

Outside of Europe:

  • China
  • Südafrika
  • Kasachstan

Raiffeisen Informatik Group

27 Locations 3,000 Employees Turnover 2009: 1.2 Billion Euro 40 years experience IT Services

  • IT Operations
  • Outsourcing
  • Security Services
  • Client Management
  • IT & Software Consulting
  • Output Services
slide-4
SLIDE 4

Raiffeisen Informatik | 26.01.2010 | 4 How to set up a CSIRT in an ITIL driven organization | public

Security Competences at Raiffeisen Informatik

  • Department Information Security Management
  • Information Security Management System
  • ISO 27001
  • Focus on Risk Management
  • Department Security Competence Center
  • Founded 2005
  • Headquarter of Raiffeisen Informatik CERT Austria
  • Penetration Testing
  • Responsible person/team for each Business Service as well as for

each Technical Component

slide-5
SLIDE 5

Raiffeisen Informatik | 26.01.2010 | 5 How to set up a CSIRT in an ITIL driven organization | public

General Situation

  • Large scale IT organization have to be standardized and to be

compliant

  • IT Infrastructure Library
  • Business process maps
  • ISO 27001
  • COBIT
  • CSIRT
  • Customized services for constituency
  • Guidelines
  • helpful but generic
slide-6
SLIDE 6

Raiffeisen Informatik | 26.01.2010 | 6 How to set up a CSIRT in an ITIL driven organization | public

General Situation

  • IT Infrastructure Library
  • Best practice library
  • De-facto standard
  • 76 % of organizations align IT Service Management to ITIL*
  • Popular processes
  • Incident Management
  • Service Desk
  • Incident Management Process
  • Problem Management
  • Information Security Management

*IT Service Management Studie MATERNA

slide-7
SLIDE 7

Raiffeisen Informatik | 26.01.2010 | 7 How to set up a CSIRT in an ITIL driven organization | public

  • What are the implications of ITIL concerning
  • setting up a CSIRT
  • operate a CSIRT

Questions

ITIL driven organization CSIRT

slide-8
SLIDE 8

Raiffeisen Informatik | 26.01.2010 | 8 How to set up a CSIRT in an ITIL driven organization | public

Introduction to IT Infrastructure Library

  • 5 Core publications
  • Service strategy
  • Service design
  • Service transition
  • Service operation
  • Continual service improvement
  • Target is an IT alignment to

business processes

Source: ITIL v3 The official Introduction to the Service Lifecycle: TSO (OGC); 2007

slide-9
SLIDE 9

Raiffeisen Informatik | 26.01.2010 | 9 How to set up a CSIRT in an ITIL driven organization | public

Service Strategy

Service Design Service Design Transition Transition IT Operations IT Operations Service Improvement Service Improvement Service Strategy Service Strategy

Management of:

  • Service Catalog
  • Service Level
  • Capacity
  • Availability
  • IT Service Continuity
  • Information Security
  • Supplier
  • Strategy development
  • Service Portfolio

Management

  • Financial Management
  • Demand Management
  • Planning and Support
  • Service Asset and

Configuration Mgmt

  • Chance Mgmt
  • Release and Deployment

Mgmt

  • Service Validation &

Testing Evaluation

  • Knowledge Mgmt
  • Event Management
  • Incident Management
  • Problem Management
  • Request Fulfillment
  • Access Management

Service Reporting

  • 7-Step

Improvement process

  • quality improvement
  • Service

Measurement

slide-10
SLIDE 10

Raiffeisen Informatik | 26.01.2010 | 10 How to set up a CSIRT in an ITIL driven organization | public

Example Vulnerability Management

Information (Plan) Countermeasure (Do) Audit (Check)

  • Information Security Management Process
  • ISO 27001:2005
  • Deming Cycle (Plan-Do-Check-Act)
  • CSIRT can produce added value
  • Economies of scale
  • Quality

Report (Act)

slide-11
SLIDE 11

Raiffeisen Informatik | 26.01.2010 | 11 How to set up a CSIRT in an ITIL driven organization | public

Example Vulnerability Management

  • Vulnerability Management != Patch Management  TRUE
  • Workarounds
  • Configuration issues
  • Design issues
  • Functional patches
slide-12
SLIDE 12

Raiffeisen Informatik | 26.01.2010 | 12 How to set up a CSIRT in an ITIL driven organization | public

Example Vulnerability Management

  • Report
  • Information Security

Management

  • Information
  • Input
  • Penetration Tests –

CSIRT Service triggered by Information Security Management

  • Security Advisories

– CSIRT Service

  • Service Desk
  • Countermeasure
  • Problem Management
  • Problem Tickets:

Penetration Testing measures, Less critical vulnerabilities

  • Incident Management
  • High critical

vulnerabilities

  • Audit
  • Vulnerability

Scanning – CSIRT Service

PLAN PLAN DO DO CHECK CHECK ACT ACT

slide-13
SLIDE 13

Raiffeisen Informatik | 26.01.2010 | 13 How to set up a CSIRT in an ITIL driven organization | public

Patch Management: affected ITIL Processes

  • Financial

Management

  • COST CONTROL

Service Design Service Design Transition Transition IT Operations IT Operations Service Improvement Service Improvement Service Strategy Service Strategy

  • Service Level

Management: costumer relations interface

  • Review of

infrastructure requirements

  • Continuity Management

to minimize impacts

  • Risk assessment
  • Vulnerability

Management process

  • Planning and Support
  • Service Asset and

Configuration Mgmt

  • Change Mgmt
  • Release and Deployment

Mgmt

  • Service Validation &

Testing Evaluation

  • Knowledge Mgmt
  • Incident

Management: patch (critical)

  • Problem

Management: patch, root problem search

  • Service Reporting
  • Service Measurement
slide-14
SLIDE 14

Raiffeisen Informatik | 26.01.2010 | 14 How to set up a CSIRT in an ITIL driven organization | public

Lessons Learned

  • Vulnerability Management != Patch Management
  • Incident != Security Incident
  • Service Strategy
  • Utility
  • Warranty  USP Constituency
  • Service Design
  • Information Security Management
  • ISO 27001:2005 good preparation for FIRST accreditation (Site Visit)
  • Information Security Management System
  • Define clear „interfaces“
  • Use the experience of your ISM Team
  • Easy way to achieve “separation of duties”
  • Service Operation
  • Incident Management: Service Desk
  • Process can be easily adopted for security incident management
  • Problem Management: Good way to implement penetration test measures
slide-15
SLIDE 15

Raiffeisen Informatik | 26.01.2010 | 15 How to set up a CSIRT in an ITIL driven organization | public

Summary

  • Considering ITIL offers advantages
  • Important processes
  • Incident Management
  • Problem Management
  • Information Security Management
  • ISO 27001:2005 provides a good basis
  • Maybe a possibility to set up the process of CSIRTs easier
slide-16
SLIDE 16

Raiffeisen Informatik | 26.01.2010 | 16 How to set up a CSIRT in an ITIL driven organization | public

Thank you for your attention!

Raiffeisen Informatik GmbH Lilienbrunngasse 7-9 A-1020 Wien T +43 1/99 3 99 - 0 F +43 1/99 3 99 - 1100 E info@r-it.at www.raiffeiseninformatik.at