CERT-MU Computer Emergency Response Team of Mauritius National Cybersecurity Drills: An Effort Towards Effective Response to Cyber Threats Jennita Appanah Appayya Information Security Consultant CERT-MU| National Computer Board
Cyber threat landscape CERT-MU § Change in the global cybersecurity challenges • From large-scale acts of international terrorism to ongoing civil war spilling over into neighboring countries • Cyber security landscape is fluid. • One of the key questions facing policy-makers is how best to prepare for a cyber incident: which resources, tools, expertise and systems are required to either prevent an incident occurring or to minimize the impact of an incident should it occur? • A useful and productive method for identifying these elements is by conducting cybersecurity exercises – simulated and controlled replication, observation and discussion of cyber incidents. www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 2
What is a Cybersecurity Drill? CERT-MU § Assess organisations’ preparedness to resist cyber- threats and enable timely detection, response, mitigation and recovery actions in the event of cyber-attacks. § Drill simulations are carried out in a controlled environment to train and assess organization’s capabilities in responding to incidents and managing crisis. § Wake-up calls – increased in the number of reported incidents www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 3
Models of Cybersecurity Drills CERT-MU www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 4
Execution of Cybersecurity Drills CERT-MU § Fictitious incident scenarios are developed. It consists of different incident types. § Teams are formed. § The drill facilitator explains and guides the team throughout the scenario analysis § Team(s) work out the solution and submit an advisory report. § Solutions are explained by the organising team. www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 5
How Cybersecurity Drill helps in Threat Preparedness? CERT-MU § To gauge and improve the preparedness in the identification, response, prevention and resolution of incidents. § To demonstrate organizations to evaluate the security posture and promote awareness of threats § To validate policies, plans and procedures, as well as with training, improving current tools and also to identify gaps and resources www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 6
Cybersecurity Drills as an active learning tool CERT-MU § The use of simulations and scenario-based activities as learning tools form a core part of what is known as “active learning”. § Encourage participants to use skills, techniques, tools and policy frameworks in a practical, simulated environment. § Participants actively engage with those situations, makes them better prepared to act if and when a situation occurs in real life. www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 7
Benefits of organizing Cyber Drills CERT-MU 1. Find out the realistic picture of the organisation’s cyber defense & incident response posture 2. To understand the appropriate course of actions in advance of a security breach. 3. Helps to identify ‘Indicators of Compromise’ 4. Testing of the incident detection and response plan www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 8
Cyber Drills Conducted by CERT-MU CERT-MU § Regional ITU Alert Cybersecurity Drill for Africa in April 2016 ( 20 African countries participated) § ITU Top Management Drill in March 2018 § SADC Cybersecurity Drill in September 2018 (15 SADC countries participated) www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 9
National Cyber Security Drill for the CIIs CERT-MU § Will be held from 25-28 June 2019 § Targeted CIIs – Financial sector and Civil Aviation § Objective – to assess the preparedness to resist cyber threats, enable timely detection, response, and mitigation and recovery actions in the event of cyber- attacks. § Cybersecurity Drill model – mixed (table top, full simulations) www . cert - mu . org . mu | Hotline : 800 2378 | Email : contact@cert . ncb . mu | Incident Reporting : incident@cert . ncb . mu 10
CERT-MU Thank Y Thank You Computer Emergency Response Team of Mauritius (CERT-MU) Tel: 210 55 20 | Hotline: 800 2378 General Enquiry: contact@cert.ncb.mu Subscribe to Mail List: subscribe@cert.ncb.mu CONTACT US Incident Reporting: incident@cert.ncb.mu Vulnerability Reporting: vulnerability@cert.ncb.mu Cybersecurity Portal: http://cybersecurity.ncb.mu Website: www.cert-mu.org.mu 11
Recommend
More recommend