cyber incident management national and regional lessons
play

Cyber Incident Management -National and Regional Lessons Learned- - PowerPoint PPT Presentation

ARF Seminar on Operationalizing Cyber CBMs at Singapore 21 22 October 2015 Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy Counsellor, NISC, Cabinet Secretariat, Japan Our organization NISC : N


  1. ARF Seminar on Operationalizing Cyber CBMs at Singapore 21 ‐ 22 October 2015 Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy Counsellor, NISC, Cabinet Secretariat, Japan

  2. Our organization… NISC : N ational center of I ncident readiness and S trategy for C ybersecurity • 6 groups Strategy and Policy Planning • Various project teams International Strategy Deputy Director-General Comprehensive Measures for Government Agencies Director-General of NISC Critical Information Infrastructure Protection Deputy Director-General Integration and Coordination of Cybersecurity Information Cybersecurity Advisers Incident Investigation and Analysis 1

  3. Information what NISC needs… Strategic level  Information on law, policy, and strategy • International • Domestic  Situational Information: • Incident reports • Threat trends Collecting, processing, • Information on actors in cyberspace analyzing, and utilizing information for the • Best practices and measures on cybersecurity national cybersecurity  Technical information: • Malware • Vulnerability Operational level 2

  4. Information Channels  Domestic: • GSOC [Government Security Operation Coordination team] • Each government agency’s CSIRT • JPCERT/CC and other partners • Law enforcement agencies • Private sector  International: • Formal communication channels e.g. bilateral cyber-dialogues • Multilateral frameworks e.g. FIRST • Informal meetings and communications • poc@nisc.go.jp 3

  5. Incident management framework and information sharing… Each Ministry’s CSIRT  Situational awareness and analysis  Incident response Used effectively?  Report to decision makers GSOC [Government Security Operation Coordination team]  Training and exercise  Real-time network monitoring Warnings & notifications  Information sharing and cooperation  Malware analysis and information gathering GSOC  Prompt warnings on threats Monitoring Sensor Reports Ministry A PoC CSIRT CYMAT [CYber incident Mobile Assistance Team] Timely & precisely?  Members: government officials with advanced Cooperation among experiences and knowledge on cybersecurity CSIRTs Timely & effectively?  Be mobilized for serious impact cyber incidents GSOC GSOC Sensor that require government-wide response Sensor Request for assistance  Provides technical assistance to the Ministry C Ministry B government bodies for: PoC CSIRT PoC CSIRT • Accurate situational awareness & analysis Technical assistance Response • Incident response and damage control and advice • Recovery from incidents Technical • Recurrence prevention Assistance • Exercises and Trainings Collaboration, • Private sector information sharing • International partners, etc . Work practically? 4

Recommend


More recommend