developing csirts in brazilian nren rnp
play

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the - PowerPoint PPT Presentation

Aug 29, 2023 •146 likes •601 views

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the innovative use of advanced networks. Education and research community: Universities; National Libraries; Research Institutes; Museums; Teaching hospitals;

  1. Developing CSIRTs in Brazilian NREN

  2. RNP Mission: To promote the innovative use of advanced networks. Education and research community:  Universities;  National Libraries;  Research Institutes;  Museums;  Teaching hospitals;  Others;

  3. CAIS

  4. CAIS Lines of action Technical Security Incident Expertise Handling Information Security Security Vulnerability Awareness handling CSIRT Development

  5. PFSI Information Security Strengthening Program in RNP Customers

  6. PFSI Information Security Strengthening Program in RNP Customers Incident Security Management System (SGIS) Malicious Activity Combat Security Awareness Actions Support to Develop Security Policy Documents Support to Create and Develop CSIRTs

  7. Motivation Co Corpo porate e sec ecurity tea team and CSI CSIRT i is th the s e same th thing?

  8. Motivation  Security incidents and critical vulnerabilities Security overview grew last years. Security  Need to increase InfoSec capability in Brazilian Strengthening NREN. PROJECT CSIRTs in RNP Customers  Compliance with Brazilian legal regulations, Brazilian NREN especially for organizations that are part of Federal Public Administration Incident handling  Corporate security team ≠ CSIRT focus

  9. Goals CSIRTs in RNP Customers Project  Create a default and generic template to CSIRT Template of CSIRT establishment, applicable to Brazilian NREN environment.  Define a security incident management template, Incident with process and procedures to all steps of incident Management handling lifecycle. PROJECT CSIRTs in RNP Customers  Provide a guide and checklist to support Guide establishment of new CSIRTs.  Promote interaction between new and existing Interaction CSIRT teams.

  10. Technical Background ABNT ISO/IEC 27002:2013 Guidelines of Security Incident Management. Normative Instruction GSI/PR Nº1:2008 - Procedures and responsibilities; Standards - Security Information Events evaluation; RFC 2350 - Security Information Incidents response; - Evidence collection. ISO/IEC 27035:2016

  11. Technical Background Normative Instruction GSI/PR Nº1:2008 Disciplines creation of new CSIRT Complementary teams in Brazilian Federal Public Standard Administration departments and Standards nº 05/IN01/DSIC/GSIPR entities. Establishes guidelines for Incident Complementary Management in Brazilian Federal Standard Public Administration departments nº 08/IN01/DSIC/GSIPR and entities.

  12. Technical Background RFC 2350 Best Practices of CSIRTs Standards Mission statement and scope CSIRT Policies and procedures Security Communications Relationships between different CSIRTs

  13. Technical Background ABNT ISO/IEC 27035:2016 Security Incident Management guideline to Standards external organizations who provides Information security incident management services.

  14. Where to start? ? ? ? ? ?

  15. Methodology Planning Development Operation Implementation

  16. Step 1: Planning SWOT Analysis Methodology used to analyze internal and external environment of an organization. Data analysis with strategically positioning goal of an organization.

  17. Step 1: Planning Need to be Influence continuously involved Stakeholders and keep informed of Keep they all development - Project team informed, without direct - Board of directors involvement - InfoSec Management Commitee Interest - Legal team Keep they - Heritage sector Monitor the informed, without - IT Team attendance of its critical needs. responsibilities. - Employees - Students

  18. Step 2: Development Name of CSIRT

  19. Step 2: Development Constituency Mission Services Vision

  20. Step 2: Development Organizational Model Authority Organizational Structure

  21. Step 3: Implementation 1) Infrastructure 2) People Management 3) Funding 4) Policies and procedures

  22. Step 3: Implementation Infrastructure Recursos REDE EXTERNA REDE DE DADOS INTERNA DO CSIRT - External network - Hardware REDE DMZ - DMZ LOCAL EXTERNA - Software /securit rity - Internal Servers - Network - Testing SERVIÇOS PÚBLICOS DO CSIRT - LAN FIREWALL REDE DE TESTES SERVIDORES INTERNOS TESTE DE SOLUÇÕES E NOVOS SERVIÇOS SERVIÇOS INTERNOS DO CSIRT

  23. Step 3: Implementation People Management Hir Hirin ing Professi ssional develo lopme ment - Curriculum analysis - Follow up / coaching - Job interview - Events - Contract details * CERT.br Brazilian Forum of CSIRTs * Career path * SBSeg (Security Brazilian Society) * Workload (8x5? 24x7? Weekends?) * Security Leaders - Professional ethic * LACNIC / LACSEC Fir irin ing * FIRST Technical Colloquium - Delete user/e-mail account - Notice to organization

  24. Step 3: Implementation Funding FINANCIAMENTO - Specific budget to CSIRT - Partnership with other CSIRTs - Sale of services to customers - Submit projects to Research Funding Organizations Policies and Procedures - Information handling / Information classification - Resources usage policies - Password policies - Communication Plan - Security Awareness Plan

  25. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:

  26. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:  Security incident notification channels  Communication systems;  Malicious activity detection;  Security incident notification elements  Incident description  IP source / destination  Ports / protocols / compromised services  Date and time (with correct GMT)

  27. Step 3: Implementation Incident Management Plan ESTRUTURA NORMATIVA – Planos de Gestão Six main steps:

  28. Step 4: Operation Disclosure Formalization - E-mail marketing - CSIRT formalization document template - Website - Awareness lectures Analysis - Statistics - Indicators * Incidents by time / category * Incidents closed in/out time * More used protocols * Incidents closed in certain period * IP address involved * Time spent to close incidents

  29. Step 4: Operation CSIRT formalization document sample Formalização

  30. Results – Establishment CSIRTs in Brazilian NREN Best Practices Guide

  31. Results – Establishment CSIRT Checklist

  32. Results – Documentation template

  33. Results

  34. Results

  35. Results

  36. Cases Salvador/BA Santa Maria/RS

  37. Cases TRIIF – Incident Response Team of Instituto Federal Farroupilha

  38. Cases TRIIF – Incident Response Team of Instituto Federal Farroupilha http://triif.iffarroupilha.edu.br

  39. Cases UFBA – Federal University of Bahia

  40. Cases UFBA – Federal University of Bahia

  41. Cases UFBA – Federal University of Bahia

  43. CSIRTs establishment support service

  44. Thanks! RNP – Brazilian Educational and Research Network CAIS – RNP Incident Security Response Team Rildo Souza Yuri Alexandro Security Analyst Security Analyst rildo.souza@rnp.br yuri.ferreira@rnp.br

Recommend

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP Brazilian National Research and Education Network (RNP). Created in 1989. Implementing the first Latin American fiber network in 2005.

470 views • 22 slides
Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian Pharmacopoeia Coordination Brazilian Health Regulatory Agency ANVISA Arthur Leonardo Lopes da Silva Feb/2020 The views expressed herein are those of

555 views • 16 slides
Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this

Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this

Developing a Brazilian Iron Ore Business August 2010 Disclaimer Not all images in this presentation are images of Centaurus Metals Projects. This presentation does not constitute investment advice. Neither this presentation nor the information

542 views • 23 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director February, 2012 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

654 views • 34 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director November, 2011 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

468 views • 36 slides
Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer

Developing a Brazilian Iron Ore Business Darren Gordon, Managing Director May, 2011 Disclaimer This presentation does not constitute investment advice. Neither this presentation nor the information contained in it constitutes an offer,

470 views • 27 slides
NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc

NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc

Akademska in raziskovalna mrea Slovenije NREN Service Services s and and Support Support for for Schools Schools NREN Tomi Dolenc Academic and Research Network of Slovenia tomi.dolenc@arnes.si Outline Outline Akademska in

628 views • 18 slides
Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki Mirosaw Maj NASK / CERT Polska 20th FIRST Annual Conference,

770 views • 37 slides
Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge

Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge

Mapping the NREN Business Model using the Business Model Canvas: the case of TENET By: Tiwonge Msulira Banda UbuntuNet Alliance WACREN 2016, Dakar, Senegal, 17-18 March 2016 1 Outline } Introduction } South Africa NREN Ecosystem } Purpose of

645 views • 22 slides
Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN SURFnet is the Dutch National Research & Education Network (NREN) Services, innovation, knowledge Not for profit Task organisation of

710 views • 28 slides
Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security Analyst Christian Van Heurck Coordinator 24 th annual FIRST conference Malta - 17-22 June 2012 Knowledge is power . Knowledge shared is

404 views • 39 slides
Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William Yurcik* <byurcik@gmail.com> Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham University of Texas at Dallas 20 th Annual FIRST

172 views • 15 slides
The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

SPECIAL Panel Session: The day disaster struck the northeastern part of Japan The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT Yoshinobu Matsuzaki , IIJ-SECT Teruo Fujikawa , NCSIRT Yusuke Gunji,

1.14k views • 54 slides
A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an organization 18 th June, 2012 NTT-CERT Ikuya HAYASHI Meiji Univ. Daisuke SUGIHARA Meiji Univ. Miyoko SUZUMURA Meiji Univ. Aki NAKANISHI Okinawa Univ.

730 views • 48 slides
Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor

Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor

W A S H I N G T O N D C O C T O B E R 2 0 1 0 Risk Modeling: The Brazilian Experience Andre Proite Brazilian National Treasury Investor Relations Office- Manager Motivation Cost-Risk Analysis Long term view Model Description Connecting

753 views • 23 slides
distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants

distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants

What are the main drivers of Brazilian income distribution changes in the new millennium? UNU- WIDER: Inequality in the Developing Giants Brazil Principal and Junior Investigators: Marcelo Neri (lead, FGV) Ceclia Machado (FGV)

467 views • 19 slides
D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or

D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or

D4 Project Open and collaborative network monitoring Team CIRCL D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or private organisations) build their own honeypot, honeynet or blackhole monitoring

577 views • 36 slides
D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or

D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or

D4 Project Open and collaborative network monitoring Team CIRCL D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or private organisations) build their own honeypot, honeynet or blackhole monitoring

844 views • 38 slides
Non Resident Investors in Brazilian Public Debt Andre Proite Brazilian National Treasury

Non Resident Investors in Brazilian Public Debt Andre Proite Brazilian National Treasury

W A S H I N G T O N D C O C T O B E R 2 0 1 0 Non Resident Investors in Brazilian Public Debt Andre Proite Brazilian National Treasury Investor Relations Office- Manager The importance of Non Resident Investors Overview Since the 90s,

451 views • 10 slides
AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

MARINHO.BARCELLOS@UFRGS.BR AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE OVERVIEW CESeg SIG SBSeg symposium Cyber security document issued by CESeg 3 AN

542 views • 21 slides
Networks for Research and Edu- cation in Europe in the Age of Fibre - Where do we move? - Klaus

Networks for Research and Edu- cation in Europe in the Age of Fibre - Where do we move? - Klaus

Networks for Research and Edu- cation in Europe in the Age of Fibre - Where do we move? - Klaus Ullmann DFN GM, Chairman GN2 Exec & Dante Board Seite 1 Contents 1. NREN Constituency 2. NREN Users / advanced applications 3. Technology

556 views • 21 slides
CSIRTs are to Product Security as Ferries are to Islands Speakers: Erka Koivunen, Head of CERT-FI

CSIRTs are to Product Security as Ferries are to Islands Speakers: Erka Koivunen, Head of CERT-FI

CSIRTs are to Product Security as Ferries are to Islands Speakers: Erka Koivunen, Head of CERT-FI Anu Puhakainen, Head of Ericsson PSIRT Introduction to both CERT teams Ericsson Product Security Incident Response Team has been officially

608 views • 4 slides
The Brazilian Capital Market: BM&FBOVESPA s role Edemir Pinto Feb-9-12 Opportunities in

The Brazilian Capital Market: BM&FBOVESPA s role Edemir Pinto Feb-9-12 Opportunities in

The Brazilian Capital Market: BM&FBOVESPA s role Edemir Pinto Feb-9-12 Opportunities in Brasil Olympic Games in 2016 Brazilian Companies need World Soccer Cup in 2014 to be ready for growing and also consider financing Pre Salt

129 views • 9 slides
Collaboration without Borders: The NREN Telepresence Community Yves Poppe Dir. Bus. Dev. &

Collaboration without Borders: The NREN Telepresence Community Yves Poppe Dir. Bus. Dev. &

Collaboration without Borders: The NREN Telepresence Community Yves Poppe Dir. Bus. Dev. & Strategy IP APAN Hanoi, august 2010 Collaboration session 1 Tata Group Overview 140-year old largest private sector group $62.5 billion in

463 views • 18 slides

More recommend