how to set up a csirt in an itil driven organization
play

How to set up a CSIRT in an ITIL driven organization Christian - PowerPoint PPT Presentation

Jun 22, 2023 •206 likes •380 views

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned How to set up a CSIRT in

  1. How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH

  2.  Introduction R-IT CERT  Idea  Introduction to ITIL  Example Vulnerability Management  Lessons Learned How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 2

  3. Raiffeisen Informatik Group 27 Locations 3,000 Employees Turnover 2009: 1.2 Billion Euro 40 years experience IT Services  IT Operations  Outsourcing  Security Services  Client Management  IT & Software Consulting  Output Services Outside of Europe: • China • Südafrika •Kasachstan How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 3

  4. Security Competences at Raiffeisen Informatik  Department Information Security Management  Information Security Management System  ISO 27001  Focus on Risk Management  Department Security Competence Center  Founded 2005  Headquarter of Raiffeisen Informatik CERT Austria  Penetration Testing  Responsible person/team for each Business Service as well as for each Technical Component How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 4

  5. General Situation  Large scale IT organization have to be standardized and to be compliant  IT Infrastructure Library  Business process maps  ISO 27001  COBIT  CSIRT  Customized services for constituency  Guidelines  helpful but generic How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 5

  6. General Situation  IT Infrastructure Library  Best practice library  De-facto standard  76 % of organizations align IT Service Management to ITIL*  Popular processes  Incident Management  Service Desk  Incident Management Process  Problem Management  Information Security Management *IT Service Management Studie MATERNA How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 6

  7. Questions  What are the implications of ITIL concerning  setting up a CSIRT  operate a CSIRT ITIL driven organization CSIRT How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 7

  8. Introduction to IT Infrastructure Library  5 Core publications  Service strategy  Service design  Service transition  Service operation  Continual service improvement  Target is an IT alignment to business processes Source: ITIL v3 The official Introduction to the Service Lifecycle: TSO (OGC); 2007 How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 8

  9. Service Strategy Service Strategy Service Design Transition IT Operations Service Improvement Service Strategy Service Design Transition IT Operations Service Improvement  Strategy development Service Reporting  Planning and Support Management of:  Event Management  Service Portfolio  7-Step  Service Asset and  Service Catalog  Incident Management Management Improvement Configuration Mgmt  Service Level  Problem Management  Financial Management process  Chance Mgmt  Capacity  Request Fulfillment  Demand Management  quality improvement  Release and Deployment  Availability  Access Management  Service Mgmt  IT Service Continuity Measurement  Service Validation &  Information Security Testing Evaluation  Supplier  Knowledge Mgmt How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 9

  10. Example Vulnerability Management  Information Security Management Process Information  ISO 27001:2005 (Plan)  Deming Cycle (Plan-Do-Check-Act)  CSIRT can produce added value  Economies of scale  Quality Countermeasure Report (Do) (Act) Audit (Check) How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 10

  11. Example Vulnerability Management  Vulnerability Management != Patch Management  TRUE  Workarounds  Configuration issues  Design issues  Functional patches How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 11

  12. Example Vulnerability Management PLAN DO CHECK ACT PLAN DO CHECK ACT  Information  Countermeasure  Audit  Report  Input  Problem Management  Vulnerability  Information Security  Penetration Tests – Scanning – CSIRT  Problem Tickets: Management CSIRT Service Service Penetration Testing triggered by measures, Less critical Information Security vulnerabilities Management  Incident Management  Security Advisories – CSIRT Service  High critical  Service Desk vulnerabilities How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 12

  13. Patch Management: affected ITIL Processes Service Strategy Service Design Transition IT Operations Service Improvement Service Strategy Service Design Transition IT Operations Service Improvement  Service Level  Planning and Support  Incident  Service Reporting Management: costumer  Service Asset and Management: patch  Service Measurement relations interface Configuration Mgmt (critical)  Financial  Review of  Change Mgmt  Problem Management infrastructure  Release and Deployment Management:  COST CONTROL requirements Mgmt patch, root problem  Continuity Management  Service Validation & search to minimize impacts Testing Evaluation  Risk assessment  Knowledge Mgmt  Vulnerability Management process How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 13

  14. Lessons Learned  Vulnerability Management != Patch Management  Incident != Security Incident  Service Strategy  Utility  Warranty  USP Constituency  Service Design  Information Security Management  ISO 27001:2005 good preparation for FIRST accreditation (Site Visit)  Information Security Management System  Define clear „interfaces“  Use the experience of your ISM Team  Easy way to achieve “separation of duties”  Service Operation  Incident Management: Service Desk  Process can be easily adopted for security incident management  Problem Management: Good way to implement penetration test measures How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 14

  15. Summary  Considering ITIL offers advantages  Important processes  Incident Management  Problem Management  Information Security Management  ISO 27001:2005 provides a good basis  Maybe a possibility to set up the process of CSIRTs easier How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 15

  16. Thank you for your attention! Raiffeisen Informatik GmbH Lilienbrunngasse 7-9 A-1020 Wien T +43 1/99 3 99 - 0 F +43 1/99 3 99 - 1100 E info@r-it.at www.raiffeiseninformatik.at How to set up a CSIRT in an ITIL driven organization | public Raiffeisen Informatik | 26.01.2010 | 16

Recommend

OTRS apoiando a implantao ITIL um caso de uso ITIL um caso de uso Superintendncia

OTRS apoiando a implantao ITIL um caso de uso ITIL um caso de uso Superintendncia

OTRS apoiando a implantao ITIL um caso de uso ITIL um caso de uso Superintendncia de Governana Eletrnica e de Tecnologia da Informao e Comunicao (SeTIC/UFSC) UFSC: OTRS apoiando a implantao ITIL - Um caso de

419 views • 28 slides
CSIRT training courses An update Karel Vietsch TF-CSIRT meeting, Amsterdam 23 January 2006 The

CSIRT training courses An update Karel Vietsch TF-CSIRT meeting, Amsterdam 23 January 2006 The

CSIRT training courses An update Karel Vietsch TF-CSIRT meeting, Amsterdam 23 January 2006 The TRANSITS Project July 2002 September 2005 funded by European Union project contractors: TERENA, UKERNA has produced:

186 views • 14 slides
Training Objectives Obtain knowledge of the ITIL terminology, structure and basic concepts and

Training Objectives Obtain knowledge of the ITIL terminology, structure and basic concepts and

Training Objectives Obtain knowledge of the ITIL terminology, structure and basic concepts and to comprehend the core principles of ITIL practices To appreciate how a framework, process and procedures are essential in providing a stable

441 views • 41 slides
Continuous Process Improvement: Defining Effective ITIL Key Performance Indicators Webinar

Continuous Process Improvement: Defining Effective ITIL Key Performance Indicators Webinar

Continuous Process Improvement: Defining Effective ITIL Key Performance Indicators Webinar March 13, 2007 Agenda Role and Importance of Measurement in ITIL Basic Measurement Definition Measurement Architecture Measurement

318 views • 30 slides
The Manhattan Beach Education Foundation is a community driven fund raising organization, which

The Manhattan Beach Education Foundation is a community driven fund raising organization, which

The Manhattan Beach Education Foundation is a community driven fund raising organization, which supplements state funding for programs that inspire learning, enrich teaching, and promote innovation and academic excellence in the public schools of

788 views • 13 slides
How to Untangle the Hairball: Integrating CMMI and ITIL How to Untangle the Hairball: Integrating

How to Untangle the Hairball: Integrating CMMI and ITIL How to Untangle the Hairball: Integrating

SEPG 2006 Nashville, TN March 2006 03-23-05 How to Untangle the Hairball: Integrating CMMI and ITIL How to Untangle the Hairball: Integrating CMMI and ITIL Effectively in Application Engineering and Operations Effectively in Application

586 views • 21 slides
GEO UK Chapter Meeting 20 June 2019 Member Driven Not for Profit Organization An Unrivalled

GEO UK Chapter Meeting 20 June 2019 Member Driven Not for Profit Organization An Unrivalled

GEO UK Chapter Meeting 20 June 2019 Member Driven Not for Profit Organization An Unrivalled Events Program o Industry-leading educational & networking opportunities o Attended by nearly 2,000 delegates in 21+ countries in 2018 A

270 views • 26 slides
Leaving our island: a communication and business strategy for a National CSIRT Christian Van

Leaving our island: a communication and business strategy for a National CSIRT Christian Van

Leaving our island: a communication and business strategy for a National CSIRT Christian Van Heurck Coordinator 24 th annual FIRST conference Malta - 17-22 June 2012 Agenda Core idea Case Introduction Techniques & Results

256 views • 23 slides
OBJECTIVES 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - STAFFING LEVELS - DRAFT

OBJECTIVES 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - STAFFING LEVELS - DRAFT

8/21/2019 MANAGEMENT 1 OBJECTIVES 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - STAFFING LEVELS - DRAFT MANAGEMENT OBJECTIVES 8/21/2019 VALUE DRIVEN MUTUAL BENEFIT ASSOCIATION 2 Vision: Tahoe Donner is a vibrant and

626 views • 31 slides
Urban Land Institute The Urban Land Institute is a global, member driven organization comprising

Urban Land Institute The Urban Land Institute is a global, member driven organization comprising

ULI Report: Agrihoods-Cultivating Best Practices 1/21/2019 Urban Land Institute The Urban Land Institute is a global, member driven organization comprising more than 42,000 real estate and urban development professionals dedicated to advancing

665 views • 18 slides
Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company

Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company

Andrii Pastushok PMC-VI, CISM, TOGAF, ITIL Personal vs Product company Initiatives, Internal or External Services Industry 10,5 B 4,5 B 2016 2016 *Forrester revenue forecast for 2011-2016. Pure staff augmentation has been

377 views • 18 slides
Can Management Systems Leverage Self Organization? Goal Driven Adaptive Management of Converged

Can Management Systems Leverage Self Organization? Goal Driven Adaptive Management of Converged

Can Management Systems Leverage Self Organization? Goal Driven Adaptive Management of Converged Networks and Services Marc Pucci SelfMan 2005 Chief Scientist Panel 2 Telcordia Technologies Applied Research marc@research.telcordia.com +1

194 views • 4 slides
Data Orchestration with Apache Airflow Data driven empower the organization to seek more

Data Orchestration with Apache Airflow Data driven empower the organization to seek more

Data Orchestration with Apache Airflow Data driven empower the organization to seek more understanding, through data analytics, about their business processes Apache Airflow Airflow is a platform to programmatically author, schedule

898 views • 34 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20 2007 FIRST Annual Technical Conference Sevilla, Espaa Overview Background Purpose of exercises Examples of what we can

351 views • 23 slides
Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D.

Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D.

Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D. Fellow Carnegie Mellon University Prof. Jos J. Gonzalez Software Engineering Institute Agder University College Frankfurt, Germany Faculty of

596 views • 26 slides
Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert,

Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert,

Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert, CRISC, CISA, Price2P, COBIT Senior Management Advisor, CISO & CDO Office National Bank of Greece Vice Chair, itSMF Hellas 16 th- 17 th of May 2018

702 views • 22 slides
Telecomunicaciones de Ecuador EcuCERT FIRST/TF-CSIRT Technical Colloquium Zurich 2014 Ecuador

Telecomunicaciones de Ecuador EcuCERT FIRST/TF-CSIRT Technical Colloquium Zurich 2014 Ecuador

Superintendencia de Telecomunicaciones de Ecuador EcuCERT FIRST/TF-CSIRT Technical Colloquium Zurich 2014 Ecuador LANGUAGE: SPANISH POPULATION: AROUND 16 ITS POSTITION IS 66 IN THE WORLD SIMILAR TO NETHERLANDS 65 IN THE WORLD AREA : 256,370

760 views • 29 slides
OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL V3, CCNA, CCNP, CASP, PCI-DSS, BSC-IT Lead Security Researcher @ Netwatch Technologies Project Consultant, Information Security Architects Ltd

454 views • 17 slides
Improving CX Makes the Difference! Alison Cartlidge Sopra Steria SM Consultant 20+ years ITIL

Improving CX Makes the Difference! Alison Cartlidge Sopra Steria SM Consultant 20+ years ITIL

Improving CX Makes the Difference! Alison Cartlidge Sopra Steria SM Consultant 20+ years ITIL Master itSMF Editor/Co-Author ISO/IEC 20000 (Service Management) UK Committee ISO/IEC 30105 (ITES-BPO) International & UK Committee SOPRA

383 views • 16 slides
Understanding CSIRT Knowledge Management Needs Oscar Serrano 03 April 2013 15/04/2013 NATO

Understanding CSIRT Knowledge Management Needs Oscar Serrano 03 April 2013 15/04/2013 NATO

Understanding CSIRT Knowledge Management Needs Oscar Serrano 03 April 2013 15/04/2013 NATO UNCLASSIFIED 1 Disclaimer This work was sponsored by NATOs Allied Command Transformation under the 2012 Cyber Defence Programme of Work. This

737 views • 21 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge marco.thorbruegge@enisa.eu.int 1 ENISAs tasks Risk assessment Becoming a centre and Track of expertise risk management standardisation Information

728 views • 16 slides
STRATEGIC PLAN GOALS 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - CASCADING GOALS -

STRATEGIC PLAN GOALS 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - CASCADING GOALS -

DRAFT 7-17-2019 1 STRATEGIC PLAN GOALS 2019-2020 - VALUE DRIVEN MUTUAL BENEFIT ORGANIZATION - CASCADING GOALS - DRAFT STRATEGIC PLAN DISCUSSION AND PRIORITIES DRAFT 7-17-2019 VALUE DRIVEN MUTUAL BENEFIT ASSOCIATION 2 Vision:

325 views • 30 slides

More recommend