100 likes | 120 Views
Learn the importance of establishing a CERT team for responding to security breaches, unauthorized access, data leaks, and more. Discover key steps, duties, tools, and resources for effective incident response management.
E N D
Mr. Mike Finley, CISSP • Senior Security Engineer • Computer Science Corporation e-mail: mfinley2@csc.com August 1999
Why do you need a CERT Security Breaches Employee access abuse Unauthorized access by outsiders Leak of proprietary data Theft/destruction of computing resources Viruses Access abuse by nonemployee authorized users
Building a response team Senior Management Support Right mix of people with right skill sets Intrusion-Detection Systems Work area Training SW/HW new technologies Funding
Building a response team Establish Policies and Procedures Have a Concept of Operations Internal / External Coordination Be Flexible Establish Trust Know your users/customers Know your limits
Building a response team Test your response procedures against critical business functions Do you have proper plans in place Personnel notification plan Disaster recovery plan Contingency plan Processing agreement plan
Typical CERT duties Monitor, audit, and test systems and networks for possible security problems Provide investigation, coordination, reporting, and follow up of network security incidents Test and install security infrastructure to tools Test and install patches and fixes for security vulnerabilities in vendor software Stay current on security technology Advocate corporate computer security policy
Incident response Determine the nature and scope of the incident Contact key management personnel Solve problem and get system back to normal operations Execute nontechnical actions Learn from the incident
Where can you go for help Incident response centers CERT coordination center (www.cert.org) Computer Incident Advisory Capability CIAC (www.ciac.llnl.gov) Forum of Incident Response and Security Teams FIRST (www.first.org)
Security Web Sites www.cs.purdue.edu/coast www.securityportal.com www.itpolicy.gsa.gov www.java.sun.com/security www.icsa.net www.ers.ibm.com
Security mailing list Best-of Security-request@cyber.com.au Cert-advisory-request@cert.org Coast security archive Coast-request@cs.purdue.edu The risk forum- majordomo@csl.sri.com Intrusion detection-majordomo@uow.edu NT Bugtraq- listserv.ntbugtraq.com