1 / 16

CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army Aneta.Coufalikova@army.cz

CIRC Technical Centre. CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army Aneta.Coufalikova@army.cz www.circ.army.cz , www.circ.acr. Content. Basic information Experience and cooperation History Structure Information Portal CIRC Monitoring Technology Incident Desk

shelly-lewis
Download Presentation

CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army Aneta.Coufalikova@army.cz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIRC Technical Centre CPT Aneta COUFALÍKOVÁ, Ph.D. CIRC Centre, 34.zKIS, Czech Army Aneta.Coufalikova@army.cz www.circ.army.cz, www.circ.acr

  2. Content • Basic information • Experience and cooperation • History • Structure • InformationPortal CIRC • Monitoring Technology • Incident Desk • Incident and Vulnerability Handling

  3. Basic information • Essential element The Ministry of Defense in cyber security • Part of Communication and Information Systems Base • Dislocated in Brno MAIN GOALS: • Proactively identify security threats and incidents(monitoring) • Analyses • Rapid response • Reporting among administrators ofmilitary ICT systems • Share information and alerts with relevant partners in cyber defense field • Security awareness

  4. Experience and cooperation • Participating in many exercises (ICDW, CyberCoalition,etc.) andconferences (NIAS,CYTER, etc.) • Cooperating with many other institutions in part of cyber defense field (NCIRC TC, Nebraska University, University of Defense in Brno, Masaryk University, etc.)

  5. History • Establishedin 2007 as equivalent to NCIRC Technical Centre • Reached basic capability in monitoring and analyzing events in military network • Implemented IDS/IPS and NETFLOW sensors • Starting professional web Portal CIRC to build security awareness • Building up testing environment • Running WSUS server for patch distribution in military networks • Starting Incident desk for ticketing system

  6. Structure

  7. CSMIS Security technology Cyber Security Management & Information Systems include: • Information Portal CIRC (www.circ.acr), • External Information Portal (www.circ.army.cz), • Incident Desk, • Secure shared storage, • Link to SIEM (Security Information and eventmanager) • Alerter, • Central storage for collected data, • Wiki.

  8. Information Portal CIRC • Provideseveryday awareness of possible cyberdangersandthreats • Instructusersabout security threats • Allows to report the securityincident • Securezoneas a toolfor communication between security network administrators and CIRC Technical Centre staff • Knowledge base, Link to Incident desk, cyber defence instructions for IT specialists

  9. Information Portal CIRC Portal parts: • Daily News (cyber security news) • Security (security threats descriptions, security recommendetions, instructions, reports and statistics) • Software (freeware tools for detecking and removing different kind of threats) • Critical Security Paches (Microsoft, Adobe, browsers) • Publications (CIRC Bulletins, materials from workshops, dictionary …) • FAQ (the most frequent security topics) • About us (departments introduction and contacts) • WSUS, NTP Server(Network Time Protocol)

  10. Monitoring Technology • Monitoring of Military networks • Monitoring of data flows • Evaluation events of IPS/IDS • Processing logs of critical devices • SIEM – Security Information and eventmanager • Monitoring functionality of cyber security technologies • Incident Desk

  11. Monitoring Technology

  12. Incident Desk • Basic tool of incident handling • Management system for ticketing • Early warning system in case of cyber attack • Information support for ICT administrators & supervisors • Reports and statistics

  13. Detection AnalysisandRecommendation ClassificationResolvingand Incident closure Incident and VulnerabilityHandling • Cell of Watchkeepers • Service 24/7 • Detection • Describing events in the tickets • Basic analyze • Cell of Analysts / Vulnerability • Comprehensive analysis of events • Technical support for Watchkeepers • Determination of false positive • Incident identification • Recommendation escalate event to cyber security incident • Cell of Coordination • Escalation of events to security incident • Classification of the incidents • Cooperation in resolving the incident • Incident Reporting • Incident closure

  14. Workflow SCIRC – Local Administrators User • User is responsible for reporting every security offence including suspicion for possible incident to Local administrator • In case of absence LA user reports via special form „Reporting of security incident“ on Portal CIRC (www.circ.acrorwww.circ.army.cz), or use e-mailsKOCIRC@sis.acrorCIRC-IHO@army.cz. • During nonworking hoursuser reports via e-mailsoperatorCIRCMO@sis.acr • orCIRC-WK@army.cz, Is LA available? No Yes LA www.circ.acr, www.circ.army.cz

  15. Thanks, questions? Aneta.Coufalikova@army.cz

More Related