SlideShare ist ein Scribd-Unternehmen logo

Cyber Security Efforts in Developing Nations

Security B-Sides
Security B-Sides

The document outlines the need for cybersecurity efforts in developing nations due to increasing internet connectivity. It proposes a community-oriented approach using Community Computer Security Incident Response Teams (C-CSIRTs) to provide cost-effective cybersecurity. C-CSIRTs would service smaller communities of 100-200 members and support each other to build experience over time. As communities grow, individual C-CSIRTs could combine to form a national CSIRT structure in a distributed, cost-effective manner. This approach aims to provide cyber protection and information sharing while accommodating limited resources in developing countries.

TechnologieNews & Politik
1 von 13
Downloaden Sie, um offline zu lesen
Outline • Critical Information Infrastructure Protection • Computer Security Incident Response Teams (CSIRTs) • Warning, Advice and Reporting Points (WARPs) • How does it all fit together? • Why is a national “cyber security” effort is required for developing nations? • Requirements for the developing world • Community-oriented Computer Security Incident Response Teams (C-CSIRTs) • Some Links and Resources
Critical Information Infrastructure Protection • Critical systems rely on a level of interconnection in order to operate • Internet • Private networks • Disruptions to the interconnecting networks can severely effect a country’s ability to function • DDoS attacks • Malware • Cyber crime • Cyber warfare • National critical information infrastructures must be protected from attack • External Threats • Internal Threats
Computer Security Incident Response Teams (CSIRTs) • The first CSIRT structure was created in the US in 1988 in response to the Morris Worm. • The Primary goals for a CSIRT • Monitor for threats • Report threats to interested parties (The constituency) • Provide support for “incidents” • The generic structure of a “traditional” CSIRT consists of: 1. Single Coordinating CSIRT 2. Many of Regional CSIRTs 3. Many of Private CSIRTs • CSIRTs must at least provide incident response services to its constituency.
Warning, Advice and Reporting Points (WARPs) • Smaller and more focused than CSIRTs • A single operator • 20-50 members • Members are related to each other • “Schools in the west of city” • “Pharmacists in the east of the city” • Informal in nature • Can deliver highly focused cyber security information to its members • WARPs and CSIRTs compliment each other • WARPs never act in isolation • WARPs are highly cost effective
How does it fit together? Coordinating CSIRT Regional CSIRTs Private CSIRTs Other Large WARPs Military Constituents Corporations
Drawbacks of the “traditional” CSIRT structure • CSIRTs are very expensive to setup and operate • Personnel costs • Technology costs • CSIRT structures are reactive by nature • Smaller constituents (those without resident IT security professionals) may get “bogged-down” with information. • Private CSIRTs will generally act in isolation • WARPS are too small to act in isolation
Why is a national “cyber security” effort is required for developing nations? • Broadband penetration in developing nations • Structures are not always in place to prevent abuse of the expanding technology • Developing nations are seen as a “safe haven” for cyber criminals • Developing nations may not have the resources to • A coordinated cyber security effort is essential!
Africa Undersea Cables – 2011 Image Source: http://manypossibilities.net/african-undersea-cables/
Requirements for the developing world • Cost effective • Structures must be dynamically expandable to support increasing connectivity • Support for Information Exchange and Knowledge Transfer. • Provide incident response, security advisory and security warning • Must embrace other technologies to support services • e.g. SMS
Community-oriented Computer Security Incident Response Teams (C-CSIRTs) • C-CSIRTs aim to provide: • CSIRT-like protection with WARP-like cost-effectiveness • Ability to expand to support new technologies • Individually functioning security teams which service a “community” • 100-200 members • “Net of protection” • C-CSIRTs will attempt to support each other • Builds experience • Builds knowledge-base • As the communities grow individual C-CSIRTs can be combined • Eventually a national CSIRT structure can develop. • Cost, experience, knowledge-base is distributed and developed over time.
Some Links and Resources • CERT (US) • http://www.cert.org/ • European Network and Information Security Agency • www.enisa.europa.eu/ • Handbook for Computer Security Incident Response Teams (CSIRTs) • www.cert.org/archive/pdf/csirt-handbook.pdf • Warning, advice and reporting point • http://www.warp.gov.uk/ • Akamai – State of the Internet Reports • http://www.akamai.com/stateoftheinternet/ • Many Possibilities – African Undersea Cables • http://manypossibilities.net/african-undersea-cables/
Questions?

Empfohlen

Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
CNCERT International Partnership in Emergency Response Conference: Cooperatio...
CNCERT International Partnership in Emergency Response Conference: Cooperatio...CNCERT International Partnership in Emergency Response Conference: Cooperatio...
CNCERT International Partnership in Emergency Response Conference: Cooperatio...APNIC
 
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - Algiers
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - AlgiersSmart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - Algiers
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - AlgiersSmart Algiers
 
Data security
Data securityData security
Data securityMuhammad Yasir
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsKatedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014Siddharth Phadnis
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 

Empfohlen

Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
CNCERT International Partnership in Emergency Response Conference: Cooperatio...
CNCERT International Partnership in Emergency Response Conference: Cooperatio...CNCERT International Partnership in Emergency Response Conference: Cooperatio...
CNCERT International Partnership in Emergency Response Conference: Cooperatio...APNIC
 
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - Algiers
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - AlgiersSmart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - Algiers
Smart Cities: Secure & Ethical by Design - Smart Cities Summit 2018 - AlgiersSmart Algiers
 
Data security
Data securityData security
Data securityMuhammad Yasir
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsKatedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014Siddharth Phadnis
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Itsm Fusion Final
Itsm Fusion FinalItsm Fusion Final
Itsm Fusion Finaldjaehnig
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeSamir Pawaskar
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy ProgramSamir Pawaskar
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum Carolyn Slade, MS-HIM
 
2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminarRobert David Steele Vivas
 
TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareEduardo Gonzalez Loumiet, MBA, PMP, CPHIMS
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)Rui Miguel Feio
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingLondon School of Cyber Security
 
Microsoft Security Incident Report
Microsoft Security Incident ReportMicrosoft Security Incident Report
Microsoft Security Incident Reportukdpe
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident responseLondon School of Cyber Security
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Dronesn|u - The Open Security Community
 
Security incident report
Security incident reportSecurity incident report
Security incident reportjohnkosonyhung
 
Incident Mgmt Nov 08
Incident Mgmt Nov 08Incident Mgmt Nov 08
Incident Mgmt Nov 08empower
 
Week 9 - eHealth in Ontario
Week 9 - eHealth in OntarioWeek 9 - eHealth in Ontario
Week 9 - eHealth in OntarioAlexandre Mayer
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security AwarenessThe Network Support Company
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat IGF Indonesia
 
Incident report writing
Incident report writingIncident report writing
Incident report writingChris Beyer
 
Incident report
Incident reportIncident report
Incident reportKelila Ranney
 

Weitere ähnliche Inhalte

Was ist angesagt?

Itsm Fusion Final
Itsm Fusion FinalItsm Fusion Final
Itsm Fusion Finaldjaehnig
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeSamir Pawaskar
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy ProgramSamir Pawaskar
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)Rui Miguel Feio
 

Was ist angesagt? (8)

Itsm Fusion Final
Itsm Fusion FinalItsm Fusion Final
Itsm Fusion Final
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory Landscape
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy Program
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar
 
TalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and HealthcareTalTech Luncheon Talk on Cybersecurity and Healthcare
TalTech Luncheon Talk on Cybersecurity and Healthcare
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)
 

Andere mochten auch

Microsoft Security Incident Report
Microsoft Security Incident ReportMicrosoft Security Incident Report
Microsoft Security Incident Reportukdpe
 
Security incident report
Security incident reportSecurity incident report
Security incident reportjohnkosonyhung
 
Incident Mgmt Nov 08
Incident Mgmt Nov 08Incident Mgmt Nov 08
Incident Mgmt Nov 08empower
 
Week 9 - eHealth in Ontario
Week 9 - eHealth in OntarioWeek 9 - eHealth in Ontario
Week 9 - eHealth in OntarioAlexandre Mayer
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat IGF Indonesia
 
Incident report writing
Incident report writingIncident report writing
Incident report writingChris Beyer
 
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan Siber
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan SiberID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan Siber
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan SiberIGF Indonesia
 
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberIGF Indonesia
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
Incident & Accident Reporting
Incident & Accident ReportingIncident & Accident Reporting
Incident & Accident Reporting87amanda
 
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...IGF Indonesia
 
7.incident reporting
7.incident reporting7.incident reporting
7.incident reportingitchomecare
 

Andere mochten auch (20)

Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability Testing
 
Microsoft Security Incident Report
Microsoft Security Incident ReportMicrosoft Security Incident Report
Microsoft Security Incident Report
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Drones
 
Security incident report
Security incident reportSecurity incident report
Security incident report
 
Incident Mgmt Nov 08
Incident Mgmt Nov 08Incident Mgmt Nov 08
Incident Mgmt Nov 08
 
Week 9 - eHealth in Ontario
Week 9 - eHealth in OntarioWeek 9 - eHealth in Ontario
Week 9 - eHealth in Ontario
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
ID IGF 2016 - Infrastruktur 3 - Tim Tanggap Darurat
 
Incident report writing
Incident report writingIncident report writing
Incident report writing
 
Incident report
Incident reportIncident report
Incident report
 
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan Siber
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan SiberID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan Siber
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan Siber
 
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
Incident & Accident Reporting
Incident & Accident ReportingIncident & Accident Reporting
Incident & Accident Reporting
 
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...
ID IGF 2016 - Infrastruktur 3 - Cyber Security Solution through Lemsaneg Fram...
 
7.incident reporting
7.incident reporting7.incident reporting
7.incident reporting
 

Ähnlich wie Cyber Security Efforts in Developing Nations

Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Defcon 18-geers-baltic-cyber-shield
Defcon 18-geers-baltic-cyber-shieldDefcon 18-geers-baltic-cyber-shield
Defcon 18-geers-baltic-cyber-shieldMark Johnson
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015Paul F. Roberts
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Crew
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 

Ähnlich wie Cyber Security Efforts in Developing Nations (20)

Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Defcon 18-geers-baltic-cyber-shield
Defcon 18-geers-baltic-cyber-shieldDefcon 18-geers-baltic-cyber-shield
Defcon 18-geers-baltic-cyber-shield
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
 
U nit 4
U nit 4U nit 4
U nit 4
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 

Mehr von Security B-Sides

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c Security B-Sides
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity B-Sides
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Security B-Sides
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineSecurity B-Sides
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsSecurity B-Sides
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldSecurity B-Sides
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?Security B-Sides
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSecurity B-Sides
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 

Mehr von Security B-Sides (20)

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atl
 
The road to hell v0.6
The road to hell v0.6The road to hell v0.6
The road to hell v0.6
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
 
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 
Make Tea Not War
Make Tea Not WarMake Tea Not War
Make Tea Not War
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
 
Exploitation
ExploitationExploitation
Exploitation
 

Kürzlich hochgeladen

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Kürzlich hochgeladen (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Cyber Security Efforts in Developing Nations

  • 1.
  • 2. Outline • Critical Information Infrastructure Protection • Computer Security Incident Response Teams (CSIRTs) • Warning, Advice and Reporting Points (WARPs) • How does it all fit together? • Why is a national “cyber security” effort is required for developing nations? • Requirements for the developing world • Community-oriented Computer Security Incident Response Teams (C-CSIRTs) • Some Links and Resources
  • 3. Critical Information Infrastructure Protection • Critical systems rely on a level of interconnection in order to operate • Internet • Private networks • Disruptions to the interconnecting networks can severely effect a country’s ability to function • DDoS attacks • Malware • Cyber crime • Cyber warfare • National critical information infrastructures must be protected from attack • External Threats • Internal Threats
  • 4. Computer Security Incident Response Teams (CSIRTs) • The first CSIRT structure was created in the US in 1988 in response to the Morris Worm. • The Primary goals for a CSIRT • Monitor for threats • Report threats to interested parties (The constituency) • Provide support for “incidents” • The generic structure of a “traditional” CSIRT consists of: 1. Single Coordinating CSIRT 2. Many of Regional CSIRTs 3. Many of Private CSIRTs • CSIRTs must at least provide incident response services to its constituency.
  • 5. Warning, Advice and Reporting Points (WARPs) • Smaller and more focused than CSIRTs • A single operator • 20-50 members • Members are related to each other • “Schools in the west of city” • “Pharmacists in the east of the city” • Informal in nature • Can deliver highly focused cyber security information to its members • WARPs and CSIRTs compliment each other • WARPs never act in isolation • WARPs are highly cost effective
  • 6. How does it fit together? Coordinating CSIRT Regional CSIRTs Private CSIRTs Other Large WARPs Military Constituents Corporations
  • 7. Drawbacks of the “traditional” CSIRT structure • CSIRTs are very expensive to setup and operate • Personnel costs • Technology costs • CSIRT structures are reactive by nature • Smaller constituents (those without resident IT security professionals) may get “bogged-down” with information. • Private CSIRTs will generally act in isolation • WARPS are too small to act in isolation
  • 8. Why is a national “cyber security” effort is required for developing nations? • Broadband penetration in developing nations • Structures are not always in place to prevent abuse of the expanding technology • Developing nations are seen as a “safe haven” for cyber criminals • Developing nations may not have the resources to • A coordinated cyber security effort is essential!
  • 9. Africa Undersea Cables – 2011 Image Source: http://manypossibilities.net/african-undersea-cables/
  • 10. Requirements for the developing world • Cost effective • Structures must be dynamically expandable to support increasing connectivity • Support for Information Exchange and Knowledge Transfer. • Provide incident response, security advisory and security warning • Must embrace other technologies to support services • e.g. SMS
  • 11. Community-oriented Computer Security Incident Response Teams (C-CSIRTs) • C-CSIRTs aim to provide: • CSIRT-like protection with WARP-like cost-effectiveness • Ability to expand to support new technologies • Individually functioning security teams which service a “community” • 100-200 members • “Net of protection” • C-CSIRTs will attempt to support each other • Builds experience • Builds knowledge-base • As the communities grow individual C-CSIRTs can be combined • Eventually a national CSIRT structure can develop. • Cost, experience, knowledge-base is distributed and developed over time.
  • 12. Some Links and Resources • CERT (US) • http://www.cert.org/ • European Network and Information Security Agency • www.enisa.europa.eu/ • Handbook for Computer Security Incident Response Teams (CSIRTs) • www.cert.org/archive/pdf/csirt-handbook.pdf • Warning, advice and reporting point • http://www.warp.gov.uk/ • Akamai – State of the Internet Reports • http://www.akamai.com/stateoftheinternet/ • Many Possibilities – African Undersea Cables • http://manypossibilities.net/african-undersea-cables/