SlideShare ist ein Scribd-Unternehmen logo

Implementing CSIRT based on some frameworks and maturity model

Rakuten Group, Inc.
Rakuten Group, Inc.

We implemented CSIRT based on some frameworks and maturity model including FIRST Service Framework, SIM3 and some document devised in Japan. We will explain how to use these documents in this presentation.

Technologie
1 von 27
Implementing CSIRT based on some framework and maturity model Jun 7, 2020 Akitsugu Ito Cyber Security Defense Department (CSDD) Rakuten, Inc.
2 Who am I? Akitsugu Ito (@springmoon6) Specialty I’ve worked security industry for 9 years. - information security management / incident handling - product security / quality assurance Previous Presentation - OWASP SAMM v2 Introduction (02/08/2020) https://speakerdeck.com/springmoon6/owasp-samm-ver-dot-2-introduction-en - Introduction of PSIRT Framework (08/29/2020) https://speakerdeck.com/springmoon6/psirt-service-framework-falsegoshao-jie
3 Agenda General Flow Directions Roles & Services Dissemination Operation Future Tasks
4 General Flow Direction Define Services Services & Roles Dissemination Operation JPCERT/CC CSIRTマテリアル (11/26/2015) https://www.jpcert.or.jp/csirt_material/ Concept Build Operation
5 Background CSIRT for communicating with external stakeholders Each industry has an exclusive security community, such as ICT-ISAC.They have hold very important information inside members limitedly. It is necessary to establish new Rakuten Mobile CSIRT to catch the cyber threat information from exclusive security community, and enhance the communication with external stakeholders to fight against malicious activity like Phishing. Rakuten HQ - CSDD Rakuten-CERT Tech Community - System Security Lead IPA Dept. Dept. Dept. Dept. Dept. JPCERT/CC CSIRT Promotion Div. Rakuten-MobileCSIRT Rakuten Mobile Development Team ICT-ISAC, NISC, JAIPA Police CSIRT for Telecom industry in Japan External Stakeholders Rakuten Mobile Security Team 1. Direction
6 Relationship between Stakeholders Business FunctionCorporate Function CSIRT Promotion Div. Broad sense of Rakuten-Mobile CSIRT Rakuten Mobile Security Team Service Experience Center (SXC) Narrow sense of Rakuten-Mobile CSIRT InfoSec Promotion Div. Legal UX Mobile PR Representative Director/CEO Narrow sense of Rakuten Mobile CSIRT is CSIRT Promotion office. Broad sense of RM-CSIRT is a virtual team across the company. 1. Direction
7 CSIRT Services (CMU) ・RiskAnalysis ・Business Continuity and Disaster Recovery Planning ・Security Consulting ・Awareness Building ・Education /Training ・Product Evaluation or Certification ・Announcements ・TechnologyWatch ・SecurityAudits or Assessments ・Configuration and Maintenance of SecurityTools, Applications, and Infrastructures ・Development of SecurityTools ・Intrusion Detection Services ・Security-Related Information Dissemination ・Alert and Warning ・Incident Handling - IncidentAnalysis - Incident response on site - Incident response support - Incident response coordination -Vulnerability Handling -Vulnerability analysis -Vulnerability response -Vulnerability response coordination ・Artifact Handling - Artifact analysis - Artifact response - Artifact response coordination Reactive Service Proactive Service Security Quality Management Service 1. Direction CSIRT Promotion Div. Rakuten Mobile Security Team CSIRT Services (11/2002) https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53046
8 Define roles and responsibility We defined our roles of CSIRT (broad sense) based on Nippon CSIRT Association (NCA) materials. We separate roles into two categories, War Time and Peace Time. Narrow sense of CSIRT is Point of Contacts (PoC). 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
9 Commander CSIRT General Manager PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Executives / External Stakeholders Internal system / related system Self Assessment Risk Assessment , Vulnerability Management Incident Manager Analysis the status of incidents Solution Analysts Design System Security , Assess the effectiveness Triage Coordinate affected systems Information Aggregation Status of response Explain current status Define Priority Implement Investigator Investigate Forensic Inquiry Instruct Response Inquiry Information Aggregation Define the effected area Information Aggregation Report the affected area Planning / Promote If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Information Sharing Incident Handler Vendor Management / Incident response Coordinate Researcher Information gathering / Monitoring Production Environment / Analysis Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. Roles of CSIRT (War Time) 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
10 Roles of CSIRT (Peace Time) Executives / External Stakeholders Researcher Information gathering / Monitoring Production Environment / Analysis Vulnerability Assessor Information Aggregation Judge security risk Confirm status Confirm status Feedback Training Regularly implemented Information Sharing Information Aggregation Define the effected area PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Internal system / related system Coordinate affected systems Commander CSIRT General Manager Solution Analysts Design System Security , Assess the effectivenessImplement Incident Manager Analysis the status of incidents Self Assessment Risk Assessment , Vulnerability Management Information Aggregation Report the affected area Planning / Promote Trainer Coordinate Explain current status Gather Information Incident Handler Vendor Management / Incident response If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
11 Creating Detailed Service Lists FIRST Services Framework are high level documents detailing possible services CSIRTs and PSIRTs may provide. FIRST Services Framework https://www.first.org/standards/frameworks/ 2. Services
12 Structure of CSIRT Service Framework Service Area Service Service Service Function Function Function Function Function Support Service CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 2. Services
13 Service Areas 2. Services CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1
14 Detailed Service Lists CSIRT Service Category CSIRT Services CSIRT Service Framework v2 v2 Service Area CSIRT Service Framework v2 v2 Services Reactive Service Alerts and warning Information security event management Monitoring and Detection Analyzing Incident response support Information security incident management Information security incident report acceptance Incident response coordination Information security incident coordination Vulnerability response coordination Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure Proactive Service Announcements Information security incident management Information security incident coordination Vulnerability coordination Security related information dissemination Situational Awareness Data Acquisition Analyze and interpret Communication 2. Services CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div.
15 What should we implement with high priority? We referred maturity model (Global CSIRT Maturity Framework based on SIM3). 2. Services Open CSIRT – SIM3 SelfAssessment http://sim3-check.opencsirt.org/#/
16 SIM3 (Security Incident Management Maturity Model ) The European Union Agency for Cybersecurity (ENISA) uses SIM3 to strengthen the national CSIRT of each EU country and also provides an online assessment tool based on SIM3. We can measure the maturity and/or capability of security incident management. The maturity model is built on three basic elements - Maturity Parameters (44) - Maturity Quadrants (4) - Maturity Levels (0-4) Each Parameter belongs to one of four Quadrants - the Quadrants are therefore the main four categories of Parameters: 2. Services Organization Human Tools Process SIM3 : Security Incident Management Maturity Model mkXVIII (03/30/2015) https://www.trusted-introducer.org/SIM3-Reference-Model.pdf
17 Global CSIRT Maturity Framework (GCMF) The Global CSIRT Maturity Framework is an approach from the GFCE for stimulating the development and maturity enhancements of national CSIRTs. Although it’s aimed toward national CSIRTs, the methodology and concepts can also be applied to other CSIRTs or incident response teams. The framework relies on two building blocks: the Security Incident Management Maturity Model (SIM3) and a three-tier CSIRT maturity approach by ENISA. - Basic - Intermediate - Advanced We set the our first goal on Basic Level. Organization Human Tools Process Measure and Improve the Maturity ofYour Incident Response Team (11/06/2019) https://securityintelligence.com/articles/measure-and-improve-the-maturity-of-your- incident-response-team/ 2. Services
18 Comparison table between CSIRT Service framework and SIM3 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service - 3 Information security event management Monitoring and Detection Analyzing 1 Information security incident management Information security incident report acceptance 2 Information security incident coordination 3 Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure 1 Information security incident management Information security incident coordination Vulnerability coordination 3 Situational Awareness Data Acquisition Analyze and interpret Communication 2
19 Enhance Support Service with PSIRT Framework The detail of support service is not described in CSIRT Framework. So we will enhance support service with Operational Foundation in PSIRT Framework. PSIRT framework has similar structure with CSIRT Service framework. Operation foundation is same service area with operational foundation and has more detailed services. 2. Services Service Area Service Service Service Function Function Function Function Function Support Service PSIRT Services Framework version 1.1 (Spring 2020) https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1 Service Area Service Service Service Function Function Function Function Function Operational Foundations CSIRT Service Framework PSIRT Service Framework
20 Comparison table between Enhanced Support Service and GCMF 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service – Strategic Executive Sponsorship 3 Stakeholder 3 Charter 3 Organizational Model 3 Management and Stakeholder Support 3 Support Service – Tactical Budget - Staff 3 Resources and Tools 1 Support Service – Operational Policies and Procedures 2 Evaluation and improvement 1
21 Making KSA of Narrow sense of CSIRT Staff service requires defining detailed tasks and KSA (Knowledge, Skills and Ability) of CSIRT Promotion Office. We implement it based on SECBOK. SECBOK is a KSA lists based on NICE Framework. JNSA セキュリティ知識分野(SecBoK2019)(03/18/2019) https://www.jnsa.org/result/2018/skillmap/ 2. Services
22 Dissemination and Coordination training 3. Dissemination Briefing session at All Hands Meeting Simple CoordinationTraining
23 4. Operation Advanced Appropriate Target Immature Organization Human Tools Process Assessment with GCMF
24 Future Tasks (1) Increase maturity of each area especially proactive services. - CSIRT Service Framework covered reactive service well but proactive service is not enough.
25 Future Tasks (2) Mature some PSIRT related areas - SIM3 covered vulnerability management but it’s not enough for development organization Software Assurance Maturity Model (OWASP SAMM) https://owaspsamm.org/
26 Summary - Thank you for listening We implemented CSIRT based on some frameworks and maturity model. - JPCERT/CC CSIRTマテリアル - CSIRT Services (CMU) - CSIRT 人材の定義と確保 - FIRST Services Framework (CSIRT / PSIRT) - SecBok - SIM3 - Global CSIRT Maturity Framework (GCMF) We plan to improve our CSIRT using some OWASP outputs. - OWASP SAMM
Implementing CSIRT based on some frameworks and maturity model

Empfohlen

Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...
Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...
Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...BGA Cyber Security
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Aung Thu Rha Hein
 
NIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterNIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterMark Stafford
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİGÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİBGA Cyber Security
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 

Empfohlen

Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...
Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...
Windows Sistemler için Sysmon ve Wazuh Kullanarak Mitre ATT&CK Kurallarının ...BGA Cyber Security
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Aung Thu Rha Hein
 
NIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterNIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterMark Stafford
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİGÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİBGA Cyber Security
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Certified SOC Analyst
Certified SOC AnalystCertified SOC Analyst
Certified SOC AnalystSagarNegi10
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsPeter Rawsthorne
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiBGA Cyber Security
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİMSiber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİMSparta Bilişim
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptxSiphamandla9
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Certified SOC Analyst
Certified SOC AnalystCertified SOC Analyst
Certified SOC AnalystSagarNegi10
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsPeter Rawsthorne
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİMSiber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİMSparta Bilişim
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 

Was ist angesagt? (20)

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Certified SOC Analyst
Certified SOC AnalystCertified SOC Analyst
Certified SOC Analyst
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest Eğitimi
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİMSiber Güvenlik Eğitimleri | SPARTA BİLİŞİM
Siber Güvenlik Eğitimleri | SPARTA BİLİŞİM
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 

Ähnlich wie Implementing CSIRT based on some frameworks and maturity model

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxAnalyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxjustine1simpson78276
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxipalmer489
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Fox Theatre Institute
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...MaoTseTungBritoSilva1
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsIRJET Journal
 

Ähnlich wie Implementing CSIRT based on some frameworks and maturity model (20)

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docxAnalyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptx
 
20180430 csirt eng
20180430 csirt eng20180430 csirt eng
20180430 csirt eng
 
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdfCybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptx
 
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
Andrea Schultz, Dept. of Homeland Security, Power Point Presentation
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
Cyber+Capability+Toolkit+-+Cyber+Incident+Response+-+Cyber+Incident+Response+...
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
 

Mehr von Rakuten Group, Inc.

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話Rakuten Group, Inc.
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のりRakuten Group, Inc.
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Rakuten Group, Inc.
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みRakuten Group, Inc.
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開Rakuten Group, Inc.
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用Rakuten Group, Inc.
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャーRakuten Group, Inc.
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割Rakuten Group, Inc.
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Group, Inc.
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfRakuten Group, Inc.
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfRakuten Group, Inc.
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfRakuten Group, Inc.
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfRakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoRakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoRakuten Group, Inc.
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technologyRakuten Group, Inc.
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情Rakuten Group, Inc.
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャーRakuten Group, Inc.
 

Mehr von Rakuten Group, Inc. (20)

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
 

Kürzlich hochgeladen

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Kürzlich hochgeladen (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Implementing CSIRT based on some frameworks and maturity model

  • 1. Implementing CSIRT based on some framework and maturity model Jun 7, 2020 Akitsugu Ito Cyber Security Defense Department (CSDD) Rakuten, Inc.
  • 2. 2 Who am I? Akitsugu Ito (@springmoon6) Specialty I’ve worked security industry for 9 years. - information security management / incident handling - product security / quality assurance Previous Presentation - OWASP SAMM v2 Introduction (02/08/2020) https://speakerdeck.com/springmoon6/owasp-samm-ver-dot-2-introduction-en - Introduction of PSIRT Framework (08/29/2020) https://speakerdeck.com/springmoon6/psirt-service-framework-falsegoshao-jie
  • 3. 3 Agenda General Flow Directions Roles & Services Dissemination Operation Future Tasks
  • 4. 4 General Flow Direction Define Services Services & Roles Dissemination Operation JPCERT/CC CSIRTマテリアル (11/26/2015) https://www.jpcert.or.jp/csirt_material/ Concept Build Operation
  • 5. 5 Background CSIRT for communicating with external stakeholders Each industry has an exclusive security community, such as ICT-ISAC.They have hold very important information inside members limitedly. It is necessary to establish new Rakuten Mobile CSIRT to catch the cyber threat information from exclusive security community, and enhance the communication with external stakeholders to fight against malicious activity like Phishing. Rakuten HQ - CSDD Rakuten-CERT Tech Community - System Security Lead IPA Dept. Dept. Dept. Dept. Dept. JPCERT/CC CSIRT Promotion Div. Rakuten-MobileCSIRT Rakuten Mobile Development Team ICT-ISAC, NISC, JAIPA Police CSIRT for Telecom industry in Japan External Stakeholders Rakuten Mobile Security Team 1. Direction
  • 6. 6 Relationship between Stakeholders Business FunctionCorporate Function CSIRT Promotion Div. Broad sense of Rakuten-Mobile CSIRT Rakuten Mobile Security Team Service Experience Center (SXC) Narrow sense of Rakuten-Mobile CSIRT InfoSec Promotion Div. Legal UX Mobile PR Representative Director/CEO Narrow sense of Rakuten Mobile CSIRT is CSIRT Promotion office. Broad sense of RM-CSIRT is a virtual team across the company. 1. Direction
  • 7. 7 CSIRT Services (CMU) ・RiskAnalysis ・Business Continuity and Disaster Recovery Planning ・Security Consulting ・Awareness Building ・Education /Training ・Product Evaluation or Certification ・Announcements ・TechnologyWatch ・SecurityAudits or Assessments ・Configuration and Maintenance of SecurityTools, Applications, and Infrastructures ・Development of SecurityTools ・Intrusion Detection Services ・Security-Related Information Dissemination ・Alert and Warning ・Incident Handling - IncidentAnalysis - Incident response on site - Incident response support - Incident response coordination -Vulnerability Handling -Vulnerability analysis -Vulnerability response -Vulnerability response coordination ・Artifact Handling - Artifact analysis - Artifact response - Artifact response coordination Reactive Service Proactive Service Security Quality Management Service 1. Direction CSIRT Promotion Div. Rakuten Mobile Security Team CSIRT Services (11/2002) https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53046
  • 8. 8 Define roles and responsibility We defined our roles of CSIRT (broad sense) based on Nippon CSIRT Association (NCA) materials. We separate roles into two categories, War Time and Peace Time. Narrow sense of CSIRT is Point of Contacts (PoC). 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 9. 9 Commander CSIRT General Manager PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Executives / External Stakeholders Internal system / related system Self Assessment Risk Assessment , Vulnerability Management Incident Manager Analysis the status of incidents Solution Analysts Design System Security , Assess the effectiveness Triage Coordinate affected systems Information Aggregation Status of response Explain current status Define Priority Implement Investigator Investigate Forensic Inquiry Instruct Response Inquiry Information Aggregation Define the effected area Information Aggregation Report the affected area Planning / Promote If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Information Sharing Incident Handler Vendor Management / Incident response Coordinate Researcher Information gathering / Monitoring Production Environment / Analysis Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. Roles of CSIRT (War Time) 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 10. 10 Roles of CSIRT (Peace Time) Executives / External Stakeholders Researcher Information gathering / Monitoring Production Environment / Analysis Vulnerability Assessor Information Aggregation Judge security risk Confirm status Confirm status Feedback Training Regularly implemented Information Sharing Information Aggregation Define the effected area PoC Coordinate with internal & external Stakeholders Notification Coordination with related departments Internal system / related system Coordinate affected systems Commander CSIRT General Manager Solution Analysts Design System Security , Assess the effectivenessImplement Incident Manager Analysis the status of incidents Self Assessment Risk Assessment , Vulnerability Management Information Aggregation Report the affected area Planning / Promote Trainer Coordinate Explain current status Gather Information Incident Handler Vendor Management / Incident response If you need legal confirmation or advice on a daily basis, each role will request assistance from a legal advisor. Solid line : Information flow Dotted line : Information flow if necessary CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div. 2. Roles CSIRT 人材の定義と確保(03/13/2017) https://www.nca.gr.jp/activity/imgs/recruit-hr20170313.pdf
  • 11. 11 Creating Detailed Service Lists FIRST Services Framework are high level documents detailing possible services CSIRTs and PSIRTs may provide. FIRST Services Framework https://www.first.org/standards/frameworks/ 2. Services
  • 12. 12 Structure of CSIRT Service Framework Service Area Service Service Service Function Function Function Function Function Support Service CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 2. Services
  • 13. 13 Service Areas 2. Services CSIRT Services Framework 2.1.0 (11/2019) https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1
  • 14. 14 Detailed Service Lists CSIRT Service Category CSIRT Services CSIRT Service Framework v2 v2 Service Area CSIRT Service Framework v2 v2 Services Reactive Service Alerts and warning Information security event management Monitoring and Detection Analyzing Incident response support Information security incident management Information security incident report acceptance Incident response coordination Information security incident coordination Vulnerability response coordination Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure Proactive Service Announcements Information security incident management Information security incident coordination Vulnerability coordination Security related information dissemination Situational Awareness Data Acquisition Analyze and interpret Communication 2. Services CSIRT Promotion Div. Rakuten Mobile Security Team Service Experience Center (SXC) InfoSec Promotion Div.
  • 15. 15 What should we implement with high priority? We referred maturity model (Global CSIRT Maturity Framework based on SIM3). 2. Services Open CSIRT – SIM3 SelfAssessment http://sim3-check.opencsirt.org/#/
  • 16. 16 SIM3 (Security Incident Management Maturity Model ) The European Union Agency for Cybersecurity (ENISA) uses SIM3 to strengthen the national CSIRT of each EU country and also provides an online assessment tool based on SIM3. We can measure the maturity and/or capability of security incident management. The maturity model is built on three basic elements - Maturity Parameters (44) - Maturity Quadrants (4) - Maturity Levels (0-4) Each Parameter belongs to one of four Quadrants - the Quadrants are therefore the main four categories of Parameters: 2. Services Organization Human Tools Process SIM3 : Security Incident Management Maturity Model mkXVIII (03/30/2015) https://www.trusted-introducer.org/SIM3-Reference-Model.pdf
  • 17. 17 Global CSIRT Maturity Framework (GCMF) The Global CSIRT Maturity Framework is an approach from the GFCE for stimulating the development and maturity enhancements of national CSIRTs. Although it’s aimed toward national CSIRTs, the methodology and concepts can also be applied to other CSIRTs or incident response teams. The framework relies on two building blocks: the Security Incident Management Maturity Model (SIM3) and a three-tier CSIRT maturity approach by ENISA. - Basic - Intermediate - Advanced We set the our first goal on Basic Level. Organization Human Tools Process Measure and Improve the Maturity ofYour Incident Response Team (11/06/2019) https://securityintelligence.com/articles/measure-and-improve-the-maturity-of-your- incident-response-team/ 2. Services
  • 18. 18 Comparison table between CSIRT Service framework and SIM3 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service - 3 Information security event management Monitoring and Detection Analyzing 1 Information security incident management Information security incident report acceptance 2 Information security incident coordination 3 Vulnerability management Vulnerability report intake Vulnerability coordination Vulnerability disclosure 1 Information security incident management Information security incident coordination Vulnerability coordination 3 Situational Awareness Data Acquisition Analyze and interpret Communication 2
  • 19. 19 Enhance Support Service with PSIRT Framework The detail of support service is not described in CSIRT Framework. So we will enhance support service with Operational Foundation in PSIRT Framework. PSIRT framework has similar structure with CSIRT Service framework. Operation foundation is same service area with operational foundation and has more detailed services. 2. Services Service Area Service Service Service Function Function Function Function Function Support Service PSIRT Services Framework version 1.1 (Spring 2020) https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1 Service Area Service Service Service Function Function Function Function Function Operational Foundations CSIRT Service Framework PSIRT Service Framework
  • 20. 20 Comparison table between Enhanced Support Service and GCMF 2. Services CSIRT Service Framework v2 Service Area CSIRT Service Framework v2 Services SIM3 ENISA/GCMF Basic Level Support Service – Strategic Executive Sponsorship 3 Stakeholder 3 Charter 3 Organizational Model 3 Management and Stakeholder Support 3 Support Service – Tactical Budget - Staff 3 Resources and Tools 1 Support Service – Operational Policies and Procedures 2 Evaluation and improvement 1
  • 21. 21 Making KSA of Narrow sense of CSIRT Staff service requires defining detailed tasks and KSA (Knowledge, Skills and Ability) of CSIRT Promotion Office. We implement it based on SECBOK. SECBOK is a KSA lists based on NICE Framework. JNSA セキュリティ知識分野(SecBoK2019)(03/18/2019) https://www.jnsa.org/result/2018/skillmap/ 2. Services
  • 22. 22 Dissemination and Coordination training 3. Dissemination Briefing session at All Hands Meeting Simple CoordinationTraining
  • 24. 24 Future Tasks (1) Increase maturity of each area especially proactive services. - CSIRT Service Framework covered reactive service well but proactive service is not enough.
  • 25. 25 Future Tasks (2) Mature some PSIRT related areas - SIM3 covered vulnerability management but it’s not enough for development organization Software Assurance Maturity Model (OWASP SAMM) https://owaspsamm.org/
  • 26. 26 Summary - Thank you for listening We implemented CSIRT based on some frameworks and maturity model. - JPCERT/CC CSIRTマテリアル - CSIRT Services (CMU) - CSIRT 人材の定義と確保 - FIRST Services Framework (CSIRT / PSIRT) - SecBok - SIM3 - Global CSIRT Maturity Framework (GCMF) We plan to improve our CSIRT using some OWASP outputs. - OWASP SAMM

Hinweis der Redaktion

  1. Japanese National CSIRT JPCERT/CC offers the JPCERT/CC CSIRT Material at their web-site. This manual includes how to implement CSIRT at an organization. This material has three steps. Concept, Build and Operation. We referred this manual and built CSIRT in four stages, Direction, Define Services & Roles, Dissemination and Operation. I will explain each stages from now on.