Computer Security Incident Response Team

1
Computer Security Incident Response Team

• Niraj Gandhi

2
Overview

• Why do we need CSIRT ?
• Goal of CSIRT
• Build CSIRT

3
Why do we need CSIRT?

• Organization need to respond immediately in case
  of
• Security attack
• Security incident
• So need formal Computer Security Incident
  Response Team
• For reporting, analyzing, and responding to
  computer security incidents

4
Goal of CSIRT

• Provide single point of contact
• Control and minimize damages
• Preserve evidence
• Provide quick and efficient recovery
• Prevent similar future events
• Gain insight into threats against the
  organization
• Maintain CIA

5

• ISA and CSIRT

Policies, Standards Procedures
Organization/ Infrastructure
ISA
Security Baseline
User Awareness and Training
Compliance
6
Organization or Infrastructure

• Def Setup Infrastructure by defining roles and
  responsibilities
• Will CSIRT review and repair compromised systems
• Or collect, analyze and disseminate information
  and provide guidance to others team

7
Policy, Standards and Procedure

• Def Rules adhered to by everyone in and
  associated with organization
• How does it react
• Reactive triggered by an event/request
• Proactive assistance in anticipation of attack
• Quality Management IT Auditing

8
Training

• Def Develop and implement effective user
  awareness program to communicate the policies,
  procedure and standards
• Training with in CSIRT team and customers of
  CSIRT
• Customer training
• How to establish communication channel ?
• What are the issues to report and how ?
• CSIRT team training
• Emerging technologies
• Intruder activities
• Legal and legislative rules

9
Compliance

• Def Establish a mechanism to monitor
  effectiveness by audit and compliance testing
• CSIRT services and organization both meets
  compliance
• Infrastructure review
• Best Practice review
• Scanning
• Penetration testing
• Incident handling procedure review

10
Security Baseline

• Def Mechanism for understanding the level of
  risk that exists with in an organization
• How effective the controls are ?
• Periodic control assessment
• Incident reporting and resolution documentation
• Trends and Research

11
(No Transcript)
12
Security Engineer
Ref http//www.securityfocus.com/jobs/opportuniti
es/5578
13
Summary

• For Security Manger
• Security Incident and attack trends
• Resource allocation
• Technological development
• Planning
• CSIRT Single point of contact
• Ref www.CERT.org

14
Suggestion ? Question ?