Computer Security Incident Response Team - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Computer Security Incident Response Team

Description:

Computer Security Incident Response Team. Niraj Gandhi. Overview. Why do we need CSIRT ? ... Incident handling procedure review. Security Baseline ... – PowerPoint PPT presentation

Number of Views:2512
Avg rating:3.0/5.0
Slides: 15
Provided by: Ohm2
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Incident Response Team


1
Computer Security Incident Response Team
  • Niraj Gandhi

2
Overview
  • Why do we need CSIRT ?
  • Goal of CSIRT
  • Build CSIRT

3
Why do we need CSIRT?
  • Organization need to respond immediately in case
    of
  • Security attack
  • Security incident
  • So need formal Computer Security Incident
    Response Team
  • For reporting, analyzing, and responding to
    computer security incidents

4
Goal of CSIRT
  • Provide single point of contact
  • Control and minimize damages
  • Preserve evidence
  • Provide quick and efficient recovery
  • Prevent similar future events
  • Gain insight into threats against the
    organization
  • Maintain CIA

5
  • ISA and CSIRT

Policies, Standards Procedures
Organization/ Infrastructure
ISA
Security Baseline
User Awareness and Training
Compliance
6
Organization or Infrastructure
  • Def Setup Infrastructure by defining roles and
    responsibilities
  • Will CSIRT review and repair compromised systems
  • Or collect, analyze and disseminate information
    and provide guidance to others team

7
Policy, Standards and Procedure
  • Def Rules adhered to by everyone in and
    associated with organization
  • How does it react
  • Reactive triggered by an event/request
  • Proactive assistance in anticipation of attack
  • Quality Management IT Auditing

8
Training
  • Def Develop and implement effective user
    awareness program to communicate the policies,
    procedure and standards
  • Training with in CSIRT team and customers of
    CSIRT
  • Customer training
  • How to establish communication channel ?
  • What are the issues to report and how ?
  • CSIRT team training
  • Emerging technologies
  • Intruder activities
  • Legal and legislative rules

9
Compliance
  • Def Establish a mechanism to monitor
    effectiveness by audit and compliance testing
  • CSIRT services and organization both meets
    compliance
  • Infrastructure review
  • Best Practice review
  • Scanning
  • Penetration testing
  • Incident handling procedure review

10
Security Baseline
  • Def Mechanism for understanding the level of
    risk that exists with in an organization
  • How effective the controls are ?
  • Periodic control assessment
  • Incident reporting and resolution documentation
  • Trends and Research

11
(No Transcript)
12
Security Engineer
Ref http//www.securityfocus.com/jobs/opportuniti
es/5578
13
Summary
  • For Security Manger
  • Security Incident and attack trends
  • Resource allocation
  • Technological development
  • Planning
  • CSIRT Single point of contact
  • Ref www.CERT.org

14
Suggestion ? Question ?
Write a Comment
User Comments (0)
About PowerShow.com