• No results found

TOPICS TO BE COVERED: First Workshop for Computer Security Incident Management Experts

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "TOPICS TO BE COVERED: First Workshop for Computer Security Incident Management Experts"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

February 24-27, 2010/ Montevideo, Uruguay. Page 1

TOPICS TO BE COVERED:

First Workshop for Computer Security Incident Management

Experts

(2)

February 24-27, 2010/ Montevideo, Uruguay. Page 2

1

Recommended guidelines and actions for the creation of a

Computer Security Incident Response Center

1.1 Recommendations regarding the organization and regulations of the

future CSIRT’s host organization, including at least:

1.1.1 Recommended computer security policies at host organization level. 1.1.2 Recommended incident escalation and reporting policies.

1.1.3 Recommendations on the possible insertion of the CSIRT within the organization and possible relationship charts.

1.2 General recommendations regarding the physical infrastructure required

during the initial stages, considering:

1.2.1 Physical and environmental safety recommendations.

1.2.2 Recommendations for the CSIRT's network architecture, including their link to the host organization and the Internet, this item shall include a minumum standard installation design.

1.2.3 Computer services that must be initially available, (for example: request tracker, secure email, secure communications systems, honeypots, etc.).

1.3 Analysis and description of the benefits obtained by implementing an

Incident Response Center at an organization that makes intensive use of IT and the Internet

1.3.1 Cost-benefit analyses shall be promoted for organizations of different types and sizes, to be defined by the specialist.

This description of the chapter is tentative and may be enhanced and modified when developing the material. The material must be original and based on the best practices available.

The material to be developed shall consist of a manual containing in-depth knowledge of the topics to be covered, as well as a set of slides that may be used during the training sessions conducted at the dissemination workshops. Their duration shall be 4 hours.

2

Types of Response Centers, their mission and

strategic guidelines

(3)

February 24-27, 2010/ Montevideo, Uruguay. Page 3 2.1.1 Analysis of the relationship between the host organization's mission and the

type of response center to be developed.

2.2 Description of different ways to define the target beneficiary/client

community and its relation with the host organization's mission

2.2.1 Recommendations shall be made as to which are the best strategies for achieving high levels of relevance, legitimacy, and visibility within the target community.

2.3 Types of services that the Response Center may provide to the target

community

2.3.1 Recommendations shall be made regarding which services may be provided and their chronological development, as a means for achieving a better insertion within the community.

This description of the chapter is tentative and may be enhanced and modified when developing the material. The material must be original and based on the best practices available.

The material to be developed shall consist of a manual containing in-depth knowledge of the topics to be covered, as well as a set of slides that may be used during the training sessions conducted at the dissemination workshops. Their duration shall be 3 hours.

3

Description of the different functions within a Response

Center

3.1 Proposal for the specialization of functions within a Response Center

3.1.1 Segregation of functions within a Response Center.

3.1.2 Description of said functions in accordance with best practices.

3.1.3 Developing manuals and procedures relating to the main functions detailed in the preceding item.

3.1.4 Designing an end-to-end flowchart of the incident management process.

3.2 Proposals for the main policies and procedures required for the operation

of a Response Center

3.2.1 Code of ethics proposals.

(4)

February 24-27, 2010/ Montevideo, Uruguay. Page 4 3.2.3 Physical and environmental security policy proposals.

3.2.4 Incident management policy proposals.

3.3 Information management policy proposal

3.3.1 Policy proposal regarding team members' access to information. 3.3.2 Policy proposals regarding the protection of digital and paper media. 3.3.3 Information dissemination policy proposals.

3.3.4 Information storage policy proposals.

This description of the chapter is tentative and may be enhanced and modified when developing the material. The material must be original and based on the best practices available.

The material to be developed shall consist of a manual containing in-depth knowledge of the topics to be covered, as well as a set of slides that may be used during the training sessions conducted at the dissemination workshops. Their duration shall be 4 hours.

4

Response Center risk management policies

4.1 Best practices will be proposed for risk control at the future response

centers, as a way to orient proactive actions and future projects.

4.1.1 Proposed risk management methodology for this type of organizations.

4.1.2 Description of the main processes that will be managed using the proposed methodology.

4.1.3 Developing the risk management procedure and its implications in relation to the community.

4.2 The required skills of the members of the Response Center shall be

detailed.

4.2.1 Staff selection and hiring procedures. 4.2.2 Profile definition and proposal.

4.2.3 Policies for protecting against the risks inherent to human resources. 4.2.4 Necessary training.

(5)

February 24-27, 2010/ Montevideo, Uruguay. Page 5 This description of the chapter is tentative and may be enhanced and modified when developing the material. The material must be original and based on the best practices available.

The material to be developed shall consist of a manual containing in-depth knowledge of the topics to be covered, as well as a set of slides that may be used during the training sessions conducted at the dissemination workshops. Their duration shall be 3 hours.

5

Preparing for computer incident management

5.1 Developing and setting up a honeypot (3 hours)

5.1.1 A utilization manual for an open source honeypot and the methodological guide necessary for its subsequent installation and maintenance shall be developed, as well as the materials necessary for conducting a 3-hour workshop that will allow an in-depth understanding of how these devices are handled.

5.2 Incident management workshop (3 hours)

5.2.1 An exercise simulating an actual phishing attack will be conducted in which participants will have to analyze code and use malware tools.

The dynamics of the exercise shall encourage participants to research and discover the incident, and will include a closing report with a detailed presentation.

5.3 Incident management workshop II (4 hours)

5.3.1 An exercise simulating an actual botnet attack will be conducted in which participants will be required to interact among several CSIRTs, perform log analyses, and make real-time decisions. The need to cooperate and share information when faced with an attack situation shall be particularly stressed. The dynamics of the exercise shall encourage participants to research and discover the incident, and will include a closing report with a detailed presentation.

5.4 Developing a computer forensics analysis workshop (3 hours)

5.4.1 A manual shall be developed that may serve as the protocol to be followed in those cases where it is necessary to conduct standard computer forensics analysis activities. This manual shall place particular emphasis on preserving evidence for legal purposes. A workshop shall be prepared where this protocol will be placed into practice and the efficiency of having a specific methodology for these activities will be demonstrated.

References

Download now ( PDF - 5 Page - 40.23 KB )

Related documents

Study on the Economic Contribution of the Software Industry in Lebanon

An analysis of the economic contribution of the software industry examined the effect of software activity on the Lebanese economy by measuring it in terms of output and value

The Forum Selection Defense

Agreeing to use a particular forum means waiving certain legal rights. In a permissive agreement, the parties waive their objections to litigating in a particular court.

Building Blocks For Your Success

Complete machine tool expertise and support since 1968 Broad range of high quality and reputable machine tools Long standing relationships with machine tool suppliers..

Incarcerated and Pregnant: How Societal Attitudes Affect the Sentencing and Treatment of Pregnant Inmates in Rural Tennessee

Though it is not a true eth- nography, it is ethnographic in nature because it examines how traditional south- ern societal views when held by members of a small, rural

2013 CAHPS Adult Medicaid Member Satisfaction Survey

In October 1995, the Agency of Healthcare Research and Quality (AHRQ) began the CAHPS® initiative with researchers from Harvard Medical School, RAND, and Research Triangle

Ecological and socio-economical thresholds of land and plant-community degradation in semi-arid Mediterranean areas of southeastern Spain

Scatter plot and linear regression fit between the long range spatial autocorrelation of NDVI (α-DFA) and bare soil rate (a) and species richness (b) obtained from 24 500-m

The Road Map to HIPAA Compliance: What Your Nonprofit Needs to Know

They also include certain information technology providers, health information organizations, most entities that provide data or document transmission and storage services

Can ultrasound elastography distinguish metastatic from reactive lymph nodes in patients with primary head and neck cancers?

The purpose of this study was to evaluate the diagnostic utility of real-time elastography (RTE) in differentiat- ing between reactive and metastatic cervical lymph nodes (LN)