CIRC Technical Centre CPT Aneta COUFALKOV Ph D

  • Slides: 16
Download presentation
CIRC Technical Centre CPT Aneta COUFALÍKOVÁ, Ph. D. CIRC Centre, 34. z. KIS, Czech

CIRC Technical Centre CPT Aneta COUFALÍKOVÁ, Ph. D. CIRC Centre, 34. z. KIS, Czech Army Aneta. Coufalikova@army. cz www. circ. army. cz, www. circ. acr

Content Basic information Experience and cooperation History Structure Information Portal CIRC Monitoring Technology Incident

Content Basic information Experience and cooperation History Structure Information Portal CIRC Monitoring Technology Incident Desk Incident and Vulnerability Handling

Basic information Essential element The Ministry of Defense in cyber security Part of Communication

Basic information Essential element The Ministry of Defense in cyber security Part of Communication and Information Systems Base Dislocated in Brno MAIN GOALS: Proactively identify security threats and incidents (monitoring) Analyses Rapid response Reporting among administrators of military ICT systems Share information and alerts with relevant partners in cyber defense field Security awareness

Experience and cooperation Participating in many exercises (ICDW, Cyber Coalition, etc. ) and conferences

Experience and cooperation Participating in many exercises (ICDW, Cyber Coalition, etc. ) and conferences (NIAS, CYTER, etc. ) Cooperating with many other institutions in part of cyber defense field (NCIRC TC, Nebraska University, University of Defense in Brno, Masaryk University, etc. )

History Established in 2007 as equivalent to NCIRC Technical Centre Reached basic capability in

History Established in 2007 as equivalent to NCIRC Technical Centre Reached basic capability in monitoring and analyzing events in military network Implemented IDS/IPS and NETFLOW sensors Starting professional web Portal CIRC to build security awareness Building up testing environment Running WSUS server for patch distribution in military networks Starting Incident desk for ticketing system

Structure Director Support CIRC Coordination Department Incident and Vulnerability Department Security Technologies Department

Structure Director Support CIRC Coordination Department Incident and Vulnerability Department Security Technologies Department

CSMIS Security technology Cyber Security Management & Information Systems include: • Information Portal CIRC

CSMIS Security technology Cyber Security Management & Information Systems include: • Information Portal CIRC (www. circ. acr), • External Information Portal (www. circ. army. cz), • Incident Desk, • Secure shared storage, • Link to SIEM (Security Information and event manager) • Alerter, • Central storage for collected data, • Wiki.

Information Portal CIRC Provides every day awareness of possible cyber dangers and threats Instruct

Information Portal CIRC Provides every day awareness of possible cyber dangers and threats Instruct users about security threats Allows to report the security incident Secure zone as a tool for communication between security network administrators and CIRC Technical Centre staff Knowledge base, Link to Incident desk, cyber defence instructions for IT specialists

Information Portal CIRC Portal parts: Daily News (cyber security news) Security (security threats descriptions,

Information Portal CIRC Portal parts: Daily News (cyber security news) Security (security threats descriptions, security recommendetions, instructions, reports and statistics) Software (freeware tools for detecking and removing different kind of threats) Critical Security Paches (Microsoft, Adobe, browsers) Publications (CIRC Bulletins, materials from workshops, dictionary …) FAQ (the most frequent security topics) About us (departments introduction and contacts) WSUS, NTP Server (Network Time Protocol)

Monitoring Technology Monitoring of Military networks • Monitoring of data flows • Evaluation events

Monitoring Technology Monitoring of Military networks • Monitoring of data flows • Evaluation events of IPS/IDS • Processing logs of critical devices SIEM – Security Information and event manager Monitoring functionality of cyber security technologies Incident Desk

Monitoring Technology

Monitoring Technology

Incident Desk Basic tool of incident handling Management system for ticketing Early warning system

Incident Desk Basic tool of incident handling Management system for ticketing Early warning system in case of cyber attack Information support for ICT administrators & supervisors Reports and statistics

Incident and Vulnerability Handling Cell of Watchkeepers • Service 24/7 • Detection • Describing

Incident and Vulnerability Handling Cell of Watchkeepers • Service 24/7 • Detection • Describing events in the tickets • Basic analyze Cell of Analysts / Vulnerability • Comprehensive analysis of events • Technical support for Watchkeepers • Determination of false positive • Incidentification • Recommendation escalate event to cyber security incident Cell of Coordination • Escalation of events to security incident • Classification of the incidents • Cooperation in resolving the incident • Incident Reporting • Incident closure Detection Analysis and Recommendation Classification Resolving and Incident closure

Workflow SCIRC – Local Administrators User is responsible for reporting every security offence including

Workflow SCIRC – Local Administrators User is responsible for reporting every security offence including suspicion for possible incident to Local administrator In case of absence LA user reports via special form „Reporting of security incident“ on Portal CIRC (www. circ. acr or www. circ. army. cz), or use e-mails KOCIRC@sis. acr or CIRC-IHO@army. cz. During nonworking hours user reports via e-mails operator. CIRCMO@sis. acr or CIRC-WK@army. cz, Is LA available? No Yes LA www. circ. acr, www. circ. army. cz

Thanks, questions? Aneta. Coufalikova@army. cz

Thanks, questions? Aneta. Coufalikova@army. cz

CPT And ICD9 CPT Codes CPT is CurrentCPT And ICD9 CPT Codes CPT is Current
CPT And ICD9 CPT Codes CPT is CurrentCPT And ICD9 CPT Codes CPT is Current
CIRC System Librarian 1 CIRC system librarian alephetabCIRC System Librarian 1 CIRC system librarian alephetab
EL CIRC Segle I d C El CircEL CIRC Segle I d C El Circ
circ CirclePoint50 50 40 circ Circle center radiuscirc CirclePoint50 50 40 circ Circle center radius
Chapter 6 CPT Codes CPT Codes What areChapter 6 CPT Codes CPT Codes What are
OPTCPT WORKSHOP What is CPT CPT or CurricularOPTCPT WORKSHOP What is CPT CPT or Curricular
FHWA CPT workshop Practical Experiences using the CPTFHWA CPT workshop Practical Experiences using the CPT
7 JQE Network CPT SQE Supplier JQE CPT7 JQE Network CPT SQE Supplier JQE CPT
Cardiovascular Systems CPT Disclaimer CPT copyright 2012 AmericanCardiovascular Systems CPT Disclaimer CPT copyright 2012 American
Curricular Practical Training CPT What is CPT CurricularCurricular Practical Training CPT What is CPT Curricular
QCM VBA Lcriture cpt cpt 1 signifie qQCM VBA Lcriture cpt cpt 1 signifie q
Cpt 6 Entrepreneurship Cpt 15 Individual Behaviour nCpt 6 Entrepreneurship Cpt 15 Individual Behaviour n
Probability Forecasts Verification using CPT Run CPT inProbability Forecasts Verification using CPT Run CPT in
www cpt co za 0860 CPT 0860 278www cpt co za 0860 CPT 0860 278