Mr Mike Finley CISSP Senior Security Engineer Computer

Why do you need a CERT Security Breaches Employee access abuse Unauthorized access by

Building a response team Senior Management Support Right mix of people with right skill

Building a response team Establish Policies and Procedures Have a Concept of Operations Internal

Building a response team Test your response procedures against critical business functions Do you

Typical CERT duties Monitor, audit, and test systems and networks for possible security problems

Incident response Determine the nature and scope of the incident Contact key management personnel

Where can you go for help Incident response centers CERT coordination center (www. cert.

Security Web Sites www. cs. purdue. edu/coast www. securityportal. com www. itpolicy. gsa. gov

Security mailing list Best-of Security-request@cyber. com. au Cert-advisory-request@cert. org Coast security archive Coast-request@cs. purdue.

Slides: 10

Download presentation

Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation e-mail: mfinley 2@csc. com August 1999

Why do you need a CERT Security Breaches Employee access abuse Unauthorized access by outsiders Leak of proprietary data Theft/destruction of computing resources Viruses Access abuse by nonemployee authorized users

Building a response team Senior Management Support Right mix of people with right skill sets Intrusion-Detection Systems Work area Training SW/HW new technologies Funding

Building a response team Establish Policies and Procedures Have a Concept of Operations Internal / External Coordination Be Flexible Establish Trust Know your users/customers Know your limits

Building a response team Test your response procedures against critical business functions Do you have proper plans in place Personnel notification plan Disaster recovery plan Contingency plan Processing agreement plan

Typical CERT duties Monitor, audit, and test systems and networks for possible security problems Provide investigation, coordination, reporting, and follow up of network security incidents Test and install security infrastructure to tools Test and install patches and fixes for security vulnerabilities in vendor software Stay current on security technology Advocate corporate computer security policy

Incident response Determine the nature and scope of the incident Contact key management personnel Solve problem and get system back to normal operations Execute nontechnical actions Learn from the incident

Where can you go for help Incident response centers CERT coordination center (www. cert. org) Computer Incident Advisory Capability CIAC (www. ciac. llnl. gov) Forum of Incident Response and Security Teams FIRST (www. first. org)

Security Web Sites www. cs. purdue. edu/coast www. securityportal. com www. itpolicy. gsa. gov www. java. sun. com/security www. icsa. net www. ers. ibm. com

Security mailing list Best-of Security-request@cyber. com. au Cert-advisory-request@cert. org Coast security archive Coast-request@cs. purdue. edu The risk forum- majordomo@csl. sri. com Intrusion detection-majordomo@uow. edu NT Bugtraq- listserv. ntbugtraq. com