1 / 10

ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei

ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT- In’s Initiative on International Information Security Dr A S Kamble Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology

gazit
Télécharger la présentation

ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-In’s Initiative on International Information Security Dr A S Kamble Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Min. of Communications & IT, Govt. of India New Delhi Email : ask@mit.gov.in, askamble@cert-in.org.in

  2. Mission: ‘Alert, Advice and Assurance’ CERT-In: Mission and Mandate ‘Ensure security of cyber space in the country’ by ‘Enhancing the security of communications andInformation infrastructure’ through ‘Proactive action andeffective collaboration aimed atsecurity incident prevention, prediction, response & recovery and security assurance’ 2

  3. CERT-In: Legal Status CERT-In derives its authority from Section70B of Indian IT Act Amendments (2008). Section 70B: Designates CERT-In as the National nodal agency to carry out all activities related to cyber security and emergency response. In discharge of its functions, CERT-In is empowered to call for information and give direction to service providers, intermediaries, data centres, body corporate & any other person. Any failure to comply with its request or directions is liable for punishment as provided in the amended Act. 3

  4. CERT-In Partners & Stakeholders ISPs Key Networks Sectoral CERTs CSIRTs Vendors Law Enforcement Agencies CERT-In Media Small and Home Users International CERTs APCERT FIRST -- Government Sector - Critical information Infrastructure - Corporate Sector CERT-In is the nodal agency to coordinate all cyber security related matters in India 4

  5. Analysis Detection Dissemination & Support Department of Information Technology ISP Hot Liners Major ISPs Private Sectors Foreign partners Home Users Analysis Press & TV / Radio Detect Dissemination Recovery CERT-In Work Process 5

  6. International Security Cooperation and Collaboration • International Cooperation • Member of FIRST • Member of APCERT • Research Partner of APWG • Bilateral MoUs with JPCERT; NCSC,Korea;KrCERT(proposed) • National Computer Board (NCB), Mauritius • Members of CERT-In visited Mauritius for setting up of CERT-MU in Mauritius • Provided training on CERT operations to technical staff of CERT-Mauritius • CERT-MU has been operationalised and launched in May 2008 6

  7. International Security Cooperation and Collaboration contd.. • Collaboration with international security organizations and CERTs to facilitate exchange of information related to latest threats and international best practices • Organized and hosted ARF Workshop on “Cyber Security” in New Delhi during 6th – 8th September 2006 • 20 ARF countries and representatives of ASEAN Secretariat and private sectors participated in the workshop – 58 delegates • Organized Workshop on “Information Systems Security for System Administrators” of ASEAN countries, 28-30 August 2006, Manesar, India • 21 System administrators attended the workshop • Provided Hand-on practical training during the workshop • Participated along with other International CERTs in resolving Estonia Govt. Website attack.

  8. Focus of CERT-In activities • CERT-In as a National ‘watch and warning’ system primarily focuses on the following: • Monitoring the cyber space for timely forecasts, alerts & advice on cyber security incidents • Coordination of cyber security crisis management & emergency response actions across all sectors in the country • Focal point for collection, analysis, dissemination and sharing of information on cyber security issues and incidents • Security policy compliance and enforcement within Govt. and Critical sectors • Capacity building in terms of manpower, skills, facilities, tools and techniques • Cyber security surveys, guidelines, standards and white papers 8

  9. International Cyber Security Drill Joint International Incident Handling Coordination Drill • Participated in APCERT InternationalIncident Handling Drill 2006 • Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs • Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack • Participated in APCERT International Incident Handling Drill 2007 • Participants: 13 APCERT Members + Korean ISPs • Scenario: DDoS and Malicious Code Injection • Participated in APCERT International Incident Handling Drill 2008 & 2009 • Participants: 13 APCERT Members • Scenario: Dealing with Underground Economy & Malware propagation 9

  10. Thank you 10

More Related