1 / 10

August 1999

Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation. e-mail: mfinley2@csc.com. August 1999. Why do you need a CERT. Security Breaches Employee access abuse Unauthorized access by outsiders Leak of proprietary data Theft/destruction of computing resources

sbaer
Télécharger la présentation

August 1999

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mr. Mike Finley, CISSP • Senior Security Engineer • Computer Science Corporation e-mail: mfinley2@csc.com August 1999

  2. Why do you need a CERT Security Breaches Employee access abuse Unauthorized access by outsiders Leak of proprietary data Theft/destruction of computing resources Viruses Access abuse by nonemployee authorized users

  3. Building a response team Senior Management Support Right mix of people with right skill sets Intrusion-Detection Systems Work area Training SW/HW new technologies Funding

  4. Building a response team Establish Policies and Procedures Have a Concept of Operations Internal / External Coordination Be Flexible Establish Trust Know your users/customers Know your limits

  5. Building a response team Test your response procedures against critical business functions Do you have proper plans in place Personnel notification plan Disaster recovery plan Contingency plan Processing agreement plan

  6. Typical CERT duties Monitor, audit, and test systems and networks for possible security problems Provide investigation, coordination, reporting, and follow up of network security incidents Test and install security infrastructure to tools Test and install patches and fixes for security vulnerabilities in vendor software Stay current on security technology Advocate corporate computer security policy

  7. Incident response Determine the nature and scope of the incident Contact key management personnel Solve problem and get system back to normal operations Execute nontechnical actions Learn from the incident

  8. Where can you go for help Incident response centers CERT coordination center (www.cert.org) Computer Incident Advisory Capability CIAC (www.ciac.llnl.gov) Forum of Incident Response and Security Teams FIRST (www.first.org)

  9. Security Web Sites www.cs.purdue.edu/coast www.securityportal.com www.itpolicy.gsa.gov www.java.sun.com/security www.icsa.net www.ers.ibm.com

  10. Security mailing list Best-of Security-request@cyber.com.au Cert-advisory-request@cert.org Coast security archive Coast-request@cs.purdue.edu The risk forum- majordomo@csl.sri.com Intrusion detection-majordomo@uow.edu NT Bugtraq- listserv.ntbugtraq.com

More Related