Upload
segughana
View
839
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
ENISA & The CERT Community
Steve Purser
Head of Technical Competence Department
17 June 2010
Who are we?
The European Network & Information Security Agency (ENISA) was formed in 2004.
The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security.
We facilitate the exchange of information between EU institutions, the public sector and the private sector.
Activities
The Agency’s principal activities are as follows:
Advising and assisting the Commission and the Member States on information security.
Collecting and analysing data on security practices in Europe and emerging risks.
Promoting risk assessment and risk management methods.
Awareness-raising and co-operation between different actors in the information security field.
CERT is an acronym for Computer Emergency Response Team.
ENISA supports the Member States and other stakeholders to establish and operate CERTs by:
Providing help with the establishment of new CERTs.
Identifying good practice on how to operate CERTs.
Supporting training and exercises.
Recommending a set of “baseline capabilities” for national / governmental CERTs.
See : https://www.enisa.europa.eu/act/cert/
Supporting The CERT Community
National / governmental CERTs are of particular interest to ENISA due to their link with policy makers.
These CERTs play a major role in protection of CIIP in the Member States.
The EC CIIP Communication, states that a “well functioning” national / governmental CERT in each Member State is mandatory”.
National / Governmental CERTs
National / Government CSIRTs in Europe 2005
National / Government CSIRTs in Europe spring 2010
FinlandFranceGermanyHungaryThe NetherlandsNorwaySwedenUK
PLANNED:Czech RepublicCyprusIcelandIrelandGreeceLuxembourgPolandPortugalSlovakia
Outside EU:Most formerSovietRepublicsSouth Africa
Evolution (1)
PLUS:AustriaBelgiumBulgariaEstoniaItalyLatviaLithuaniaSpain
The number of national / governmental CERTs is growing, but still there are gaps.
Capabilities of national / governmental CERTs still vary a lot among the Member States.
Cross-border cooperation among teams exists, but can be improved.
The level of responsibility and number of tasks assigned to CERTs is increasing.
http://www.enisa.europa.eu/act/cert/background/inv
Evolution (2)
WARPs
WARP is an acronym for Warning, Advice and Reporting Point.
Main role is to facilitate the exchange of security related information within the community.
ENISA believes that WARPs are an excellent alternative to CERTs for small, trusted communities of users with similar levels of expertise.
ENISA featured the WARP model in the European Information Sharing and Alert System Feasibility study (EISAS).
ENISA helps CERTs to enhance their capabilities by developing good practice guides.
Examples include:
Setting-up and operating CERTs
Training, exercising and piloting of projects
Basic services like incident handling
Enhancing cross-border cooperation
Good Practice Guides
2005: Stocktaking
2006: Setting up & Cooperation
2007: Support OperationQuality Assurance
2008: CERT Exercises
2010:CERT Baseline Capabilities
[…]
2009:CERT Exercises Pilots
Work To Date
11
Step-by-step description on how to establish a CERT.
Overall strategy for planning and setting up a CERT.
Developing the Business Plan.
Promoting the Business Plan.
Examples of operational and technical procedures (workflows).
CERT training.
Exercise: Producing an advisory.
Project Plan.
Example: CERT Establishment
A students version …
… a teachers version …
… plus Live-DVDs …
… EXERCISE! Based on “real” life examples!
Example: CERT Exercise material
Example: CERT exercise pilots
Questions?