SlideShare a Scribd company logo

Meletis Belsis -CSIRTs

Download as PPT, PDF
Meletis Belsis MPhil/MRes/BSc
Meletis Belsis MPhil/MRes/BSc

This document proposes a system to improve how Computer Security Incident Response Teams (CSIRTs) store and share security incident data. Currently, CSIRTs use various data structures and methods to record incident details, limiting collaboration. The authors propose a system using CORBA that allows incident data to be stored in a central database and accessed securely via a web interface or standalone application. This would facilitate information sharing between CSIRTs and give users different views of the data based on their roles. A natural language interface is also suggested to allow complex queries without technical expertise. The system aims to address current problems around incident data management and access.

Related slideshows

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
1 of 14
A Computer SecurityA Computer Security Incident Response Team’sIncident Response Team’s Support SystemSupport System Meletis A. Belsis, Anthony N. Godwin, Leon SmalovMeletis A. Belsis, Anthony N. Godwin, Leon Smalov Coventry University, 2002Coventry University, 2002
Computer Crime and CSIRTsComputer Crime and CSIRTs  Today computer crime is on the rise. Adversaries attackToday computer crime is on the rise. Adversaries attack corporate systems daily.corporate systems daily.  To provide adequate security support, Computer SecurityTo provide adequate security support, Computer Security Incident Response Teams (CSIRT) have been assembled.Incident Response Teams (CSIRT) have been assembled.  Their job is to gather and organize information coming fromTheir job is to gather and organize information coming from security incidents.security incidents.  Along with that CSIRTs provide security advice and help toAlong with that CSIRTs provide security advice and help to identify the perpetrators.identify the perpetrators.  The Security Incident information is used to statistically analyzeThe Security Incident information is used to statistically analyze computer crime, to assist enterprises in protecting themselvescomputer crime, to assist enterprises in protecting themselves against knownagainst known security holessecurity holes and for educational purposes.and for educational purposes.
CSIRTsCSIRTs  Currently there are a number of CSIRT teams. Examples of suchCurrently there are a number of CSIRT teams. Examples of such include CERT/CC, CIAC and also theinclude CERT/CC, CIAC and also the CERIAS LaboratoryCERIAS Laboratory..  Each one of these is using their own techniques, tools, policiesEach one of these is using their own techniques, tools, policies and provide a number of different functions to its registeredand provide a number of different functions to its registered users.users.  Currently large scale enterprises try to develop their own internalCurrently large scale enterprises try to develop their own internal CSIRT to handle incidents that take place within the corporateCSIRT to handle incidents that take place within the corporate IT infrastructures.IT infrastructures.  Building a CSIRT includes providing solution to a number ofBuilding a CSIRT includes providing solution to a number of managerial and technical problems. Two of the technicalmanagerial and technical problems. Two of the technical problems are:problems are:  the type and structure of data that need to storedthe type and structure of data that need to stored  the way this data is going to be gathered and accessedthe way this data is going to be gathered and accessed
Current Incident Data StructuresCurrent Incident Data Structures  Every CSIRT is using their own data structures to store details ofEvery CSIRT is using their own data structures to store details of the security breaches that have taken place.the security breaches that have taken place.  Generally these are concentrated in storing technical details thatGenerally these are concentrated in storing technical details that an incident includes. The technical details of an attack are usefulan incident includes. The technical details of an attack are useful to the technical expertise but are far from useful to corporateto the technical expertise but are far from useful to corporate managers.managers.  The last few years new trends in hacking has sought forThe last few years new trends in hacking has sought for collaboration between the CSIRTs.collaboration between the CSIRTs.  CSIRTs from around the world need to collaborate and compareCSIRTs from around the world need to collaborate and compare their information in order to trace attacks that take place in atheir information in order to trace attacks that take place in a number of system simultaneously.number of system simultaneously.

Recommended for you

Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competency

The document discusses the skills and competencies needed for an effective cyber security incident response team. It outlines both personal skills like communication, problem solving, and stress management as well as technical skills in areas like security principles, network protocols, intrusion analysis, and incident handling. The document also maps out certifications from various organizations that correspond to different career levels and security specializations, from basic security knowledge and foundation skills to more advanced intrusion analysis, penetration testing, and risk management roles. Effectively building a skilled incident response team requires considering both personal competencies and technical qualifications.

 
by Didik Partono Rudiarto
csirt security
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice

From #CTISUMMIT. More info here: https://dragos.com/blog/industry-news/meet-me-in-the-middle-threat-indications-and-warning-in-principle-and-practice/ Video here: https://youtu.be/79RdB3aj2vA Discussions on threat intelligence often get bogged down between “machine speed” ingestion of atomic indicators and in-depth analysis of activity taking weeks (or months) to produce. Left in the cold in such debates is a very important but seldom considered middle ground: time-sensitive and incomplete but enriched threat intelligence. In the U.S. Navy and similar services, this is referred to as threat “indications and warning” (I&W) – a step beyond a simple observable refined to ensure accuracy and timely receipt. The goal of I&W is to get actionable, important information to those in need of it most as quickly, efficiently, and accurately as possible, even if as a result some context or other insights are lost. As a result of this activity, consumers are better armed and equipped to deal with and counter threats as they emerge, rather than either reacting to items with no context whatsoever or only reading about their challenges weeks after the fact in a complete intelligence report. This discussion explores the concept of threat I&W within the context of network security generally and threat intelligence specifically to identify this topic as a shamefully ignored middle ground between extremes. The presentation explores the conceptual background behind this idea, then transition to real-life examples of I&W drawn from the speaker’s past activity in threat intelligence, incident response, and military operations.

 
by Dragos, Inc.
cyber threat intelligencecybersecuritydragos
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology

Shawn Riley presented on the science of security and cyber intelligence analysis. He discussed analyzing the cyber attack lifecycle using the cyber ecosystem model, which views cybersecurity as an interacting system of people, processes, and technology. Riley's threat intelligence method uses the OODA loop to observe attacks, orient on threat actors, decide on indicators, and act by disseminating intelligence reports. His active defense method applies the PDCA cycle to plan defenses based on intelligence, implement countermeasures, check their effectiveness, and provide feedback to improve security over time.

 
by Shawn Riley
sosactive defensecybersecurity
Current Incident Data StructuresCurrent Incident Data Structures  Based on the current incident data structures automaticBased on the current incident data structures automatic collaboration is impossible.collaboration is impossible.  This collaboration is currently taking place using telephones orThis collaboration is currently taking place using telephones or emails which is a slow process.emails which is a slow process.  A couple of solutions that proposed a common structure are stillA couple of solutions that proposed a common structure are still in a research stage.in a research stage.  Examples of such are theExamples of such are the European proposal, ProjectEuropean proposal, Project S2003S2003 andand thethe Incident Object Description and Exchange FormatIncident Object Description and Exchange Format (IODEF(IODEF).).  The authors of this paper have presented their own views in aThe authors of this paper have presented their own views in a paper presented at the IFIP/Sec 2002 conference in Cairo.paper presented at the IFIP/Sec 2002 conference in Cairo.
Reporting Security IncidentsReporting Security Incidents  The way that incident are reported and accessed isThe way that incident are reported and accessed is essential.essential.  Current CSIRTs use off line mediums or the WEB toCurrent CSIRTs use off line mediums or the WEB to allow for new incidents to be stored and/or to allowallow for new incidents to be stored and/or to allow individuals to access this data.individuals to access this data.  The off line mediums are quite insufficient and makeThe off line mediums are quite insufficient and make the technical experts uncomfortable.the technical experts uncomfortable.  Managing the security of the incident dataManaging the security of the incident data (Confidentiality, Integrity and Availability (CIA)) when(Confidentiality, Integrity and Availability (CIA)) when accessed with the previous method is difficultaccessed with the previous method is difficult
Limitations of the WEBLimitations of the WEB  The WEB is insecure. CSIRT can provide only a fraction of theThe WEB is insecure. CSIRT can provide only a fraction of the actual information stored for every incident.actual information stored for every incident.  The queries used to search the DB are predetermined. There isThe queries used to search the DB are predetermined. There is no spaceno space for smart queries (i.e. Show all incidents that had as targetfor smart queries (i.e. Show all incidents that had as target an Apache Server).an Apache Server).  Users depending on their role need to see different types ofUsers depending on their role need to see different types of incident data. E.g. Security experts need to know the protocolsincident data. E.g. Security experts need to know the protocols that were used to attack a system. Managers need to know thethat were used to attack a system. Managers need to know the time it took to recuperate from the attack.time it took to recuperate from the attack.  Current interfaces do not allow the development of data views.Current interfaces do not allow the development of data views.
The CORBA approachThe CORBA approach  CORBA has widelyCORBA has widely proposed and used toproposed and used to access databases.access databases.  CORBA allows accessCORBA allows access from both standalonefrom both standalone applications and webapplications and web based ones.based ones.  CORBA provides aCORBA provides a number of securitynumber of security objects that are adequateobjects that are adequate to fulfill the CIA Model.to fulfill the CIA Model. Client Object Server Object Object Request Broker (ORB) Dynamic Invocation Interface (DII) Interface Definition Language (IDL) Object Adapter (OA) IDL Skeleton Dynamic Skeleton Interface CORBA SERVICES : LifeCycle , Naming, Persistence, Security e.t.c. CORBA FACILITIES : User Interface, Health Care, Financial e.t.c. Operation + Arguments Operation Result + Arguments

Recommended for you

The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019

The document discusses the state of threat detection in 2018 and plans for improving threat detection and hunting in 2019. Some key points: - Email still delivers most malware while file-less attacks that evade prevention are rising. Cyber attacks are the top concern for many businesses. - Only 28% of respondents felt preventive defenses were highly effective against targeted attacks. Just 21% believed post-breach detection was highly effective. - Common pain points included insufficient resources, lack of automation for incident response, and alert overload. - Threat hunting involves proactive searching across systems based on expert hypotheses, unlike typical detection techniques. Many organizations do not threat hunt due to lack of time, skills or visibility. - To

 
by Fidelis Cybersecurity
threat detectionnetworknetwork security
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges

Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/

 
by Cybersecurity Education and Research Centre
cybersecuritythreatvulnerabilities
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory

The novel coronavirus (COVID-19) has changed the way human think and live. COVID-19 has forced people to embrace new practices such as social distancing and remote working.

 
by CR Group
cyberroot risk advisory
Our proposalOur proposal  The new system allows access to the incident DB from both aThe new system allows access to the incident DB from both a Web based interface and a standalone application.Web based interface and a standalone application.  Using this we can connect the main security managementUsing this we can connect the main security management console that companies have, to a security incident DB anywhereconsole that companies have, to a security incident DB anywhere in the world.in the world.  The registration of incidents could be carried out usingThe registration of incidents could be carried out using automated processes by the security software that detects them.automated processes by the security software that detects them.  In addition to this security experts can use the managementIn addition to this security experts can use the management console to access their company’s private security incidentconsole to access their company’s private security incident records and perform statistical analysis.records and perform statistical analysis.
Our ProposalOur Proposal  A Natural Language InterfaceA Natural Language Interface to DB (NLIDB) is used.to DB (NLIDB) is used.  This allows to create realThis allows to create real time complex queries usingtime complex queries using plain English statements.plain English statements.  This allows inexperienceThis allows inexperience users to perform dynamicusers to perform dynamic searches to the DB.searches to the DB.  The NLIDB formats theThe NLIDB formats the results depending on the userresults depending on the user that is currently logged in. Sothat is currently logged in. So we do not overflow managerswe do not overflow managers with technical information orwith technical information or technical experts withtechnical experts with management informationmanagement information
Our ProposalOur Proposal  Using CORBA securityUsing CORBA security services we can protectservices we can protect incident data much moreincident data much more efficiently (i.e. createefficiently (i.e. create better authentication).better authentication).  CSIRT can provide newCSIRT can provide new services on demand.services on demand.
Our ProposalOur Proposal  By using CORBABy using CORBA CSIRTs can interoperateCSIRTs can interoperate more efficiently.more efficiently.  CSIRTs can exchangeCSIRTs can exchange incident informationincident information much easier.much easier.  The system can beThe system can be programmed to automateprogrammed to automate exchanges ofexchanges of information wheninformation when required.required.

Recommended for you

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain

This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.

 
by aletarw
dhspartnership for public service studydefinition of cyber security professional
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...

World Continuity Congress conference on 7th October 2015 at Pullman Putrajaya Lakeside by BCM Institute

 
by BCM Institute
risk assessmentstrenghtheningbusiness continuity
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...

APNIC Senior Security Specialist Adli Wahid presents on increasing cybersecurity preparedness for large-scale sporting events at the 2021 CNCERT International Partnership Conference, held online on 16 August 2021.

 
by APNIC
apnicrircyber security
ConclusionsConclusions  CSIRTs is one of the best weapons against computer crime.CSIRTs is one of the best weapons against computer crime.  Providing more efficient ways to access incident DBs will allowProviding more efficient ways to access incident DBs will allow to cut the incident response times to a minimum. This can beto cut the incident response times to a minimum. This can be translated into millions of pounds worth of savings.translated into millions of pounds worth of savings.  Interconnecting CSIRTs will create better statistical data,Interconnecting CSIRTs will create better statistical data, identifying new trends of hacking, and this information will alsoidentifying new trends of hacking, and this information will also be used by the authorities for arresting the criminals.be used by the authorities for arresting the criminals.  Future plans of this system will be to automate updates ofFuture plans of this system will be to automate updates of security breaches into security tools like intrusion detectionsecurity breaches into security tools like intrusion detection systems and firewalls that registered enterprises have.systems and firewalls that registered enterprises have.
In Correspondence:In Correspondence: Belsis A. MeletisBelsis A. Meletis DKERG, Coventry University,DKERG, Coventry University, Belsis@Coventry.ac.ukBelsis@Coventry.ac.uk www.mis.cov.ac.uk/Research/DKERG/DKERG.htmlwww.mis.cov.ac.uk/Research/DKERG/DKERG.html

More Related Content

What's hot

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Government Technology and Services Coalition
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
Conferencias FIST
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competency
Didik Partono Rudiarto
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Dragos, Inc.
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Shawn Riley
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
Fidelis Cybersecurity
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
Cybersecurity Education and Research Centre
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
CR Group
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
aletarw
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
BCM Institute
 
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
APNIC
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
FRSecure
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 

What's hot (20)

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competency
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 

Similar to Meletis Belsis -CSIRTs

Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
Happiest Minds Technologies
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
IJCSIS Research Publications
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
 
How to Audit
How to AuditHow to Audit
How to Audit
ayousif
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
Software Guru
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
Ivanti
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
DamaineFranklinMScBE
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
AlexisHarvey8
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
Chema Alonso
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
BATbern
 

Similar to Meletis Belsis -CSIRTs (20)

Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
How to Audit
How to AuditHow to Audit
How to Audit
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 

More from Meletis Belsis MPhil/MRes/BSc

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
Meletis Belsis MPhil/MRes/BSc
 

More from Meletis Belsis MPhil/MRes/BSc (7)

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
 

Recently uploaded

[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
Enterprise Wired
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
Toru Tamaki
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf
Sally Laouacheria
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
INDIAN AIR FORCE FIGHTER PLANES LIST.pdf
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfINDIAN AIR FORCE FIGHTER PLANES LIST.pdf
INDIAN AIR FORCE FIGHTER PLANES LIST.pdf
jackson110191
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
ScyllaDB
 
Measuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at TwitterMeasuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at Twitter
ScyllaDB
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
Stephanie Beckett
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 

Recently uploaded (20)

[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
INDIAN AIR FORCE FIGHTER PLANES LIST.pdf
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfINDIAN AIR FORCE FIGHTER PLANES LIST.pdf
INDIAN AIR FORCE FIGHTER PLANES LIST.pdf
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
 
Measuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at TwitterMeasuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at Twitter
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 
What's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptxWhat's New in Copilot for Microsoft365 May 2024.pptx
What's New in Copilot for Microsoft365 May 2024.pptx
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 

Meletis Belsis -CSIRTs

  • 1. A Computer SecurityA Computer Security Incident Response Team’sIncident Response Team’s Support SystemSupport System Meletis A. Belsis, Anthony N. Godwin, Leon SmalovMeletis A. Belsis, Anthony N. Godwin, Leon Smalov Coventry University, 2002Coventry University, 2002
  • 2. Computer Crime and CSIRTsComputer Crime and CSIRTs  Today computer crime is on the rise. Adversaries attackToday computer crime is on the rise. Adversaries attack corporate systems daily.corporate systems daily.  To provide adequate security support, Computer SecurityTo provide adequate security support, Computer Security Incident Response Teams (CSIRT) have been assembled.Incident Response Teams (CSIRT) have been assembled.  Their job is to gather and organize information coming fromTheir job is to gather and organize information coming from security incidents.security incidents.  Along with that CSIRTs provide security advice and help toAlong with that CSIRTs provide security advice and help to identify the perpetrators.identify the perpetrators.  The Security Incident information is used to statistically analyzeThe Security Incident information is used to statistically analyze computer crime, to assist enterprises in protecting themselvescomputer crime, to assist enterprises in protecting themselves against knownagainst known security holessecurity holes and for educational purposes.and for educational purposes.
  • 3. CSIRTsCSIRTs  Currently there are a number of CSIRT teams. Examples of suchCurrently there are a number of CSIRT teams. Examples of such include CERT/CC, CIAC and also theinclude CERT/CC, CIAC and also the CERIAS LaboratoryCERIAS Laboratory..  Each one of these is using their own techniques, tools, policiesEach one of these is using their own techniques, tools, policies and provide a number of different functions to its registeredand provide a number of different functions to its registered users.users.  Currently large scale enterprises try to develop their own internalCurrently large scale enterprises try to develop their own internal CSIRT to handle incidents that take place within the corporateCSIRT to handle incidents that take place within the corporate IT infrastructures.IT infrastructures.  Building a CSIRT includes providing solution to a number ofBuilding a CSIRT includes providing solution to a number of managerial and technical problems. Two of the technicalmanagerial and technical problems. Two of the technical problems are:problems are:  the type and structure of data that need to storedthe type and structure of data that need to stored  the way this data is going to be gathered and accessedthe way this data is going to be gathered and accessed
  • 4. Current Incident Data StructuresCurrent Incident Data Structures  Every CSIRT is using their own data structures to store details ofEvery CSIRT is using their own data structures to store details of the security breaches that have taken place.the security breaches that have taken place.  Generally these are concentrated in storing technical details thatGenerally these are concentrated in storing technical details that an incident includes. The technical details of an attack are usefulan incident includes. The technical details of an attack are useful to the technical expertise but are far from useful to corporateto the technical expertise but are far from useful to corporate managers.managers.  The last few years new trends in hacking has sought forThe last few years new trends in hacking has sought for collaboration between the CSIRTs.collaboration between the CSIRTs.  CSIRTs from around the world need to collaborate and compareCSIRTs from around the world need to collaborate and compare their information in order to trace attacks that take place in atheir information in order to trace attacks that take place in a number of system simultaneously.number of system simultaneously.
  • 5. Current Incident Data StructuresCurrent Incident Data Structures  Based on the current incident data structures automaticBased on the current incident data structures automatic collaboration is impossible.collaboration is impossible.  This collaboration is currently taking place using telephones orThis collaboration is currently taking place using telephones or emails which is a slow process.emails which is a slow process.  A couple of solutions that proposed a common structure are stillA couple of solutions that proposed a common structure are still in a research stage.in a research stage.  Examples of such are theExamples of such are the European proposal, ProjectEuropean proposal, Project S2003S2003 andand thethe Incident Object Description and Exchange FormatIncident Object Description and Exchange Format (IODEF(IODEF).).  The authors of this paper have presented their own views in aThe authors of this paper have presented their own views in a paper presented at the IFIP/Sec 2002 conference in Cairo.paper presented at the IFIP/Sec 2002 conference in Cairo.
  • 6. Reporting Security IncidentsReporting Security Incidents  The way that incident are reported and accessed isThe way that incident are reported and accessed is essential.essential.  Current CSIRTs use off line mediums or the WEB toCurrent CSIRTs use off line mediums or the WEB to allow for new incidents to be stored and/or to allowallow for new incidents to be stored and/or to allow individuals to access this data.individuals to access this data.  The off line mediums are quite insufficient and makeThe off line mediums are quite insufficient and make the technical experts uncomfortable.the technical experts uncomfortable.  Managing the security of the incident dataManaging the security of the incident data (Confidentiality, Integrity and Availability (CIA)) when(Confidentiality, Integrity and Availability (CIA)) when accessed with the previous method is difficultaccessed with the previous method is difficult
  • 7. Limitations of the WEBLimitations of the WEB  The WEB is insecure. CSIRT can provide only a fraction of theThe WEB is insecure. CSIRT can provide only a fraction of the actual information stored for every incident.actual information stored for every incident.  The queries used to search the DB are predetermined. There isThe queries used to search the DB are predetermined. There is no spaceno space for smart queries (i.e. Show all incidents that had as targetfor smart queries (i.e. Show all incidents that had as target an Apache Server).an Apache Server).  Users depending on their role need to see different types ofUsers depending on their role need to see different types of incident data. E.g. Security experts need to know the protocolsincident data. E.g. Security experts need to know the protocols that were used to attack a system. Managers need to know thethat were used to attack a system. Managers need to know the time it took to recuperate from the attack.time it took to recuperate from the attack.  Current interfaces do not allow the development of data views.Current interfaces do not allow the development of data views.
  • 8. The CORBA approachThe CORBA approach  CORBA has widelyCORBA has widely proposed and used toproposed and used to access databases.access databases.  CORBA allows accessCORBA allows access from both standalonefrom both standalone applications and webapplications and web based ones.based ones.  CORBA provides aCORBA provides a number of securitynumber of security objects that are adequateobjects that are adequate to fulfill the CIA Model.to fulfill the CIA Model. Client Object Server Object Object Request Broker (ORB) Dynamic Invocation Interface (DII) Interface Definition Language (IDL) Object Adapter (OA) IDL Skeleton Dynamic Skeleton Interface CORBA SERVICES : LifeCycle , Naming, Persistence, Security e.t.c. CORBA FACILITIES : User Interface, Health Care, Financial e.t.c. Operation + Arguments Operation Result + Arguments
  • 9. Our proposalOur proposal  The new system allows access to the incident DB from both aThe new system allows access to the incident DB from both a Web based interface and a standalone application.Web based interface and a standalone application.  Using this we can connect the main security managementUsing this we can connect the main security management console that companies have, to a security incident DB anywhereconsole that companies have, to a security incident DB anywhere in the world.in the world.  The registration of incidents could be carried out usingThe registration of incidents could be carried out using automated processes by the security software that detects them.automated processes by the security software that detects them.  In addition to this security experts can use the managementIn addition to this security experts can use the management console to access their company’s private security incidentconsole to access their company’s private security incident records and perform statistical analysis.records and perform statistical analysis.
  • 10. Our ProposalOur Proposal  A Natural Language InterfaceA Natural Language Interface to DB (NLIDB) is used.to DB (NLIDB) is used.  This allows to create realThis allows to create real time complex queries usingtime complex queries using plain English statements.plain English statements.  This allows inexperienceThis allows inexperience users to perform dynamicusers to perform dynamic searches to the DB.searches to the DB.  The NLIDB formats theThe NLIDB formats the results depending on the userresults depending on the user that is currently logged in. Sothat is currently logged in. So we do not overflow managerswe do not overflow managers with technical information orwith technical information or technical experts withtechnical experts with management informationmanagement information
  • 11. Our ProposalOur Proposal  Using CORBA securityUsing CORBA security services we can protectservices we can protect incident data much moreincident data much more efficiently (i.e. createefficiently (i.e. create better authentication).better authentication).  CSIRT can provide newCSIRT can provide new services on demand.services on demand.
  • 12. Our ProposalOur Proposal  By using CORBABy using CORBA CSIRTs can interoperateCSIRTs can interoperate more efficiently.more efficiently.  CSIRTs can exchangeCSIRTs can exchange incident informationincident information much easier.much easier.  The system can beThe system can be programmed to automateprogrammed to automate exchanges ofexchanges of information wheninformation when required.required.
  • 13. ConclusionsConclusions  CSIRTs is one of the best weapons against computer crime.CSIRTs is one of the best weapons against computer crime.  Providing more efficient ways to access incident DBs will allowProviding more efficient ways to access incident DBs will allow to cut the incident response times to a minimum. This can beto cut the incident response times to a minimum. This can be translated into millions of pounds worth of savings.translated into millions of pounds worth of savings.  Interconnecting CSIRTs will create better statistical data,Interconnecting CSIRTs will create better statistical data, identifying new trends of hacking, and this information will alsoidentifying new trends of hacking, and this information will also be used by the authorities for arresting the criminals.be used by the authorities for arresting the criminals.  Future plans of this system will be to automate updates ofFuture plans of this system will be to automate updates of security breaches into security tools like intrusion detectionsecurity breaches into security tools like intrusion detection systems and firewalls that registered enterprises have.systems and firewalls that registered enterprises have.
  • 14. In Correspondence:In Correspondence: Belsis A. MeletisBelsis A. Meletis DKERG, Coventry University,DKERG, Coventry University, Belsis@Coventry.ac.ukBelsis@Coventry.ac.uk www.mis.cov.ac.uk/Research/DKERG/DKERG.htmlwww.mis.cov.ac.uk/Research/DKERG/DKERG.html