Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A...
Transcript of Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A...
![Page 1: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/1.jpg)
Stakeholders Analysis
![Page 2: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/2.jpg)
2
National
CIRT
ISP
sectoral CSIRTs
citizens
Media
ONG, Public
And Private
Institutions
CNIIP
Law
enforcement
Academia
2
IntroductionNational Stakeholders
![Page 3: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/3.jpg)
3
CIRT
A specialized entity for incident and emergency response, ensuring preventive and proactive services.
A CIRT is acting at a national level to secure the cyberspace, and assist home users to handle incidents and to protect their assets.
ISP
Providing all internet related services, including Security. The first Point of Contact for their customer in case of incident.
A trusted Point of Contact for national and international cyberspace stakeholders
Well-positioned to contribute improve cybersecurity
A trusted Point of Contact for their customers
![Page 4: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/4.jpg)
Incident response coordination
4
Web defacement
DDoSMassive malware infection
PhishingMassive
vulnerability exploitation
Data leakage
SpammingMassive
Identity theftMassive scan
![Page 5: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/5.jpg)
Introduction
5
We are all facing the same problems
We need to collaborate
National CIRT are the key player and the key
coordinator
National CIRT should be integrated in their
ecosystem
![Page 6: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/6.jpg)
IntroductionYou can build thebest national CIRT,but without thiscollaboration it willbe useless
By default, there isno collaboration
CIRT should define their own strategies
to approach ISPs and to convince
them to collaborate
ISP must collaboratewith national CIRTs
6
![Page 7: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/7.jpg)
7
How to get ISPs involved?What CIRTs need to do?
![Page 8: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/8.jpg)
Select carefully your target
• Identify the key stakeholders and focus all your efforts on them (the biggest, the most critical, the most targeted, the easiest, etc.)
• Others will follow,
• There will be some good and positive partners and there will be others considering themselves as better than you,
• For those who will resist, just wait for some critical incidents and they will come.
8
11
![Page 9: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/9.jpg)
Show your expertise: you are the expert
• ISPs must consider the CIRT as an expert and focused team ready to help them to respond to their incidents,
• CIRT must spend all their efforts to develop their technical skills and to get ready to any kind of incident while ISP cannot afford this investment,
• ISP will trust this technical expertise and will start to rely on CIRT,
• To show the expertise: workshop, site visit, labs, success stories, procedures, etc.
9
22
![Page 10: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/10.jpg)
Help ISPs to respond to their incidents
• If needed send them a team on site,
• Offer them a premium 24/7 service,
• Provide a dedicated incident reporting (online ticketing systems, dedicated email, etc.)
10
33
![Page 11: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/11.jpg)
Help them to detect their incidents
• Run a dedicated monitoring and threat intelligence,
• Alert them in case of attacks: web defacement on their customers websites, infected users, phishing, etc.
• Help them to deploy monitoring systems:- IDS,
- Honeynet,
- DNS sinkhole,
- Netflow,
11
44
![Page 12: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/12.jpg)
Share information
Gather information coming from:- Public sources,
- Other CIRTs,
- Other Honeynet,
• Share information about current threats: - vulnerabilities,
- exploits on the wild,
- Malware infection,
- Cyber-threats
- Detected attacks (Web defacement, Malware infection, Spam, DoS/DDoS, Phishing, etc.)
12
55Better to give
than ask
![Page 13: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/13.jpg)
Offer free assistance
• Security assessment after incident closure,
• Assistance to secure and implement recommendations and best practices,
• Help them to deploy security solutions (Firewall, IDS, WAF, VPN, etc.) mainly from open source,
• Help them to develop cybersecurity awareness program for their staff and for their customers.
13
66
![Page 14: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/14.jpg)
Train and do cyber exercices
• Train them on incident response,
• Train them on coordination procedures,
• Organize periodic cyber exercises/ Cyber drill,
• During incident response ask your team to explain and to do some transfer of competence,
• Share your experience with them.
14
77
![Page 15: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/15.jpg)
Ensure a continuous communication
• Make sure that you have a good communication with ISPs especially during emergencies,
• Maintain efficient communication channels between teams: email and phone mainly,
• Hold a meeting with top management and periodic ones with technical teams, do technical workshops/forum, etc.
15
88
![Page 16: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/16.jpg)
Show your engagement to secure their data
• Insist on applying security controls like:• Email encryption,
• Securing your network,
• Physical security,
• Data destruction,
• Etc.
• Make sure they are informed about your security policy and recommend them to adopt similar controls.
16
99
![Page 17: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/17.jpg)
You are the trusted Point of Contact
• Develop your international collaboration network and inform them that you are the main Point-of-Contact with foreign entities,
• As a trusted PoC you can easily help them to solve their issues: incident, blacklisting, etc.
• Being member of AfricaCIRT, FIRST, OIC-CIRT, etc. can help to achieve it.
17
1010
![Page 18: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/18.jpg)
What to avoid?
• Don‘t report incident to their top management,
• Don’t ask them to spend q lot of money,
• Don’t be pretentious,
• Don’t tell them you are mandated by law and the should comply,
• Don’t be late in case of emergencies.
18
![Page 19: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/19.jpg)
19
Academia
ONG, Public And Private Institutions
Law enforcement
Sectoral CSIRTs
citizens
Media
CNIIP
![Page 20: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/20.jpg)
20
Build a Trusted and A win-win Relationship
Build a Trusted and A win-win Relationship
![Page 21: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/21.jpg)
21
Global Initiatives
![Page 22: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/22.jpg)
22
Regional Initiatives
![Page 23: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/23.jpg)
23
International Telecommunication Union
The organization of Trainings and Workshops
Conduction a Regional and National Cyberdrills ( 16 Cyberdrill)
Assistance to their member states in the establishment and the improvement of their National CIRT (65 National CIRT Assessment , 14 National CIRT designed and established )
Development Training Materials , Guidelines and Best Practices
Development of common standards (X.1500 : cybersecurity information exchange techniques)
Development of CIRT Tools
![Page 24: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/24.jpg)
24
FIRST is a premier organization and recognized global leader in incident response
Annual FIRST Conference on Computer Security Incident Handling
The organization of Trainings and Workshops (FIRST Symposia , FIRST Technical Colloquia)
Development Training Materials , Guidelines and Best Practices
Development of common standards
Development of CIRT Tools (CIRT in a BOX).
Research & development activities
Forum for Incident and Security Response Team
![Page 25: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/25.jpg)
25
The organization of Trainings and Workshops.
The Annual Technical Meeting for CSIRTs with National Responsibility
Development Training Materials , Guidelines and Best Practices
Research & development activities
CIRT/CC
![Page 26: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/26.jpg)
26
Act as accreditation body for the CSIRT
Development of training materials (TRANSITS I and TRANSITS II)
Research & development activities (SIM3 : Security Incident Management Maturity Model)
TF-CSIRT and TERENA
![Page 27: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/27.jpg)
27
Global Forum for Cyber Expertise
CSIRT Maturity Initiative
Help emerging and existing CSIRTS to increase their maturity level
ITU
Microsoft
OAS
The Netherland
![Page 28: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/28.jpg)
28
The organization of Trainings and Workshops
Conduction a Regional Cyber Exercises
Assistance to their member states in the implementation of a CSIRT
Development Training Materials , Guidelines and Best Practices
Regional Organizations
![Page 29: Stakeholders Analysis - ITU · stakeholders Well-positioned to contribute improve cybersecurity A trusted Point of Contact for their customers. Incident response coordination 4 Web](https://reader034.fdocuments.us/reader034/viewer/2022043022/5f3da1825ce1bc36183f26c2/html5/thumbnails/29.jpg)
29