[Bp_certs] Private sector CSIRT/PSIRT teams

Shreedeep Rayamajhi weaker41 at gmail.com
Wed Jul 16 02:23:36 EDT 2014 

Hello to all

I am not an expert but one thing that really interested me was the concept
of how private sector is progressing in regards of developing new standard
and technology in terms of online security.

My name is shreedeep and i work in a software company that works as an
agent for outsourcing  where we do follow protocols at times of need. But
when it comes to the practice of government  online  security it is very
less prioritize in this part of the world, to be precise we use all the
latest technology and equipment but at national level there no mechanism to
counter such disaster. May be its because of the lack of online system
which is gradually picking up or may be we are not so much dependent on
online systems. No matter what with mobile phone and 3g connection
 popularly used I surely see a need of national online security protocol
but still the government is least bothered about it.

My concern about it is Nepal lies  in between China and India both
superpowers. India has its share of development  and China has its own,
Nepal in between  lacks proper online strategy  and mechanism and that
certain makes it vulnerable in stressing the situation. in the past
 national and government websites have been hacked but with no protocols to
follow it has landed up in awkward situation.


The next generation of power is all about online security and if there are
no strict mechanism then you certainly have to pay the price.

Like such Cyber Warfare & Cyber Terrorism are some of the burning issues
which threats the cyberspace and its operations


Research paper:
http://www.scribd.com/doc/24366844/Research-Paper-A-Synopsis-on-Cyber-Terrorism-and-Warfare-by-Shreedeep-Rayamajhi




Cheers to Life
Shreedeep Rayamajhi
00977-9841374547(Nepal)
00977-9851049683(Nepal)
00977-9813900099
http://en.wikipedia.org/wiki/Shreedeep_Rayamajhi_(activist)
https://www.linkedin.com/in/shreedeeprayamajhi
http://shreedeeprayamajhi.com.np/

+1(301)485-9395(US)
<http://www.rayznews.com/>

*DISCLAIMER:* This message is intended only for the recipient. If you are
not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.


Cheers to Life
Shreedeep Rayamajhi
00977-9841374547(Nepal)
00977-9851049683(Nepal)
00977-9813900099
http://en.wikipedia.org/wiki/Shreedeep_Rayamajhi_(activist)
https://www.linkedin.com/in/shreedeeprayamajhi
http://shreedeeprayamajhi.com.np/

+1(301)485-9395(US)
<http://www.rayznews.com/>

*DISCLAIMER:* This message is intended only for the recipient. If you are
not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.


On Wed, Jul 16, 2014 at 9:37 AM, Maarten Van Horenbeeck <maarten at first.org>
wrote:

> Hi everyone,
>
> I'd also like to thank you for participating in the IGF CERTs BPF.
>
> Following up to Cristine's point, I briefly wanted to cover another type
> of CSIRT team that contributes to internet security. There are CSIRT teams
> which have a more narrow constituency and because of that offer specialized
> contributions to internet security.
>
> A great example of these are private sector, enterprise incident response
> teams. Enterprise CSIRTs generally have as their constituency either the
> customers of an enterprise, or the employees and networks belonging to the
> enterprise.
>
> There are two important roles an enterprise CSIRT generally elects to take:
>
> (i) Product security (PSIRT): Enterprises which develop software or
> hardware products generally will have an incident response team for product
> security issues- investigating and addressing vulnerabilities or weaknesses
> in products which may be exploited and expose their customers to risk.
>
> (ii) Computer/Network security (CSIRT): Enterprises will often maintain an
> incident response team to respond to security breaches and incidents across
> their enterprise network.
>
> In addition, some enterprise CSIRT teams provide incident response
> services directly to customers of the enterprise. For instance, a
> corporation which provides IT services may also provide incident response
> services and develop a fully staffed and resourced incident response team
> to support its customers.
>
> While a national CSIRT will often take a coordinating role- and due to its
> prominence will be the team internet users internationally often reach out
> to in order to report an issue, many networks are privately owned, and
> actual incident handling, investigations and forensic efforts may need to
> be performed by the organization managing the network. This is often an
> enterprise CSIRT. National CSIRT teams can pass along reports to the
> enterprise CSIRT managing the network from which the attack originates
> either manually, through personal contacts, or through automated mechanisms
> (such as e-mail or more structured exchange mechanisms, driven using tools
> such as AbuseHelper or Megatron).
>
> In addition, most products are developed in the private sector. When a
> vulnerability is exploited in such product, the victim under attack may
> reach out to the corporation who built the exploited product, to notify
> them of the vulnerability and request a fix. In some cases, when a
> vulnerability affects many vendors, the victim may choose to report the
> vulnerability to a vulnerability coordinator instead, who coordinates
> addressing the issue. Many national CSIRT teams have a vulnerability
> coordination role (often, but not always, indicated by /CC at the end of
> the name, which stands for Coordination Center).
>
> In those cases, the vulnerability coordinator will work with any private
> sector product security response teams affected to ensure the vulnerability
> is addressed (CERT-FI's vulnerability coordination policy is a good
> example:
> https://www.viestintavirasto.fi/images/certfipdftiedostot/5md66C89r/CERT-FI_Vulnerability_Coordination_Policy.pdf
> ).
>
> Private sector CSIRT and PSIRT teams can also provide expertise in areas
> of deep specialization. National CSIRT teams, due to the size and
> heterogeneity of their constituency, have to support a wide set of
> technologies. They tend to specialize in a few services and skills most
> relevant to their constituency, and have wide coverage of technologies. In
> the private sector, teams can specialize in specific technologies they have
> unique knowledge of, as they build the technology or heavily rely on it
> internally. This makes that they may be uniquely placed to assist national
> CSIRT teams and the wider community in investigating an incident on a
> particular platform or application. Product security teams also often
> release advisories and bulletins notifying customers of new vulnerabilities
> that have been identified or fixed. National CSIRT's can take that
> information, and use it to advise their constituency accordingly on the
> risks involved, sometimes localizing (both in language or technology
> context) the information.
>
> These private sector teams often work with the community of CSIRT's by
> participating in the same forums many of the national CSIRT teams do. Two
> examples of this are FIRST, the Forum of Incident Response and Security
> Teams, and Trusted Introducer:
>
> http://www.first.org/members/teams
> https://www.trusted-introducer.org/directory/index.html
>
> There are also more integrated organizations which develop cross-company
> incident response plans for vulnerabilities which affect more than a single
> vendor. An example of such an organization is ICASI (
> http://www.icasi.org/projects#usirp) which developed a Unified Security
> Incident Response Plan (USIRP) for use across its member companies.
>
> Also of interest, there has recently been some work performed in the
> International Organization for Standardization (ISO) to develop guidelines
> on how to process and resolve vulnerability information in a product or
> service (ISO/IEC 30111:2013) and on methods vendors should use to address
> issues related to vulnerability disclosure (ISO/IEC 29147:2014).
>
> I'm interested in hearing from the civil society members of this forum- do
> you see similar teams developing in civil society? Do you work with
> national or private sector incident response teams?
>
> I look forward to continuing this discussion, and learning from everyone's
> experiences.
>
> Best regards,
> Maarten
>
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140716/4e9d5e64/attachment.htm>

More information about the Bp_certs mailing list