[Bp_certs] CERT/CSISRT toolbox
El Yassem, T (Tarik)
Tarik.El.Yassem at rabobank.com
Thu Jul 24 04:57:03 EDT 2014
Hi all,
Great discussions so far, I'd like to hear your thoughts and experiences with regards to the specific tools we need to be effective as a CERT/CSIRT.
I have found that tools are essential in order to be effective and make a difference. However, in many organisations the CERT/CSIRT is just a tiny group of people with not that much influence and usually viewed as an odd bunch that wants to do things differently.
What I have seen in quite some places is that the CERT/CSIRT spends a lot of effort in the struggle to get even the most basic tools running because the IT department is not supporting it, or 'already have a (helpdesk) ticketing system'. But CERT/CSIRTs need to use more specific tools such as OTRS or RTIR or other tools that need to integrate with a production environment. Much of the tools we need are not suited for enterprise environements, and making the case for IT to allow the use of them is hard once things are not packaged, maintained, documented etc.
When people are establishing the CERT/CSIRT they often think that tools are something that are details to be decided on once a CERT/CSIRT has been established. I think it would be helpful for a CERT/CSIRT to adress this issue during the creation of it.
What are your experiences with this and do you have any thoughts how we could improve on that as a community?
Greetings,
Tarik El Yassem, MSc
Senior Security Intelligence Analyst
Global Security Operations Centre
Rabobank International
E: tarik.el.yassem at rabobank.com
T: +31 (0)30 71 22673
M: +31 (0)61 93 03884
A: Europalaan 44, 3526 KS Utrecht
--------------------------------------------------------------------------------
This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing.
--------------------------------------------------------------------------------
More information about the Bp_certs
mailing list