Dec 24, 2015
Session 4.2 Creation of national ICT security infrastructure for developing countries
Industry-wide approach:
Raising awareness for ICT security infrastructure
Miho NaganumaLittle eArth Corporation
Rapporteur Q3/17Information Security Operators Group Japan (ISOG-J)
2Addressing security challenges on a global scale Geneva, 6-7 December 2010
Issues in Cybersecurity
Together with rapid growth of economies, multi-rateral business relations are expanding and connected. Meanwhile, it also raises issues for the necessity of secure network infrastructures with sophisticated cybersecurity services.
3Geneva, 6-7 December 2010 Addressing security challenges on a global scale
We are facing an urgent crisis in a continuing effort to raise awareness of cybersecurity incident response planning against DDoS attacks, targeted
attacks including Advanced Persistent Threat (APT) attacks with practice-based information
fast development of technologies for countermeasures
Issues in Cybersecurity (cont.)
Key issue : Information exchange Cybersecurity information exchange and technical
collaboration Wide range of collaboration – International,
regional, national level and industry level
4Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Developing international recommendation/ standards in Cybersecurity and information exchange
industry-wide/unique collaborationby Managed Security Service Providers
Information Security Operators Group Japan
5Geneva, 6-7 December 2010 Addressing security challenges on a global scale
1. Support for industrya. Providing guideline for
service usersb. Research for related
legal, regulatory requirements
2 . Communicationsa. Technical exchange
and updateb. workshop and
seminar
Building trust in the community and enhance
active collaborationhttp://www.jnsa.org/isog-j/e/
Organisation
6Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Active involvement of related parties
Government support
New WG:Security Operation Information sharing
and collaboration
Members organisations
Security Operation information sharing and collaboration WG
Seeking “effective” information sharing and collaboration by Providing information and analysis methodologies Review actions with management view Support actions with research view Involving SOC Operators/Analyst, specialist for process management etc.
Information transmission enjoying the nature of neutrality Consideration on the requirements for cybersecurity operation collaboration Obstacles toward the collaboration Criteria of collaborating operations / sharing information Actions to conquer the obstacles
8Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Obstacles for information sharing
Differences between free-of-charge information and charged oneDifferences between contracted users and non-contracted onesDisadvantageous to offer information first?Difficulties to provide information even if the information is wantedDifficulties to acquire information due to separation of operational unit
9Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Case 1
Failed to re-utilise the collected information Failed to find the reason to share the information Lack of sense of purpose to continue the sharing Trap of money as a purpose
the information sharing will be terminated when the monetary relationship terminated
Failed to invoke any meaningful actions after gaining some information from the logs of the other companies Value of Information possess
10Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Case 2
Collaboration based on personal relationship disappears when the person moves to the other place The information sharing is difficult if the boss/supervisor is
not supportive to the activities It is difficult to advance the collaboration actively if we
cannot get any useful feedback for our customers When the person in charge move to different department,
the hand-over procedure is not good enough If sharing information itself becomes the objective, the
motivation of the operators at field will drop
11Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Other obstacles
Different view of Technologies, and operations among organizations best to start from information sharing collaboration will be next step
Internal relations vs External relationsReluctant feeling to share information in Security-industryQuestion what kind of information we want to shareSupport from management level and department heads. How does the information sharing and collaboration lead to the profit
of the company? Merit for each organization need to be considered
12Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Advantage of information sharing in ISOG-J
Members can issue incident information with the name of ISOG-J use both individual company name and ISOG-J name when
disclosing information depending on the situation share the practices of certain incidents among members share some trend information or some notes on that instead of
cybersecurity information itself
By disclosing information periodically from ISOG-J such information becomes a reference sourceFrom the viewpoint of education, it is beneficial to analyze detection information over certain network collaboratively is a good first step
13Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Candidate solutions1. Issuing threat analysis document for management
figures Information on what kind of threats against IT system we have,
and what kind of business continuity risk they pose
2. Starting with sharing statistical information on logs of IDS/IPS, NW appliances, servers etc.
Objective of sharing information and collaboration Policy of the data handling Manipulate the log so that sensitive information can be hidden
(such as user name) Log information sharing scheme Standard log format With considering how we can take best advantage of the log
data of each company14Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Candidate solutions
3. Quantative information of incidents that are detected
Gather incident information collected by SOCs Member organisations get access to the information
4. Sharing Meta information instead of raw data Sensitive information including threads information
that is difficult to be disclosed can be shared General information can be shared to customers
15Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Highlights for raising awareness
Industry–wide approach Involving related parties for ICT infrastructure
security (Gov, Gov. agencies, CIRT, ISP, MSSP, Security Vendors etc.)
“Neutral” organisation/association
Communication in industries Encourage bottom-up approach Analyse obstacles and make feasible scenarios and
candidate solutions Communication as education
16Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Contact: [email protected]
17Addressing security challenges on a global scale Geneva, 6-7 December 2010
Thank you
www.jnsa.org/isog-j/en