How to set up a CSIRT in an ITIL driven organization. Christian Proschinger Raiffeisen Informatik GmbH



Similar documents
ITIL's IT Service Lifecycle - The Five New Silos of IT

1 Why should monitoring and measuring be used when trying to improve services?

Course # 55011A. The ITIL Foundation Certificate in IT Service Management

How To Compare Itil To Togaf

Introduction: ITIL Version 3 and the ITIL Process Map V3

MODULE CURRICULUM DOCUMENT

Hong Kong Information Security Group TRAINING AGENDA

What s New In ITIL V3?

ITIL Service Lifecycle Stream

Complimentary Relationship Between ITIL and PMBOK

The ITIL Foundation Examination

Best Practice ITIL (Information Technology Infrastructure Library)

ITIL V3 Foundation Certification - Sample Exam 1

The ITIL Foundation Examination

John Kacmarynski TLG Learning. ITIL History Benefits of Implementing ITIL Integrated Service Lifecycle Approach and Processes

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

ITIL Foundation for IT Service Management 2011 Edition

EDUCORE ITIL FOUNDATION TRAINING

2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1

Storage Management Within the NEW ITIL Version 3 Context. Dr. D. Akira Robinson, IT Governance Management, Ltd. Dept of Navy

IT Organisation in Change

EXIN IT Service Management Foundation based on ISO/IEC 20000

ITIL v3 Service Manager Bridge

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Service Catalog. it s Managed Plan Service Catalog

Which statement about Emergency Change Advisory Board (ECAB) is CORRECT?

500 Creek View Road Newark, DE ITIL Foundation Training Business Case

Integrating Project Management and Service Management

ITIL V3 Sample Questions Page 1 of 15 Sample ITIL version 3 Foundation Examination. Instructions

The ITIL Foundation Examination

Determining Best Fit. for ITIL Implementations

The ITIL Foundation Examination Sample Paper A, version 5.1

Aligning CMMI & ITIL. Where Am I and Which Way Do I Go? cognence, inc.

ITIL: Foundation (Revision 1.6) Course Overview. Course Outline

The ITIL v.3 Foundation Examination

The ITIL v.3. Foundation Examination

ITIL Foundation Exam Study Guide

Definitive ITIL 2011 & 2007 Edition Process & Function Lists

The Swirl logo is a trade mark of the Cabinet Office ITIL is a registered trade mark of the Cabinet Office

Free ITIL v.3. Foundation. Exam Sample Paper 1. You have 1 hour to complete all 40 Questions. You must get 26 or more correct to pass

1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects

ISE Northeast Executive Forum and Awards

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Tutorial: Service Portfolio design for NGIs Terminology, concepts, practical guidance

ITIL 2011 Summary of Updates

The ITIL Foundation Examination

Foundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service

DoD CIO ITSM Overview Enterprise Architecture Conference

Free ITIL v.3. Foundation. Exam Sample Paper 3. You have 1 hour to complete all 40 Questions. You must get 26 or more correct to pass

The ITIL v.3 Foundation Examination

ITIL & The Service Oriented Approach. Vivek Shrivastava

Information Technology Infrastructure Library -ITIL. IT Governance CEN 667

ITIL glossary and abbreviations. English

The safer, easier way to help you pass any IT exams. ITIL Foundation v.3. Title : Version : Demo 1 / 5

The ITIL Foundation Examination

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

ITIL glossary and abbreviations. English

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

About this guide. 4 The syllabus requires knowledge of this topic This is material that may be of interest to the reader but is

Wl Welcome! ITIL 2011 Explained. Donna Knapp Curriculum Development Manager ITSM Academy. ITSM Academy

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

Roles & Grades Rate Cards and Applicable SFIA Skills

The ITIL Foundation Examination

Certified Information Security Manager (CISM)

WHITE PAPER December, 2008

ITIL V3 Application Support Volume 1

Service Offerings. Ensuring IT Resources are available, reliable, scalable & manageable always.

The Information Security Management System According ISO The Value for Services

IT Service Management (ITSM) & IT Infrastructure Library (ITIL) Overview

Frameworks for IT Management

Concepts Release Package

ITIL glossary and abbreviations. English

Problem Management Overview HDI Capital Area Chapter September 16, 2009 Hugo Mendoza, Column Technologies

The ITIL Foundation Examination

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

ITIL v3. Service Management

DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN. Version : 1.0 Date : April 2009 : Pink Elephant

Recent Advances in Automatic Control, Information and Communications

ITIL Foundation Certification Program 3 / 3.5 Days

ITIL. Lifecycle. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

EDUCORE ISO Expert Training

ITSM. Maturity Assessment

Control Costs with a 4-Speed SACM Transmission

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

Introduction. What is ITIL? Automation Centre. Tracker Suite and ITIL

White Paper: AlfaPeople ITSM This whitepaper discusses how ITIL 3.0 can benefit your business.

Service Management. A framework for providing worlds class IT services

ITIL: Release, Control & Validation (RCV) (Revision 1.6)

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More

The Official ITIL v3 Foundation Study Aid Glossary of Terms and Definitions

Integrating CMMI & ITIL: An Outsourcing Success Story. Joanne Kopcho Capgemini, Outsourcing Services

ITIL glossary and abbreviations. English

SERVICE RESCUE! An Implementation and Improvement Guide for Incident Management. Nicole Conboy Jan van Bon

ITIL V3 and ISO/IEC 20000

Exin ITIL. ITIL Foundation v.3. Version: QQ:

Transcription:

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH

Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned Raiffeisen Informatik 26.01.2010 2

Raiffeisen Informatik Group 27 Locations 3,000 Employees Turnover 2009: 1.2 Billion Euro 40 years experience IT s IT Operations Outsourcing Security s Client Management IT & Software Consulting Output s Outside of Europe: China Südafrika Kasachstan Raiffeisen Informatik 26.01.2010 3

Security Competences at Raiffeisen Informatik Department Information Security Management Information Security Management System ISO 27001 Focus on Risk Management Department Security Competence Center Founded 2005 Headquarter of Raiffeisen Informatik CERT Austria Penetration Testing Responsible person/team for each Business as well as for each Technical Component Raiffeisen Informatik 26.01.2010 4

General Situation Large scale IT organization have to be standardized and to be compliant IT Infrastructure Library Business process maps ISO 27001 COBIT CSIRT Customized services for constituency Guidelines helpful but generic Raiffeisen Informatik 26.01.2010 5

General Situation IT Infrastructure Library Best practice library De-facto standard 76 % of organizations align IT Management to ITIL* Popular processes Incident Management Desk Incident Management Process Problem Management Information Security Management *IT Management Studie MATERNA Raiffeisen Informatik 26.01.2010 6

Questions What are the implications of ITIL concerning setting up a CSIRT operate a CSIRT ITIL driven organization CSIRT Raiffeisen Informatik 26.01.2010 7

Introduction to IT Infrastructure Library 5 Core publications strategy design transition operation Continual service improvement Target is an IT alignment to business processes Source: ITIL v3 The official Introduction to the Lifecycle: TSO (OGC); 2007 Raiffeisen Informatik 26.01.2010 8

Strategy Strategy Strategy Design Design Transition Transition IT IT Operations Operations Improvement Improvement Strategy development Portfolio Management Financial Management Demand Management Management of: Catalog Level Capacity Availability IT Continuity Information Security Supplier Planning and Support Asset and Configuration Mgmt Chance Mgmt Release and Deployment Mgmt Validation & Testing Evaluation Knowledge Mgmt Event Management Incident Management Problem Management Request Fulfillment Access Management Reporting 7-Step Improvement process quality improvement Measurement Raiffeisen Informatik 26.01.2010 9

Example Vulnerability Management Report (Act) Information (Plan) Countermeasure (Do) Information Security Management Process ISO 27001:2005 Deming Cycle (Plan-Do-Check-Act) CSIRT can produce added value Economies of scale Quality Audit (Check) Raiffeisen Informatik 26.01.2010 10

Example Vulnerability Management Vulnerability Management!= Patch Management TRUE Workarounds Configuration issues Design issues Functional patches Raiffeisen Informatik 26.01.2010 11

Example Vulnerability Management PLAN PLAN DO DO CHECK ACT ACT Information Input Penetration Tests CSIRT triggered by Information Security Management Security Advisories CSIRT Desk Countermeasure Problem Management Problem Tickets: Penetration Testing measures, Less critical vulnerabilities Incident Management High critical vulnerabilities Audit Vulnerability Scanning CSIRT Report Information Security Management Raiffeisen Informatik 26.01.2010 12

Patch Management: affected ITIL Processes Strategy Strategy Design Design Transition Transition IT IT Operations Operations Improvement Improvement Financial Management COST CONTROL Level Management: costumer relations interface Review of infrastructure requirements Continuity Management to minimize impacts Risk assessment Vulnerability Management process Planning and Support Asset and Configuration Mgmt Change Mgmt Release and Deployment Mgmt Validation & Testing Evaluation Knowledge Mgmt Incident Management: patch (critical) Problem Management: patch, root problem search Reporting Measurement Raiffeisen Informatik 26.01.2010 13

Lessons Learned Vulnerability Management!= Patch Management Incident!= Security Incident Strategy Utility Warranty USP Constituency Design Information Security Management ISO 27001:2005 good preparation for FIRST accreditation (Site Visit) Information Security Management System Define clear interfaces Use the experience of your ISM Team Easy way to achieve separation of duties Operation Incident Management: Desk Process can be easily adopted for security incident management Problem Management: Good way to implement penetration test measures Raiffeisen Informatik 26.01.2010 14

Summary Considering ITIL offers advantages Important processes Incident Management Problem Management Information Security Management ISO 27001:2005 provides a good basis Maybe a possibility to set up the process of CSIRTs easier Raiffeisen Informatik 26.01.2010 15

Thank you for your attention! Raiffeisen Informatik GmbH Lilienbrunngasse 7-9 A-1020 Wien T +43 1/99 3 99-0 F +43 1/99 3 99-1100 E info@r-it.at www.raiffeiseninformatik.at Raiffeisen Informatik 26.01.2010 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information