1 / 24

Resources to Support Training Programs for CSIRTs

Resources to Support Training Programs for CSIRTs. Problem. There is a long trend which shows CSIRTs are having a problem training their staff A recent survey* by Jeff Yuetter had two interesting results

alayna
Download Presentation

Resources to Support Training Programs for CSIRTs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Resources to Support Training Programs for CSIRTs

  2. Problem • There is a long trend which shows CSIRTs are having a problem training their staff • A recent survey* by Jeff Yuetter had two interesting results • Staff expertise or availability is a very challenging problem to 49% of teams (51 responded) • 54% of the teams do not have a formal training or mentoring program in place (56 responded) • Similar findings were reported by • CERT/CC in 2009 • CERT/CC in 2003 * update d version of CSIRT State of the Practice independently carried out by Jeff in Fall 2011

  3. Causes • We assume that there will be multiple causes for this issue. We will primarily focus on: • Lack of identified resources to compose a comprehensive training plan • Lack of knowledge on how to prepare and execute a training plan • Thus, we believe the major issues are related to building and executing Training Plans

  4. Major Steps to Creating a Training Plan • (1) Identify all of the topics required • (2) Create a check-list that summarizes all the training topics • (3) Identify the resources • (4) Develop a procedure for evaluation and correction (to include assessment materials)

  5. A Relook at Causes • We assume that there will be multiple causes for this issue. We will primarily focus on: • Lack of identified resources to compose a comprehensive training plan • This is step (3) in Creating a Training Plan • Lack of knowledge on how to prepare and execute a training plan • This is part of step (4) in Creating a Training Plan • This means the major issues are related to executing Training Plans

  6. What has been done • What about steps (1) and (2)? • The (U.S.) National Initiative for Cybersecurity Education (NICE) has a framework • http://csrc.nist.gov/nice/framework/ • Nice addresses steps (1) and (2)

  7. What Can We do • We are proposing that a pilot could focus on Incident Responders. In NICE this is • Protect and Defend: Incident Response: Tasks and KSAs (pgs 70-73) • http://csrc.nist.gov/nice/framework/documents/NICE-Cybersecurity-Workforce-Framework-printable.pdf • We could identify and document the resources for the tasks and KSAs [step (3)]

  8. The Pilot • Pilot: An attempt to address step (3) • Identify resources for NICE specialty areas tasks/KSAs • Focus on specialty area - Incident Responders • Protect and Defend: Incident Response: Tasks and KSAs (pgs 70-73) • We believe this material is part of the missing information needed by CSIRT managers to develop a training plan

  9. Pilot • Work with 6 to 7 domain experts within a community to identify resources to match against Tasks and KSAs • This would also identify gaps • We could either host the material on our website or assist with the community hosting it on theirs • Initially we think a wiki format might be best

  10. Benefits • If we can identify what resources will be required to meet specific Tasks and KSAs at various levels, it will also assist with • Management of professional development for staff • Better inform Human Resources in recruiting • Inform new recruits what the expectations are for role/position within a team

  11. Long Term • It is not sufficient to just have resources and a plan • Assessments of the resources(4) will be required before we have a complete solution for CSIRTs

  12. OVERVIEW OF NICE

  13. NICE Framework -1 • Generic Outline • Framework Category • Specialty Area • Tasks • KSAs (Knowledge, Skills, and Abilities) • Example • Protect and Defend • Incident Response • 16 Tasks • 26 KSAs

  14. NICE Framework - Categories • There are seven framework categories • Securely Provision (SP) • Operate and Maintain (OM) • Protect and Defend (PD) • Investigate (IN) • Operate and Collect (OC) • Analyze (AN) • Support (S)

  15. NICE Framework - Specialty Areas

  16. Similar Initiatives

  17. Matrix: NICE specific specialty areas to training/classes • Training Plans: Interview teams to create generic training plans for the CSIRT community

  18. Initiative: Matrix • We would like to create a Matrix that would identify by NICE framework specialty areas what training courses or college classes (language unspecific) meet the Tasks and/or KSAs • An example of a similar project done by SANS can be found at (pg 2): www.sans.org/critical-security-controls/winter-2012-poster.pdf

  19. Initiative: Matrix cont. • For a pilot we will be working with the FIRST Education and Training Committee • We are looking for a few more experts to join the effort • Our initial area of focus will be the Protect and Defend framework category • We would further subdivide each specialty area into Junior / Intermediate / Senior • Instead of freely available resources we will take a different look to address step (3) • Training Classes • College Classes (to include freely available online)

  20. Initiative: Training Plans • Use the resource from the 2 previous Pilots • Interview CSIRTs with existing training plans • Develop templates and resources to assist CSIRT managers in creating and managing training within their organization

More Related