You are here: Home Our Activities CERT Support Setting-up guide Promoting BP
Personal tools
 

Promoting BP

Promoting the Business Plan 
We have taken the following steps so far:




  1. Understanding what a CSIRT is and what benefits it might provide. 
  2. To what sector will the new team deliver its services to? 
  3. What kinds of services a CSIRT can provide to its constituency. 
  4. Analysis of the environment and constituents 
  5. Defining the mission statement 
  6. Developing the Business Plan


    • a. Defining the financial model 
    • b. Defining the organisational structure 
    • c. Starting to hire staff 
    • d. Utilising and equipping the office 
    • e. Developing an Information security policy 
    • f. Looking for cooperation partners 
    






>> The next step is to put the above in a project plan and get started!

A good start for defining your project is coming up with a business case. This business case will be used as basis for the project plan and will also be used to apply for management support and gain budget or other resources.

It proved useful to continuously report to the management to keep the awareness high for IT security problems and by this for continuously support for the own CSIRT.

Starting a business case begins with analysing the problems and opportunities by using an analysis model, described in page Analysis of the constituency, and search close contact to the potential constituency.

As described earlier there are is a lot to think about when starting a CSIRT. It’s best to adjust the above mentioned material to the CSIRTs needs as they develop.

Its good practice, when reporting to the management, to make the own case as up-to-date as possible by using recent articles from newspapers or the internet and explain why the CSIRT service and internal coordination of incidents are crucial for secure business assets. It’s also necessary to make clear that only continuously support in matters of IT security lead to a stable business, especially for a company or an institution that is dependent on IT.

(A prominent phrase by Bruce Schneier brings this to the point: "Security is not a product but a process!")

A famous tool for illustrating security problems is the following graph provided by the CERT/CC:

Intruder knowledge versus attack sophistication

It visualises the trends in IT security, especially the decrease in the necessary skills to carry out increasingly sophisticated attacks.

Another point to mention is the continuously shrinking time window between the availability of software updates for vulnerabilities and the starting of attacks against them:

Patch -> Exploit   Spreading rate  
Nimda: 11 month Code red: Days
Slammer: 6 month Nimda: Hours
Nachi: 5 month Slammer: Minutes
Blaster: 3 weeks    
Witty: 1 day (!)    

Gathered incident data, potential improvements and lessons learned make also a good presentation.

 
videos

 

CERT exercise video

View or download
the CERT Exercise video

related sites

logo cert eu
CERT-EU

logo apcert
Asian Pacific CERT

logo cert
CERT Coordination Centre

logo first
FIRST

logo nato
NATO CIRC

logo terena
Terena TF-CSIRT

logo ti
Trusted Introducer

 
IPv6 ready - http://www.ipv6forum.com/