What's new

Events

Ioanna Kampouraki — 2012-04-23T08:05:00Z

Conference on the role of intermediaries

12 June 2012 - Brussels, Belgium

The event is organised by the European Commission in co-operation
with the European Network and Information Security Agency and the United States Department of Homeland Security. The overall objective of the event is to bring intermediaries together in order to establish a reinforcing momentum in awareness raising and dissemination effort on topics pertaining to information security.

More information about the event will be available soon.

Images for CERT exercises

Lauri Palkmets — 2012-04-19T11:05:00Z

Diclaimer:


By downloading the images you acknowledge the following:

Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be an action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004. This publication does not necessarily represent state-of the-art and it might be updated from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for educational and information purposes only. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged.

© European Network and Information Security Agency (ENISA), 2009

Instructions how to use virtual images ->

NOTE: Internet Explorer renames files with .ova extension to .tar. You will need to change the extension back before loading them into virtualisation environment.

Download

ISO image CSIRT Exercise Handbook:

Download	MD5 hash sum	PGP signature
Download	SHA1 hash sum	PGP signature

Virtual image CSIRT Exercise Handbook:

Download	MD5 hash sum

ISO image CSIRT Exercise Toolset:

Download	MD5 hash sum	PGP signature
Download	SHA1 hash sum	PGP signature

Virtual image CSIRT Exercise Toolset:

Download	MD5 hash sum

ISO image CSIRT Exercise Netflow:

Download	MD5 hash sum	PGP signature
Download	SHA1 hash sum	PGP signature

Virtual image CSIRT Exercise Netflow:

Download	MD5 hash sum

The hash files are signed with PGP. The key, key id and fingerprint can be found here.

TRANSITS training

Lauri Palkmets — 2012-04-18T07:45:00Z

TRANSITS training

TRANSITS evolved out of a European Commission funded project (IST-2001-39118, 1 July 2002 - 30 September 2005) to promote the establishment of CSIRTs by addressing the shortage of skilled staff. The seven training workshops organised by the project proved so successful that TERENA continued to run them after the project finished in September 2005. These have been run with financial support from ENISA, FIRST and various other organisations, whilst the course material has also been utilised for other workshops all around the world.

ENISA is supporting the successful TRANSITS program for CSIRT staff members taking place at least twice a year in Europe. The TRANSITS program consists of basic and advanced (hands on) courses.

TRANSITS-I

The TRANSITS-I course is aimed at new or potential CSIRT personnel who wish to gain a good grounding in the main aspects of working in an incident handling and response team. Over the years, operatives have been trained for commercial, governmental, military and national CSIRTs, as well as those in the research and education sector.

More information about TRANSITS-I

TRANSITS II

The TRANSITS-II course is aimed at more experienced personnel working for established CSIRTs. It provides an in-depth study of key areas in incident handling and response operations, training in how to improve communications with constituents, along with practical exercises.

More information about TRANSITS-II

7th CERT workshop

Cosmin Ciobanu — 2012-03-12T13:45:00Z

______________________________________________________

We are happy to inform you that this year our 7th annual CERT workshop will focus on hands-on training exclusively for the EU national/governamental CERT teams, free of charge and by invitation only.

ENISA, supported by the well known Internet security research firm Team Cymru, will offer 2 days of deep technical dive into topics like botnets, mobile malware and other interesting topics.

The workshop will be hosted by University of Malta.

Agenda (tentative)

1st day (14 June 2012)

08:30 - 09:00	Registration of participants
09:00 - 09:15	Opening ENISA
09:15 - 10:45	Nat/Gov CERTs discussion
10:45 - 11:00	Coffee break
11:00 - 12:30	Understanding botnets & botnet operations part 1
12:30 - 13:30	Lunch break
13:30 - 15:00	Understanding botnets & botnet operations part 2
15:00 - 15:15	Coffee break
15:00 - 18:15	Network monitoring & Netflow analysis

2nd day (15 June 2012)

09:00 - 10:30	Investigating malware infections part 1
10:30 - 10:45	Coffee break
10:45 - 12:15	Investigating malware infections part 2
12:15 - 13:15	Lunch break
13:15 - 14:45	DNS for investigators
14:45 - 16:00	Coffee break
16:00 - 17:30	Attack mitigation
17:30 - 18:00	Security for 1$ a day - Team Cymru Data Feeds
18:00 - 18:10	Closing remarks (ENISA and Team Cymru)

Cooperation between CERTs and Law Enforcement Agencies in the fight against cybercrime - A first collection of practices

belasag — 2012-02-28T12:39:18Z

The essential aim of this report is to improve the capability of CERTs, with a focus on the national/governmental CERTs (n/g CERTs), to address the network and information security (NIS) aspects of cybercrime. It focuses particularly on supporting n/g CERTs and their hosting organisations in the European Union (EU) Member States in their collaboration with the LEAs. It also intends to be a first collection of practices collected from mature CERTs in Europe, including among other things workflows and collaboration with other key players, in particular different law enforcement authorities, in the fight against cybercrime.

CERT-EU

Cosmin Ciobanu — 2012-01-09T10:05:00Z

Constituency
The constituency of CERT-EU is composed of all the EU Institutions, Agencies and Bodies.

http://europa.eu/about-eu/institutions-bodies/index_en.htm

Team Description in Accordance with RFC 2350
CERT-EU has published a document to provide basic information about the CERT-EU Pre-Configuration Team, its channels of communication, and its roles and responsibilities.

Context
In recent years, CERTs have been developed in both the private and public sectors. These teams are made up of small numbers of cyber-experts who are connected to the internet and who can effectively and efficiently respond to information security incidents and cyber threats, often on a 24 hours a day, 7days a week basis.

In the Digital Agenda for Europe adopted in May 2010 (see IP/10/581, and MEMO/10/200), the Commission committed itself to establishing a CERT for the EU Institutions, as part of the EU's commitment to a reinforced and high level EU Network and Information Security Policy in Europe. In August 2010 the Commission requested four cyber-security experts known as the "Rat der IT Weisen" to make recommendations on how to set up such a CERT. Their report was finalised in November 2010.

The Digital Agenda also calls on all Member States to establish their own CERTs, paving the way to an EU-wide network of national and governmental Computer Emergency Response Teams by 2012 (see IP/11/395). The EU's Council of Telecoms Ministers adopted conclusions on 27th May 2011, confirming this objective.

CERT-EU Website:

http://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html