Mehrere Arbeitsgruppen sorgen für die Umsetzung der Vereinsziele. High – there is only limited capability of filtering, high volumes of incidents needs to be treated as well, sometimes too much information is being shared, MISP-Project website
Cyber Security Information Sharing platforms have proven to be sustainable, in that they already exist for many years, at least within the industry. In this case, by putting in place preventive measures, sometimes cybercriminal behaviour can be avoided, or even quarantined – or ran – just to be able to gather forensic evidence. ? (public and private) CERT’s, CSIRT’s, Security Operations Centers (SOC’s)
Sustainable, continues to be supported through the community, additional developments of the platform under GIThub. CERT.EU & CERT.BE – operational teams
The experiences and best practices have been shared, community is available to support both setup and operations. The system can act as a forensic tool over time. This ransomware attack has likely entered into the laptop from the outside (either clicking on a link, installing a piece of software or opening an email attachment). Cyber Security Sharing & Analytics (CSSA) ... liegt auf dem Austausch und der Analyse von Vorfällen innerhalb des Mitgliederkreises und dem gemeinsamen Aufbau von Threat Intelligence. Their activities and results will be noted in a case log. Der Verein hat sich keine Wachstums-, sondern qualitative Entwicklungsziele gesetzt. CSSA bietet den organisatorischen und technischen Rahmen, um sensible Informationen sicher miteinander zu teilen, Experten direkt miteinander zu vernetzen, und sich gegenseitig im Sinne einer Nachbarschaftshilfe zu unterstützen. CIRCL (Luxemburg CERT) MISP https://goo.gl/jfnLhC
It is a cooperation oriented – community-based operation, aimed at cyber threat experts sharing their discoveries and intelligence. The Malware Information Sharing Platform (MISP) is an open source software (freely downloadable and royalty-free operational) platform that can be installed by any organization in order to collect and distribute malware information – cyber threat intelligence amongst peers. Some platforms are centrally oriented, others work in a decentralized manner. ARMOUR: Grant agreement No: 823683, PLATFORM OFFICE: Low - shared cost in operation, shared knowledge through community
High – in order to take into full operation, dedicated resources should be required, investigating and coordinating relations, managing the trusted network and the trusted information sharing (traffic light protocol). In the last … Its sustainability will depend on the continued support of its community, its ability to innovate and provide an efficient tool for cyber security incidents and first-line practitioner actions. The incident management teams can sometimes be responsible for one organisation (large corporates, or security services companies) or multiple organisations (such as national CERTs, typically taking care over incidents of national governments, administration and public authority institutions. Cyber Security analysts and first level responders
It is being used today by over 800 organisations in Europe and worldwide, including official CERTs and platforms. Ausschlaggebend für den Erfolg von CSSA ist jedoch der direkte Draht zwischen den Mitgliedern und der vertrauliche Austausch unter Experten. Other platforms are oriented in providing (near) real time information, and get their relevance and significance on the basis of the contributors. ENISA (European Agency for Network and Information Security), Low - in operations – free to install, host, operate (no license cost), infrastructure relatively limited – can be cloud operated
This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme. ? FIRST-LINE PRACTITIONERS has been developed within the EU-funded projects TAKEDOWN, MINDb4ACT, CHAMPIONs and ARMOUR. Towards an Evaluation Framework for Threat Intelligence Sharing Platforms, Towards a Maturity Model for Inter-Organizational Cyber Threat Intelligence Sharing: A Case Study of Stakeholders' Expectations and Willingness to Share. It is likely that the MISP platform and community will merge into another platform. gewählt durch die Mitgliederversammlung:Dr. Ralf Schneider (Vorsitz)Stefan BeckDr. 1) The effectiveness of the platform itself is derived out of the user friendliness of the tool (the technical platform), but also its ease of facilitating information gathering (input) by expert – and non-expert people providing information to the platform. Als Haupt-Schnittstelle und Sharing-Tool fungiert MISP. The main purpose of the MISP is to have one incident management team, investigating such an incident, reporting it into the MISP to alert other MISP subscribers to be aware of the incident and be alerted that similar incidents might happen on their constituency – or with their stakeholders.