The Road to Maturity
Tentative Program For AIS 2019
Draft Program Description
CSIRT Creation and Management
The CSIRT Creation and Management Training is organized with FIRST Course by AfricaCERT. It is the opportunity to enable AfricaCERT Train the Trainer program using FIRST course.
Participants should bring their own laptop
- Exposes participants to methods for incident coordination with a focus on how to handle major security events and coordinate incident responses.
- Discusses the purpose and structure of CSIRTs and a high-level overview of the key issues and decisions that must be addressed in establishing and maintaining a CSIRT. Other topics include a discussion of CSIRT services as well as key policies, procedures, methods, tools, and infrastructure components that are needed to effectively operate a CSIRT.
- Walks participants to walks through how CSIRT leaders and managers would set up and manage a newly created CSIRT. It covers both the external processes of meeting the needs of stakeholders and community and the internal processes of policies, configuration, and planning.
- Topics includes:
- Define incident management and establish the need for an incident handling team
- Step through potential CSIRT requirements and define how a
- Define the range, levels of services, and organizational components
of a CSIRT
- Set expectations for meeting the needs of constituencies and stakeholders
- Define expectations for a newly created CSIRT and categorize roles and responsibilities
- Set expectations for funding, staffing, and training
- Clarify hardware and software requirements
- Explain how to develop security configurations, including for
- Practice assessing needs for a CSIRT
- Outline how to develop policies, procedures, processes, and workflows
- Define methods for building disaster recovery and business continuity plans
- Explain how to create policies for security configurations, including for physical security
- Describe how to build relationships between a CSIRT and its constituency
- Identify ways to work with the wider community, including vendors, law enforcement, press, and academia
- Practice setting up a CSIRT to function optimally
- Operational management issues.
The workshop is based on the manipulation and configuration of open source software to secure the web server. The workshop is structured around tools, including:
- Remove Unnecessary Services.
- Enable Automatic Security UPDATE
- Tools that be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly.
- Hardening your webserver
- Web application firewall (WAF)
- MOD_EVASIVE: Apache module.
- Chrooting: is an operation to change the apparent root directory i.e.
- / for a running process and their child processes.
- SSL: Generating, Config and test ssl certificate
Participants will be equip and walk through methods to configure their own Web server (VM) and install the open-source software on it and try to break into their own servers using hacking tool (Kali).
- Participants bring their own laptop
- Tools to install and preparation will be provided to registered participants before the training
- A session will take place on June 9thto prepare participants having issues to install the tools prior to the training
Title: Incident response workshop (~2 days)
- Addressing Operational Challenges.
- Good Practices on CSIRT regulative frameworks
- Cooperation with CII operators etc.
- Working with Policy Makers
Description – the workshop will focus on the operational, tactical, procedural, legal and communication aspects of incident response. The experts will deliver sessions covering the whole incident response lifecycle from incident detection through various escalation levels until the implementation of mitigation measures and post-incident activities. This includes incident response best practices, workflow, classification, SLAs and team composition/roles along with business impact. Special focus will be dedicated on internal and external incident communication. The issues pertinent to compliance and supervision, as well as risk management and their role in incident handling will be covered.
Who should attend – technical personnel (system administrators, developers, engineers), incident responders, management level participants, people involved in communications/PR, law, compliance, business, risk management
Morning session 1: Threat landscape, awareness and community building
Morning session 2: Establishing incident response (history and current practice from around the world)
Afternoon session 3: CSIRT organisation and legal framework
Afternoon session 4: Communication (internal, external, communication channels and methods)
Morning session 5: Incident response taxonomies and escalation paths
Morning session 6: Incident response: Cases.
Afternoon session 7: Exercises: validating your skills and procedures
Afternoon session 8: Supervision
- AfriNIC Whois Database use for Incident Responders
Lead Trainer: AfriNIC
- Resources for the CSIRT
Lead Trainer: AfricaCERT
- PGP Key Signing Party and Information Exchange
Lead Trainer: AfricaCERT
GFCE Triple I Capacity Building Day | The Internet Infrastructure Security Day (more at: https://triple-i-workshop-ais2019.gfce-events.com/)
This will be a workshop in which participants from different stakeholder groups together:
- learn more about Open Internet Standards such as DNSSEC, TLS, DANE, RPKI, ROA, DMARC, DKIM, SPF, and IPv6, in support of more trusted communications;
be inspired by Good Practice experience that helped improve reliability of the Internet and collaborative security. Good practice examples will be presented from the region, and from elsewhere that may be of interest in the region;
- with a collaborative foundation, work to develop and commit to specific actions that will help improve the region’s Internet economy. For this we will work according the Open Spacemethodology which means that the participants set the agenda, together.
Participants are sought across regional Internet stakeholder groups, including government, business, education, and technical community. Collaborative security is how we build trust in the Internet’s infrastructure. You are invited to join this workshop in order to improve the trusted Internet experience in the region. You may want to stimulate people you would need to work with as well to register for this workshop. Participation is upon confirmed registration, only, and limited in numbers.
Team of Instructors are/from:
French Cybersecurity Agency
JPCERT/CC – Japan Computer Emergency Response Team Coordination Centre
TunCERT – Tunisian Computer Emergency Response Team