\note[item]{Explaining the overall history of MISP especially the aspect of starting on a focused topic "malware reversing" to a more generic open source solution for sharing information.}
The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. CIRCL is the CERT for the private sector, communes and non-governmental entities in Luxembourg and is operated by LHC g.i.e.
\item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg National CERT for private sector.
\item CIRCL leads the development of the Open Source MISP threat intelligence platform which is used by many military or intelligence communities, private companies, financial sector, National CERTs and LEAs globally.
\item{\bf CIRCL runs multiple large MISP communities performing active daily threat-intelligence sharing}.
\end{itemize}
\includegraphics{en_cef.png}
\end{frame}
\begin{frame}
\frametitle{What is MISP?}
\begin{itemize}
\item MISP is a {\bf threat information sharing} platform that is free \& open source software
\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
\item Normalises, {\bf correlates}, {\bf enriches} the data
\item Allows teams and communities to {\bf collaborate}
\item{\bf Feeds} automated protective tools and analyst tools with the output
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Development based on practical user feedback}
\begin{itemize}
\item There are many different types of users of an information sharing platform like MISP:
\begin{itemize}
\item{\bf Malware reversers} willing to share indicators of analysis with respective colleagues.
\item{\bf Security analysts} searching, validating and using indicators in operational security.
\item{\bf Intelligence analysts} gathering information about specific adversary groups.
\item{\bf Law-enforcement} relying on indicators to support or bootstrap their DFIR cases.
\item{\bf Risk analysis teams} willing to know about the new threats, likelyhood and occurences.
\item{\bf Fraud analysts} willing to share financial indicators to detect financial frauds.