diff --git a/a.4-best-practices/content.tex b/a.4-best-practices/content.tex index 79a8fb1..1ef5f9b 100644 --- a/a.4-best-practices/content.tex +++ b/a.4-best-practices/content.tex @@ -29,8 +29,8 @@ \item Private sector community \begin{itemize} \item Our largest sharing community - \item Over {\bf 1250 organisations} - \item {\bf ~3600 users} + \item Over {\bf +1500 organisations} + \item {\bf +4000 users} \item Functions as a central hub for a lot of sharing communities \item Private organisations, Researchers, Various SoCs, some CSIRTs, etc \end{itemize} @@ -82,11 +82,11 @@ \item Often come with their {\bf own taxonomies and domain specific object definitions} \end{itemize} \item FIRST.org's MISP community - \item Telecom and Mobile operators' community + \item Telecom and Mobile operators' such as GSMA T-ISAC community \item Various ad-hoc communities for exercises for example \begin{itemize} \item The ENISA exercise for example - \item Locked Shields exercise + \item Locked Shields exercise \end{itemize} \end{itemize} \end{frame} @@ -138,15 +138,15 @@ \end{itemize} \end{frame} -\begin{frame} -\frametitle{CSIRT proactive services - MISP dashboard} -\includegraphics[scale=0.18]{screenshots/dashboard-live.png} -\end{frame} +%\begin{frame} +%\frametitle{CSIRT proactive services - MISP dashboard} +%\includegraphics[scale=0.18]{screenshots/dashboard-live.png} +%\end{frame} -\begin{frame} -\frametitle{CSIRT proactive services - MISP dashboard} -\includegraphics[scale=0.18]{screenshots/dashboard-trendings.png} -\end{frame} +%\begin{frame} +%\frametitle{CSIRT proactive services - MISP dashboard} +%\includegraphics[scale=0.18]{screenshots/dashboard-trendings.png} +%\end{frame} \begin{frame} \frametitle{CSIRT advanced services} @@ -158,7 +158,6 @@ \item {\bf Notifications} to the constituency about relevant vulnerabilities \item {\bf Co-ordinating} with vendors for notifications (*) \item Internal / closed community sharing of pentest results - \item We're planning on starting a series of hackathons to find \end{itemize} \end{itemize} \end{frame} @@ -171,7 +170,7 @@ \item {\bf Seeking} and engaging in {\bf collaboration} with CSIRT or other parties during an incident \item Pre-sharing information to {\bf request for help} / additional information from the community \item {\bf Pseudo-anonymised sharing} through 3rd parties to {\bf avoid attribution} of a potential target - \item Building processes for {\bf other types of sharing} to get the community engaged and acquainted with the methodologies of sharing (mule account information, border control, etc) + \item Building processes for {\bf other types of sharing} to get the community engaged and acquainted with the methodologies of sharing (mule account information, disinformation campaigns, border control, etc) \end{itemize} \end{frame} @@ -290,7 +289,7 @@ \begin{frame} \frametitle{So how does one convert the passive organisations into actively sharing ones?} \begin{itemize} - \item Rely on {\bf organic growth} + \item Rely on {\bf organic growth} and it takes time (+2 years is common) \item {\bf Help} them increase their capabilities \item As mentioned before, lead by example \item Rely on the inherent value to one's self when sharing information (validation, enrichments, correlations) @@ -356,7 +355,7 @@ \item The MISPProject in co-operation with partners provides a {\bf curated list of galaxy information} \item Can include information packages of different types, for example: \begin{itemize} - \item Threat actor information + \item Threat actor information (event different models or approaches) \item Specialised information such as Ransomware, Exploit kits, etc \item Methodology information such as preventative actions \item Classification systems for methodologies used by adversaries - ATT\&CK