mirror of https://github.com/MISP/misp-training
chg: [a.9] updates and refresh
parent
551ed171c7
commit
d1d84836d3
|
|
@ -26,7 +26,7 @@
|
|||
\begin{frame}
|
||||
\frametitle{Communities operated by CIRCL}
|
||||
\begin{itemize}
|
||||
\item Private sector community
|
||||
\item Private sector community (fall-back community)
|
||||
\begin{itemize}
|
||||
\item Our largest sharing community
|
||||
\item Over {\bf +1500 organisations}
|
||||
|
|
@ -53,8 +53,8 @@
|
|||
\item X-ISAC\footnote{\url{https://www.x-isac.org/}}
|
||||
\begin{itemize}
|
||||
\item {\bf Bridging the gap} between the various sectorial and geographical ISACs
|
||||
\item New, but ambitious initiative
|
||||
\item Goal is to {\bf bootstrap the cross-sectorial sharing} along with building the infrastructure to enable sharing when needed
|
||||
\item Provide a basic set of threat intelligence for new ISACs
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
@ -62,12 +62,13 @@
|
|||
\begin{frame}
|
||||
\frametitle{Communities operated by CIRCL}
|
||||
\begin{itemize}
|
||||
\item the ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}}
|
||||
\item The ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}}
|
||||
\begin{itemize}
|
||||
\item Work on attacker modelling
|
||||
\item With the assistance of MITRE themselves
|
||||
\item Unique opportunity to {\bf standardise on TTPs}
|
||||
\item Looking for organisations that want to get involved!
|
||||
\item Increasing the use of TTPs\footnote{Tactics, Techniques and Procedures} especially in sharing community like MITRE ATT\&CK
|
||||
\item Major increase of MITRE ATT\&CK context in sharing communities
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
@ -78,15 +79,15 @@
|
|||
\item ISAC / specialised community MISPs
|
||||
\begin{itemize}
|
||||
\item Topical or community specific instances hosted or co-managed by CIRCL
|
||||
\item Examples, GSMA, FIRST.org, CSIRT network, etc
|
||||
\item Examples, GSMA, FIRST.org, CSIRTs network, etc
|
||||
\item Often come with their {\bf own taxonomies and domain specific object definitions}
|
||||
\end{itemize}
|
||||
\item FIRST.org's MISP community
|
||||
\item Telecom and Mobile operators' such as GSMA T-ISAC community
|
||||
\item Various ad-hoc communities for exercises for example
|
||||
\item Various ad-hoc communities for cyber security exercises
|
||||
\begin{itemize}
|
||||
\item The ENISA exercise for example
|
||||
\item Locked Shields exercise
|
||||
\item The ENISA exercise (Cyber Europe)
|
||||
\item NATO Locked Shields exercise
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
@ -118,7 +119,7 @@
|
|||
\item {\bf Co-ordination} and collaboration
|
||||
\item {\bf Takedown} requests
|
||||
\end{itemize}
|
||||
\item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://github.com/CIRCL/AIL-framework}})
|
||||
\item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://www.ail-project.org/}})
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -177,13 +178,13 @@
|
|||
\begin{frame}
|
||||
\frametitle{A quick note on compliance...}
|
||||
\begin{itemize}
|
||||
\item Collaboration with Deloitte as part of a CEF project for creating compliance documents
|
||||
\item Collaboration with Deloitte and legal advisors as part of a CEF project for creating compliance documents
|
||||
\begin{itemize}
|
||||
\item Information sharing and cooperation {\bf enabled by GDPR}
|
||||
\item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities
|
||||
\item {\bf AIL} and MISP
|
||||
\end{itemize}
|
||||
\item For more information: https://github.com/CIRCL/compliance
|
||||
\item For more information: \url{https://github.com/CIRCL/compliance}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -238,7 +239,7 @@
|
|||
\begin{itemize}
|
||||
\item Estimating requirements
|
||||
\item Deciding early on common vocabularies
|
||||
\item Offering services through MISP
|
||||
\item Offering expansion,analysis and intelligence services through MISP
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
@ -263,10 +264,10 @@
|
|||
\begin{itemize}
|
||||
\item Sharing comes in many shapes and sizes
|
||||
\begin{itemize}
|
||||
\item Sharing results / reports is the classical example
|
||||
\item Sharing enhancements to existing data
|
||||
\item Validating data / flagging false positives
|
||||
\item Asking for support from the community
|
||||
\item Sharing {\bf results} / reports is the classical example
|
||||
\item Sharing {\bf enhancements} to existing data/intelligence
|
||||
\item Validating data / flagging false positives ({\bf sighting})
|
||||
\item Asking for {\bf support and collaboration} from the community
|
||||
\end{itemize}
|
||||
\item {\bf Embrace all of them}. Even the ones that don't make sense right now, you never know when they come handy...
|
||||
\end{itemize}
|
||||
|
|
|
|||
Loading…
Reference in New Issue