diff --git a/a.4-best-practices/content.tex b/a.4-best-practices/content.tex index 7345b04..dde9d78 100644 --- a/a.4-best-practices/content.tex +++ b/a.4-best-practices/content.tex @@ -26,7 +26,7 @@ \begin{frame} \frametitle{Communities operated by CIRCL} \begin{itemize} - \item Private sector community + \item Private sector community (fall-back community) \begin{itemize} \item Our largest sharing community \item Over {\bf +1500 organisations} @@ -53,8 +53,8 @@ \item X-ISAC\footnote{\url{https://www.x-isac.org/}} \begin{itemize} \item {\bf Bridging the gap} between the various sectorial and geographical ISACs - \item New, but ambitious initiative \item Goal is to {\bf bootstrap the cross-sectorial sharing} along with building the infrastructure to enable sharing when needed + \item Provide a basic set of threat intelligence for new ISACs \end{itemize} \end{itemize} \end{frame} @@ -62,12 +62,13 @@ \begin{frame} \frametitle{Communities operated by CIRCL} \begin{itemize} - \item the ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}} + \item The ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}} \begin{itemize} \item Work on attacker modelling \item With the assistance of MITRE themselves \item Unique opportunity to {\bf standardise on TTPs} - \item Looking for organisations that want to get involved! + \item Increasing the use of TTPs\footnote{Tactics, Techniques and Procedures} especially in sharing community like MITRE ATT\&CK + \item Major increase of MITRE ATT\&CK context in sharing communities \end{itemize} \end{itemize} \end{frame} @@ -78,15 +79,15 @@ \item ISAC / specialised community MISPs \begin{itemize} \item Topical or community specific instances hosted or co-managed by CIRCL - \item Examples, GSMA, FIRST.org, CSIRT network, etc + \item Examples, GSMA, FIRST.org, CSIRTs network, etc \item Often come with their {\bf own taxonomies and domain specific object definitions} \end{itemize} \item FIRST.org's MISP community \item Telecom and Mobile operators' such as GSMA T-ISAC community - \item Various ad-hoc communities for exercises for example + \item Various ad-hoc communities for cyber security exercises \begin{itemize} - \item The ENISA exercise for example - \item Locked Shields exercise + \item The ENISA exercise (Cyber Europe) + \item NATO Locked Shields exercise \end{itemize} \end{itemize} \end{frame} @@ -118,7 +119,7 @@ \item {\bf Co-ordination} and collaboration \item {\bf Takedown} requests \end{itemize} - \item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://github.com/CIRCL/AIL-framework}}) + \item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://www.ail-project.org/}}) \end{itemize} \end{frame} @@ -177,13 +178,13 @@ \begin{frame} \frametitle{A quick note on compliance...} \begin{itemize} - \item Collaboration with Deloitte as part of a CEF project for creating compliance documents + \item Collaboration with Deloitte and legal advisors as part of a CEF project for creating compliance documents \begin{itemize} \item Information sharing and cooperation {\bf enabled by GDPR} \item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities \item {\bf AIL} and MISP \end{itemize} - \item For more information: https://github.com/CIRCL/compliance +\item For more information: \url{https://github.com/CIRCL/compliance} \end{itemize} \end{frame} @@ -238,7 +239,7 @@ \begin{itemize} \item Estimating requirements \item Deciding early on common vocabularies - \item Offering services through MISP + \item Offering expansion,analysis and intelligence services through MISP \end{itemize} \end{itemize} \end{frame} @@ -263,10 +264,10 @@ \begin{itemize} \item Sharing comes in many shapes and sizes \begin{itemize} - \item Sharing results / reports is the classical example - \item Sharing enhancements to existing data - \item Validating data / flagging false positives - \item Asking for support from the community + \item Sharing {\bf results} / reports is the classical example + \item Sharing {\bf enhancements} to existing data/intelligence + \item Validating data / flagging false positives ({\bf sighting}) + \item Asking for {\bf support and collaboration} from the community \end{itemize} \item {\bf Embrace all of them}. Even the ones that don't make sense right now, you never know when they come handy... \end{itemize}