MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [a.9] updates and refresh

pull/22/head
Alexandre Dulaunoy 2023-02-09 07:42:34 +01:00
parent 551ed171c7
commit d1d84836d3
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
a.4-best-practices/content.tex
View File

@ -26,7 +26,7 @@
\begin{frame} \begin{frame}
\frametitle{Communities operated by CIRCL} \frametitle{Communities operated by CIRCL}
\begin{itemize} \begin{itemize}
\item Private sector community \item Private sector community (fall-back community)
\begin{itemize} \begin{itemize}
\item Our largest sharing community \item Our largest sharing community
\item Over {\bf +1500 organisations} \item Over {\bf +1500 organisations}
@ -53,8 +53,8 @@
\item X-ISAC\footnote{\url{https://www.x-isac.org/}} \item X-ISAC\footnote{\url{https://www.x-isac.org/}}
\begin{itemize} \begin{itemize}
\item {\bf Bridging the gap} between the various sectorial and geographical ISACs \item {\bf Bridging the gap} between the various sectorial and geographical ISACs
\item New, but ambitious initiative
\item Goal is to {\bf bootstrap the cross-sectorial sharing} along with building the infrastructure to enable sharing when needed \item Goal is to {\bf bootstrap the cross-sectorial sharing} along with building the infrastructure to enable sharing when needed
\item Provide a basic set of threat intelligence for new ISACs
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -62,12 +62,13 @@
\begin{frame} \begin{frame}
\frametitle{Communities operated by CIRCL} \frametitle{Communities operated by CIRCL}
\begin{itemize} \begin{itemize}
\item the ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}} \item The ATT\&CK EU community\footnote{\url{https://www.attack-community.org/}}
\begin{itemize} \begin{itemize}
\item Work on attacker modelling \item Work on attacker modelling
\item With the assistance of MITRE themselves \item With the assistance of MITRE themselves
\item Unique opportunity to {\bf standardise on TTPs} \item Unique opportunity to {\bf standardise on TTPs}
\item Looking for organisations that want to get involved! \item Increasing the use of TTPs\footnote{Tactics, Techniques and Procedures} especially in sharing community like MITRE ATT\&CK
\item Major increase of MITRE ATT\&CK context in sharing communities
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -78,15 +79,15 @@
\item ISAC / specialised community MISPs \item ISAC / specialised community MISPs
\begin{itemize} \begin{itemize}
\item Topical or community specific instances hosted or co-managed by CIRCL \item Topical or community specific instances hosted or co-managed by CIRCL
\item Examples, GSMA, FIRST.org, CSIRT network, etc \item Examples, GSMA, FIRST.org, CSIRTs network, etc
\item Often come with their {\bf own taxonomies and domain specific object definitions} \item Often come with their {\bf own taxonomies and domain specific object definitions}
\end{itemize} \end{itemize}
\item FIRST.org's MISP community \item FIRST.org's MISP community
\item Telecom and Mobile operators' such as GSMA T-ISAC community \item Telecom and Mobile operators' such as GSMA T-ISAC community
\item Various ad-hoc communities for exercises for example \item Various ad-hoc communities for cyber security exercises
\begin{itemize} \begin{itemize}
\item The ENISA exercise for example \item The ENISA exercise (Cyber Europe)
\item Locked Shields exercise \item NATO Locked Shields exercise
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -118,7 +119,7 @@
\item {\bf Co-ordination} and collaboration \item {\bf Co-ordination} and collaboration
\item {\bf Takedown} requests \item {\bf Takedown} requests
\end{itemize} \end{itemize}
\item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://github.com/CIRCL/AIL-framework}}) \item Alerting of information leaks (integration with {\bf AIL}\footnote{\url{https://www.ail-project.org/}})
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -177,13 +178,13 @@
\begin{frame} \begin{frame}
\frametitle{A quick note on compliance...} \frametitle{A quick note on compliance...}
\begin{itemize} \begin{itemize}
\item Collaboration with Deloitte as part of a CEF project for creating compliance documents \item Collaboration with Deloitte and legal advisors as part of a CEF project for creating compliance documents
\begin{itemize} \begin{itemize}
\item Information sharing and cooperation {\bf enabled by GDPR} \item Information sharing and cooperation {\bf enabled by GDPR}
\item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities \item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities
\item {\bf AIL} and MISP \item {\bf AIL} and MISP
\end{itemize} \end{itemize}
\item For more information: https://github.com/CIRCL/compliance \item For more information: \url{https://github.com/CIRCL/compliance}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -238,7 +239,7 @@
\begin{itemize} \begin{itemize}
\item Estimating requirements \item Estimating requirements
\item Deciding early on common vocabularies \item Deciding early on common vocabularies
\item Offering services through MISP \item Offering expansion,analysis and intelligence services through MISP
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -263,10 +264,10 @@
\begin{itemize} \begin{itemize}
\item Sharing comes in many shapes and sizes \item Sharing comes in many shapes and sizes
\begin{itemize} \begin{itemize}
\item Sharing results / reports is the classical example \item Sharing {\bf results} / reports is the classical example
\item Sharing enhancements to existing data \item Sharing {\bf enhancements} to existing data/intelligence
\item Validating data / flagging false positives \item Validating data / flagging false positives ({\bf sighting})
\item Asking for support from the community \item Asking for {\bf support and collaboration} from the community
\end{itemize} \end{itemize}
\item {\bf Embrace all of them}. Even the ones that don't make sense right now, you never know when they come handy... \item {\bf Embrace all of them}. Even the ones that don't make sense right now, you never know when they come handy...
\end{itemize} \end{itemize}