Tuesday, May 4, 2010

Guest Post - Nick Volpe - Groups Working on our Cyber Problem

Guest post from Nick Volpe.
Nick Volpe is at student at Immaculata University.  He is also a cybersecurity research analyst intern for Fortalice®, LLC.


Research Outline  

Topic: Groups that Track Emerging and Current Security Threats
Date: 4/9/2010 

GROUP 1: CERT/CC 

  • GROUP DESCRIPTION:
    The CERT/CC is the Computer Emergency Response Team Coordination Center run by Carnegie Mellon University in Pittsburgh, PA. It is federally funded and serves as a major reporting center for internet security threats and problems including breaches at the software and system levels. CERT/ CC staff coordinates responses to security issues and offer technical assistance. 
  • COST TO JOIN: N/A, Free resources available

  • SIMILARITIES WITH OTHER GROUPS:

    • Deals with cyber security response much like US-CERT and other CERT groups
    • Collaborates with information between government and the private sector
    • Federally funded

  • UNIQUENESS FROM OTHER GROUPS:
    • Run by an academic institution

GROUP 2: InfraGard 

  • GROUP DESCRIPTION:

    InfraGard is a collaboration of the US Federal Bureau of Investigation and private sector businesses and organizations with the intention of promoting the open communication between business and law enforcement for the purpose of protecting proprietary information and assets. Local chapters are available to facilitate information sharing and various member benefits including training. 

  • COST TO JOIN: Free for US citizens

  • SIMILARITIES WITH OTHER GROUPS:

    • Federally funded
    • Facilitates information sharing between sectors

  • UNIQUENESS FROM OTHER GROUPS:

    • Gives access to sensitive government data
    • Local chapters with access to information and training
    • Close ties with the FBI for coordination

GROUP 3: US-CERT 

  • GROUP DESCRIPTION:
    The US-CERT or United States Computer Emergency Readiness Team of the National Cyber Security Division at the US Department of Homeland Security provides response support and defense against various cyber attacks for the Federal Civil Executive Branch and information collaboration between government agencies and industry. 
  • COST TO JOIN: N/A, Free subscriptions

  • SIMILARITIES WITH OTHER GROUPS:

    • Deals with cyber security response much like CERT/CC and other CERT groups
    • Collaborates with information between government and the private sector

  • UNIQUENESS FROM OTHER GROUPS:
    • Part of the Department of Homeland Security
    • Defends the Federal Civil Executive Branch
   
GROUP 4: SANS 

  • GROUP DESCRIPTION:
    The SANS (SysAdmin, Audit, Network, Security) Institute is a cooperative research and educational organization with programs for security professionals all over the world and is one of the most trusted and largest source of information security training and certification. SANS also operates the internet early warning system called “Internet Storm Center.” 
  • COST TO JOIN: Free information security research documents, training, and whitepapers

  • SIMILARITIES WITH OTHER GROUPS:

    • Offers training to information security professionals
    • Cooperative with training and certification programs

  • UNIQUENESS FROM OTHER GROUPS:
    • Has its own early warning system

GROUP 5: FS-ISAC 

  • GROUP DESCRIPTION:
    The FS-ISAC or Financial Services Information Sharing and Analysis Center gather information about both cyber and physical risks for the financial services sector. It was established to protect critical US infrastructure and constantly gathers information that is reliable and timely for financial providers and firms. 
  • COST TO JOIN: Ranges from $850/year to $49,950/year depending on organizations assets and revenue

  • SIMILARITIES WITH OTHER GROUPS:

    • Protects US infrastructure
    • Coordinates sharing of critical data

  • UNIQUENESS FROM OTHER GROUPS:

    • High cost to join
    • Specifically intended for the financial services sector
    • Deals with both cyber and physical attacks

SOURCES:
  1. CERT Coordination Center (CERT/CC) http://www.cert.org/certcc.html
  2. CERT/CC Definition from PC Magazine Encyclopedia http://www.pcmag.com/encyclopedia_term/0,2542,t=CERTCC&i=39534,00.asp
  3. About InfraGard http://www.infragard.net/about.php?mn=1&sm=1-0
  4. US-CERT: About Us http://www.us-cert.gov/aboutus.html
  5. SANS: About SANS http://www.sans.org/about/sans.php
  6. About the FS-ISAC http://www.fsisac.com/about/
Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)