What is the aim?
To establish actionable, service-based internal, sectoral, and national CSIRTs and SOCs for governments and organizations.
Why do it?
The benefits of creating CSIRT/SOC are the following:
- Manageable, coordinated and competent one-stop centers to deliver cybersecurity services for its constituencies;
- Effective, efficient and integrated cyber incident detection, response and recovery services to the constituency;
- Applied best international practice in a form of technology selection, delivery, operations, maturity assessments and roadmaps;
- Maximized Return on Investments (ROI);
- Recognition and trust among cybersecurity community locally and internationally.
What are typical outputs?
Depends on the scope/scale of the project, but typical outputs may include: initial assessment of CSIRT maturity level; preparation of design and implementation plan; creation of SOPs; design and implementation of technological solutions; extensive knowledge transfer via hands-on training and supervising of activities, etc.
How is it delivered?
Depending on the scope/scale of the project, the modus operandi may include:
- Performing initial assessment
- Preparation of a detailed CSIRT/SOC design and implementation plan
- Preparation (review) of CSIRT/SOC mandate
- Preparation of technical solutions architecture along with identification and proposal of alternatives for most suitable components
- Preparation of essential policies and procedures
- Implementation of technology solutions
- Training sessions for staff
- Soft launch
- Update and upgrade of security operations
- Official launch
- Continuous support after the launch.
How easily can a country do it themselves?
As a result of legal obligations, countries often do it themselves using available guidance and resources. However, the process can become very lengthy and may be overshadowed by political divisions and biases before reaching the effective stage. NRD Cyber Security brings to the table an open-minded approach based on cost-benefit analysis and creation of results-driven services for the customer.
What good practice guidance is available?
ENISA‘s Guidelines for Establishing CSIRTs and SOCs, 2020; ENISA‘s “CSIRT Setting up Guide”, 2006; ENISA’s “Good Practice Guide for Incident Management”, 2010; FIRST.org’s CSIRT Services Framework
Effective Integration of the following vital components are the key for success:
Governance: Mandate definition along with roadmap and strategy preparation.
People/skills: Providing skills for incident detection and response, threat hunting and digital forensics.
Processes and services: proper planning of services and processes, process automation and reporting, standard operating procedures.
Technologic capability: e.g. automation of ticketing, information collection, processing and sharing.
Measurements: KPIs, SLAs, applying international best cybersecurity practices, such as SIM3 or SOC-CMM models.
International recognition: Assessments and introduction to Forum of Incident Response Teams (FIRST.Org), TF-CSIRT community.
Depends on the scope/scale and complexity of the Project (is hardware and commercial software part of scope, as example), it often varies from 90k to 2000k USD.
Depends on the scope/scale of the project. Duration could vary from 9 months to 36 months.
Digitization is progressing fast in Bangladesh and Bangladesh is now one of the emerging Asian destinations for sourcing software, information-technology enabled services and business outsourcing.
Bangladesh’s new economy, largely based on the development of the IT industry, is expected to improve the socioeconomic condition and livelihood of people. Therefore, the government is working to create the conditions for the businesses and citizens to act in a secure and non-toxic digital environment.
In 2016, Bangladesh Computer Council (BCC) initiated a project “Leveraging ICT for Growth, Employment and Governance Project (LICT)”, financed by the World Bank, to improve Bangladesh’s capacity to manage the risks related to the digital revolution and deal with fast-growing cybercrime. NRD Cyber Security was selected to implement this project and to establish Bangladesh’s e-Government Computer Incident Response Team (BGD eGov CIRT).
In implementing the project, the NRD Cyber Security Team provided consultative and technical assistance which resulted in drafting mandates, regulations, applications and launching CIRT information systems while following ENISA, ISACA, Critical Security Controls and other methodologies.
Moreover, the supporting activities and deliverables included preparation of the government of Bangladesh Information Security Manual, Report on Bangladesh Information Security Classification and Information Protection Tools, Telecommunication and ISPs Information Security Manual, Cybercrime Legislation, cybersecurity awareness campaign and consensus building as well as the provision of CIRT training courses.
In the context of the project, a CMM assessment was also conducted (See activity 1).