Skip to content Skip to main navigation Skip to footer

CSIRT

2015-06-12 in CSIRTNews

2015 SA NREN CSIRT Workshop

In light of the evolving information security threat to the higher education and research community, SANReN and TENET invited CIOs and IT Directors from universities and science councils in South Africa to participate in a two-day facilitated workshop to explore the establishment of a Computer Security Incident Response Team (CSIRT) for the South African NREN. This workshop was held from 26-27 May at Kopanong and included nearly 60 participants from 13 universities and 4 science councils served by the NREN.

The attendees indicated that the risks were real, the timing was right and an overwhelming majority supported the establishment of a basic NREN CSIRT capability. The workshop therefore concluded with an unanimous decision to put forward a business case to institutional decision makers for conditional approval of funding for the activity. Watch this site for future updates and see the services page for more CSIRT information.

2015-04-16 in CSIRTEvents

SA NREN CSIRT Workshop, 26-27 May 2015

A Computer Security Incident Response Team (CSIRT) is “an organization or team that provides services and support to a defined constituency for preventing, handling, and responding to computer security incidents’’[1]. These incidents can include hacking, denial of service, intellectual property theft, data breaches, compromised systems, malware, etc. A CSIRT attempts to isolate, mitigate the effects of, disable and assist with recovery from these incidents. Additionally, a CSIRT can provide a number of proactive services to prevent these incidents from occurring in the first place. A CSIRT provides planned and prepared, rather than ad-hoc, handling and prevention of IT security incidents.

An SA NREN CSIRT will facilitate a coordinated response to incidents affecting the community (that is all SANReN beneficiaries and TENET customers). It can provide a central source of skills and expertise accessible by the entire community, for the community, in a cost-efficient manner. Furthermore, a coordinating CSIRT has insight that individual institutions may not have regarding the bigger picture and scope of an incident. This facilitates effective response for the whole community. Common incident prevention tasks (e.g. advisory dissemination) can also be coordinated to optimise resources. Besides acting as a centralised reporting point for the constituency, the CSIRT can also act as an intermediary to national and/or international partners as required.

The aim of this workshop is to discuss the desire for and a model of a CSIRT for the constituency of the South African NREN with the following sub-objectives:

  1. Determine the community’s support for such a team
  2. Workshop the following (as interrelated concerns):
    1. Services that the CSIRT must/should/can provide
    2. An appropriate structure for the CSIRT
    3. Staffing
    4. Funding model
  3. The formation of an establishment team (steering committee) with supporting working groups to implement the CSIRT focussing on areas such as:
    1. Policies and processes
    2. Tools and technologies
    3. Partners
    4. Legal aspects (e.g. POPI compliance)

Workshop logistics:

Venue: Kopanong Hotel and Conference Centre
Date: 26 and 27 May 2015
Start Time: Day 1 – 09h30 for 10h00; Day 2 – 09h00

[1] Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., & Zajicek, M. (2004). Defining incident management processes for CSIRTs: A work in progress (Tech. Rep.). Carnegie Mellon University. (www.sei.cmu.edu/reports/04tr015.pdf)

Back to top