Webinars

Metrics SIG

•  US

  Practical SOC Metrics

  Carson Zimmerman (Microsoft, US)

  Carson Zimmerman is currently a Cyber Security Operations Center (CSOC) engineering team lead with Microsoft. He has worked in and around CSOCs for about 15 years, holding roles in the CSOC ranging from tier 1 analyst to architect. Previously with MITRE, Carson wrote "Ten Strategies of a World-Class Cybersecurity Operations Center," which can be downloaded for free at http://bit.ly/1sKCOH9. He received a BS in Computer Engineering from Purdue University and an MS in Information Systems from George Mason University.

  In this talk, Carson will decompose key metrics for the CSOC, with three consumers in mind: the CSOC itself, executives above the CSOC, and CSOC customers. The presenter will provide example metrics used by leading, mature CSOCs, and point out along the way where those metrics can boost positive outcomes when used wisely, or drive negative outcomes when used poorly. The audience will be able to directly apply these metrics and methods presented in this talk to their own shops. By measuring and reporting in this manner, overall CSOC performance, executive engagement, and customer engagement should improve.

  SOC-Metrics-Webinar-for-FIRST-Metrics-SIG-v08a.pdf

  MD5: 83d5ba7761ebdd70ec3bfb63cd8d1338

  Format: application/pdf

  Last Update: November 13th, 2019

  Size: 2.78 Mb

•  DE PL US

  Timing Metrics – Deep Dive

  Désirée SacherMark ZajicekDésirée Sacher (Finanz Informatik, DE), Francesco Chiarini (PEPSICO, PL), Logan Wilkins (Cisco), Mark Zajicek (Carnegie Mellon University, US)

  Désirée Sacher - SOC Security Architect at Finanz Informatik. Experienced Security Architect with a demonstrated history of working in the information technology and services industry. Skilled in Security Analysis, Threat Intelligence, Network Forensics, Networking, and Security Systems Products. Strong information technology professional with a Bachelor focused in Science ZFH in Information Technology from ZHAW (eh. HSZ-T).

  Francesco Chiarini - Global Threat Management, Incident Response & Cyber Resilience Director at PepsiCo. Passionate about CSIRT processes and everything involving security incidents, 15 years’ experience in IT and information security. Prior to PepsiCo, has worked at Symantec and Hewlett-Packard and is actively engaged with international and local communities promoting incident response and leadership (ISSA Poland, CSO Council Poland, EC-Council). Francesco leads the FIRST Retail members group as well as FIRST Poland members group.

  Logan Wilkins - Engineering Manager Computer Security Incident Response Team (CSIRT). Logan Wilkins has over 25 years of software development and information security experience. He has worked in academic, research and corporate settings, specializing in DevSecOps management, data science and information security. Logan currently manages Cisco's CSIRT Engineering Delivery team, which is responsible for Security Monitoring and Incident Response systems development and deployment.

  Mark Zajicek is a Member of the Technical Staff in the CERT Division at the Software Engineering Institute, located at Carnegie Mellon University (Pittsburgh, Pennsylvania, USA). Mark’s current work is focused on helping other organizations to build and assess their own computer security incident response team (CSIRT) or incident management capability. As a member of the CERT CSIRT Development and Training team, Mark is responsible for providing guidance to new and existing CSIRTs, worldwide. Mark has co-developed a variety of documents and training materials, and he is an instructor for a suite of several courses that provide training for CSIRT managers and technical staff and for organizations that are building or evaluating an insider threat program. Previously, Mark was the Daily Operations team leader for the CERT Coordination Center (CERT/CC), after having joined the CERT/CC’s incident handling staff in 1992. Prior to joining the CERT/CC, he also helped support the CERT/CC during its initial start-up in 1988.

  During this session, you will receive an overview of the proposal for new FIRST guidelines related to security incident timeline and timing metrics. Measuring efficacy of an incident response team, as well as the extended IT team’s performance, is perceived as a key factor for many CSIRT leaders. At the same time, there seem to be no shared consensus within the community on what security incident timing framework to use. This lack, ultimately hinders CSIRT teams to align to a well-reputed community guideline as well as benchmarking within trusted peer groups. This work tries to mitigate this gap and sets a roadmap for future improvements.

• Initiatives
  • Special Interest Groups (SIGs)
    • Academic Security SIG
    • Big Data SIG
    • Common Vulnerability Scoring System (CVSS-SIG)
      • Calculator
      • Specification Document
      • User Guide
      • Examples
      • CVSS v3.1 Documentation & Resources
        • CVSS v3.1 Calculator
        • CVSS v3.1 Specification Document
        • CVSS v3.1 User Guide
        • CVSS v3.1 Examples
        • CVSS v3.1 Calculator Use & Design
      • CVSS v3.0 Archive
        • CVSS v3.0 Calculator
        • CVSS v3.0 Specification Document
        • CVSS v3.0 User Guide
        • CVSS v3.0 Examples
        • CVSS v3.0 Calculator Use & Design
      • CVSS v2 Archive
        • CVSS v2 Complete Documentation
        • CVSS v2 History
        • CVSS-SIG team
        • SIG Meetings
        • Frequently Asked Questions
        • CVSS Adopters
        • CVSS Links
      • CVSS v1 Archive
        • Introduction to CVSS
        • Frequently Asked Questions
        • Complete CVSS v1 Guide
      • JSON & XML Data Representations
      • CVSS On-Line Training Course
      • Identity & logo usage
    • CSIRT Framework Development SIG
    • Cyber Insurance SIG
      • Cyber Insurance SIG Webinars
    • Cyber Threat Intelligence SIG
      • Curriculum
        • Introduction
        • Introduction to CTI as a General topic
        • Methods and Methodology
        • Source Evaluation and Information Reliability
        • Threat Modelling
        • Training
        • Standards
        • Glossary
    • DNS Abuse SIG
    • Ethics SIG
      • Ethics for Incident Response Teams
    • Exploit Prediction Scoring System (EPSS)
      • The EPSS Model
      • Related Papers
    • Industrial Control Systems SIG (ICS-SIG)
    • Information Exchange Policy SIG (IEP-SIG)
    • Information Sharing SIG
      • Malware Information Sharing Platform
    • Malware Analysis
      • Malware Analysis Resources
    • Metrics SIG
      • Metrics SIG Webinars
    • Passive DNS Exchange
    • PSIRT SIG
      • Full Incident Management Coordination Working Group
    • Red Team SIG
    • Retail and Consumer Packaged Goods (CPG) SIG
    • Security Lounge SIG
    • SIGs Framework
    • Threat Intel Coalition SIG
      • Membership Requirements and Veto Rules
    • Traffic Light Protocol (TLP-SIG)
    • Vulnerability Coordination
      • Multi-Party Vulnerability Coordination and Disclosure
      • Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
    • Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
      • Vulnerability Database Catalog
    • Women of FIRST
  • Internet Governance
  • IR Database
  • Fellowship Program
    • Application Form
  • IR Hall of Fame
    • Hall of Fame Inductees
  • Volunteers at FIRST
    • FIRST Volunteers
    • Volunteer Contribution Record
  • Previous Activities
    • Best Practices Contest