NISCC WARP WORKSHOP - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

NISCC WARP WORKSHOP

Description:

The WARP process is great for an open' environment where ... CANNEL MOD CIS Alert State. DETERRENCE. PROTECTION. DETECTION. TOLERANCE. REACT. RECOVER ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 20
Provided by: dowdes
Category:
Tags: niscc | warp | workshop | cannel

less

Transcript and Presenter's Notes

Title: NISCC WARP WORKSHOP


1
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
2
Advertisement
  • The WARP process is great for an open
    environment where classification is not a
    problem.
  • What if my problem is sensitive to
  • my Department?
  • How do I benefit from the WARP structure
  • when the information Im interested in is
  • protectively marked above RESTRICTED?

3
Advertisement
  • Well show you how one Government department has
    approached the problem (MOD).
  • Well discuss how this approach could be
  • modified to both large and small
  • departments.
  • Well have a discussion forum to hear your
  • views and try to assist you with your problem
  • areas.

4
Advertisement
  • All in..
  • 1 hour
  • and
  • 10 minutes

However, we know the real reason youll come to
our workshop is..
5
Why come to our workshop?
  • Were interesting.
  • Were funny.
  • Were great guys
  • And.we have sweets!

.so thatll be the workshop on WARPS in
Central Government with Andrew and Ian
6
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
7
Workshop Overview
  • Introduction
  • MOD Alert Warning and Response Infrastructure
  • MOD Approach to WARPs
  • What should a Government WARP do?
  • NISCC Approach to Government WARPs
  • Open Forum

8
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs
OGD WARPs e.g. FCO
Public Sector WARPs e.g. Kent CC
Private Sector WARPs
Tier 0
NISCC National Infrastructure Security
Co-ordination Centre
DCBMJ6
JSYCC Primary WARP
Tier 1
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Trading Fund WARPs e.g. AWE / HO / MO DARA
DCIRT Primary MRC
Service Provider Interface e.g. Fujitsu / BT /EDS
Tier 2
SUB WARPS e.g. PJHQ deployed
SUB MRCs Sub Monitoring and Reporting
Centres e.g.DSTL
Tier 3
UNITS / FORMATIONS e.g. HMS X / RAF Y
SPs
MRCs
WARPs
9
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs
Tier 1
JSYCC Primary WARP
WARPs
SPs
MRCs
Service Provider Interface / GOSCC
Service Operating Authority Interface / WARP
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Trading Fund WARPs e.g. AWE / HO / MO DARA
DCIRT Primary MRC
Tier 2
SUB MRCs Sub Monitoring and Reporting
Centres e.g.DII
SUB WARPS e.g. PJHQ deployed
Tier 3
Service Provider IPT e.g. DFN
Service Provider IPT
Single Point of Contact (SPOC)
UNITS / FORMATIONS e.g. HMS X / RAF Y
Service Provider
Service Provider e.g. Fujitsue, BT
10
Organisation of MOD WARPs
  • Top Level Budget (TLB) WARPs
  • e.g. Navy, Army, Air Force
  • Characteristics
  • Large number of users
  • Sub-WARPs
  • Small but permanent staff
  • Trading Fund WARPs
  • e.g. Met Office, Hydro Office, ABRO, DARA.
  • Characteristics
  • Small number of users
  • Singleton / often part-time/ITSO

11
UPWARD INFOFLOW (TIER 3 TO 1) BETWEEN WARPS, SPs
and SOAs
JSYCC Primary WARP
Tier 1
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Service Provider Interface / GOSCC
Service Operating Authority Interface / WARP
DCIRT Primary MRC
Tier 2
Service Provider e.g. Fujitsue, BT
Tier 3
Service Provider / Helpdesk for non-DII
Single Point of Contact (SPOC) for DII
SUB WARPS e.g. PJHQ deployed
USER IN UNITS / FORMATIONS e.g. HMS X / RAF Y
12
DCSA MANAGED AND STAFFED NETWORKS
JSYCC Primary WARP
Tier 1
ALL
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
DCIRT Primary MRC
GOSCC Service Provider Interface
CND ONLY
Tier 2
SERVICE OPERATING AUTHORITY (IPT FUNCTION) e.g.
DCSA DII IPT
SERVICE PROVIDER e.g. FUJITSU
SINGLE POINT OF CONTACT (SPOC)
USER
ITSO
13
CANNEL MOD CIS Alert State
General or Specific DirectedAttack
RED
AMBER
Increased Risk of Compromise
Normal Background Activity
BLACK
14
CND Risk Management
RECOVER
ELECTRONIC ATTACK
REACT
15

Requirements for MOD WARPs (1)
  • WARPs act with the authority of the PSyA for all
    InfoSy matters and ultimately with the full
    authority of the DSO.
  • WARP staffs must be capable of briefing both
    their command chain and the JSyCC on the
    implications and effects on their FLC/TLB/TF or
    Agency of the alerts that they are providing.
  • They must have knowledge of any systems and
    applications used within their command to conduct
    business and/or operations.
  • They must also have a sufficient understanding of
    the network architecture, service provision and
    information flows of the networks, which process
    information, to be capable of briefing both their
    command chain and the JSyCC on the implications
    of the warnings they receive.
  • WARPs will, therefore, require staff with the
    skills and competences to provide Information
    Security advice to their commands as well as to
    Tier 1 and 3 organisations.

16
Requirements for MOD WARPs (2)
  • WARPs are required to act as the focal point for
  • The dissemination of changes to the MOD CIS Alert
    State state to their Tier 3 organisations,
    including
  • Recognition of the implications for their
    FLC/TLB/TF or Agency that the change of state
    will incur.
  • Briefing any significant issues both to their
    chain of command and the JSyCC.
  • The reporting of CIS Alerts to the JSyCC, in
    accordance with the instructions and timings laid
    down in MOD Information Security Incident
    Response System , taking due account of the fact
    that CND / CNE alerts must be timely and
    responsive and will require a 24/7 response
    capability, which may be on-call.
  • The dissemination of CIS Warnings to their Tier 3
    organisations, in a timely and accurate manner,
    taking due account of the fact that JSyCC Alerts
    relating to serious vulnerabilities may require
    dissemination during out-of working hours, in
    order to be effective.
  • The co-ordination of Requests for Information and
    Directives, in accordance with the instructions
    and timings specified.
  • The collation of all information relating to an
    incident.

17
Requirements for MOD WARPs(3)
  • Liaison with JSyCC on all Information Security
    issues, which may have implications for
  • Law Enforcement, including legal and forensic
    issues.
  • Counter-Intelligence.
  • CND.
  • Parliamentary Questions being raised or Briefs
    to Ministers required.
  • Press / Media interest.
  • WARPs are to recognise that any incident
    involving compromise of Defence information may
    have Law Enforcement and/or Counter-Intelligence
    (LE/CI) issues attached..

18
Requirements for MOD WARPs (4)
  • In essence
  • A MOD WARP needs to understand the operations and
    business processes of its TLB/TF and be able to
    translate to the chain of command (business
    process owner) the impact of a change in risk
    (brought about by a change in threat or
    vulnerability) on those processes.
  • The WARP should also be able to do something
    about the risk even if only to notify the chain
    of command.

19
QUESTIONS?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NISCC WARP WORKSHOP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!