ESI CEE www(dot)esicenter(dot)bg
Home  |  About us  |  Contacts
CMMI & SPI
Cyber Resilience
e-Leadership
e-Society
e-Competences
Trainings
Our Partners
Projects
Resources





SEI Partner

CMMI Institute

Proxor

Eastern European center of


Contact Point for e-CF in Eastern Europe

World Summit Award






Cyber Resilience

Compete BY ACTION

Cyber Security and Business Resilience

 


Cyber Security and Business Resilience (CERT RMM)
CyResLab - Cyber Resilience Lab
CryptoBG - International Summer School

Cyber Security and Business Resilience (CERT RMM)

Methodologies

What is “resilience”…

The CERT Resilience Management Model (CERT-RMM) is the foundation for a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. You can use CERT-RMM to determine your organization's capability to manage resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help your organization respond to stress with mature and predictable performance.

CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations manage operational resilience and risk.

Services

Planning, Implementation, Assessment

RMM Appraisals (accredited by CERT/SEI, Carnegie Mellon) – Class C (light) and Class B, possible scoping for particular sectors: finances & banking, health, public services, critical infrastructure, or size of business: SMEs, corporate, startups.

Training

Course: Cyber Security and Business REsilience Tutorial (CERT-RMM)

This is a 2-day tutorial on how to manage operational risk, stay productive under stress and disruption, assess and improve our readiness to ‘handle the unknown’. Based on the new Resilience Management Model of CERT at the Software Engineering Institute (CERT/SEI, Carnegie Mellon University) - a comprehensive and complete reference model and framework helping organizations maintain security, IT operations and business continuity in a converged manner and without additional bureaucratic burden. CERT-RMM serves as a foundation from which an organization can measure its current competency, set improvement targets, and establish plans and actions to close the identified gaps.
The tutorial has a particular focus on Cyber-security and IT business vulnerabilities and threats, and Cyber-defense strategies. Examples and practical exercises on RMM scoping for SMEs in various sectors and a quick assessment method will be provided. It includes 2 practical exercises and 4-hour real simulations of web and mobile applications vulnerabilities and attacks. Shorter (executive) version of the tutorial as 1-day workshop is available.
Ideal for: Security and business continuity professionals, Process improvement professionals, particularly those looking to extend process improvement approaches into the operations phase of the lifecycle, Enterprise and operational risk management professionals, anyone interested in applying a maturity model approach to managing operational resilience.

Course: Introduction to the CERT Resilience Management Model

This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.1. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. Ideal for Security and business continuity professionals, Process improvement professionals, particularly those looking to extend process improvement approaches into the operations phase of the lifecycle, and Enterprise and operational risk management professionals.

Course: Secure Coding (C, C++ and Java)

This is a set of trainings and workshops designed and delivered by Robert Seacord and CERT-SEI team, Carnegie Mellon. Provide detailed explanation of common programming principles and errors in C and C++ and describing how these errors can lead to code that is vulnerable to exploitation. These seminars focus on security issues intrinsic to the C and C++ programming languages and associated libraries, with the intent to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Our Training Offer for Resilience Management Model (CERT-RMM)

Resources in Cyber Security, Risk and Resilience Management (RMM)


Back to Top



CyResLab

In 2013 the specific Cyber Security (CERT affiliated) Lab initiated in 2012 as a part of the e-Competence Center (former TQ Center), was transformed in CyResLab. The goal of the CyResLab is to focus on the research and training aspects of information security, secure design and secure coding, vulnerabilities and threads - analysis and prevention, cyber defense and resilient business models (based on the methodologies and supported by the CERT global coordination center at CMU) and thence to establish a community of cyber security experts.

Services

Training

Course: Top 10 Web Threats

Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. Our own research at ESI CEE confirms that the danger is significant. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc. Due to the constant increase in the number of attacks on Web applications, a Web developer now has to be aware of the threats in order to effectively counteract these threats and produce secure and correctly working systems. This 1-day course is designed to introduce developers to the inner workings of the top web threats, how they are exploited, and how to write code that is secure against these threats. The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

Course: Advanced Web Threats

The course intends to pick where “Top 10” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed.
The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.
The advanced course will additionally include exercises in which participants in turn attempt to fix and attack particular implementations. Heavier focus will be placed on labs.

Course: Introduction to Mobile Security – iOS

This course is focused on introducing developers to the basics of iOS application security and the basic threats and vulnerabilities they should be aware of when designing and coding such application. The course is technical and the targeted participants are iOS developers that understand Objective-C, but have no particular experience in iOS security.

Course: Introduction to Mobile Security – Android

This course is focused on introducing developers to the basics of Android application security and the basic threats and vulnerabilities they should be aware of when designing and coding such application. The course is technical and the targeted participants are Android developers that have deep understanding of the Java programming language and the Android platform, but have no particular experience in Android security.

Course: Networks Security – DDOS, RTBH & Self-protection

This is a devOps 1-day training aiming to introduce the participants to DDOS and one of the most popular methods for DDOS protection - RTBH. The course is half-day theory and half-day laboratory exercises.
The lab aims to teach you how to configure RTBH and also how to add some self-protection to your applications.

Our Training Offer for CyResLab

Resources in CTF*BG


Back to Top



CryptoBG International Summer School

To prepare the researchers and IT practitioners for the digital security and resilience of our business and e-life TOMORROW, we must design and develop on what will be AFTER TOMORROW.

Why Crypto?

Cryptology is the basis for the Cyber Security and Cyber Defense – the complex area which controls the risks related to the use of various computer systems and creates computer platforms, languages and applications according to established security rules and compliances.

What is CryptoBG?

During CryptoBG International Summer School we aim to combine technologies with methodologies, organization and awareness for higher internet security, systems and mobile security, content protection, digital rights management, and more general – resilient and sustainable operations at all levels and areas.

The latest trends and state-of-the-art open problems are linked to practical aspects and case studies on use or miss-use of the information, our digital identity and trust. We want to foster forming the Bulgarian research and scientific community, serving the IT industry, all IT-enabled services (like banking, e-Health, e-Administration, industries), and the Knowledge Society in Bulgaria and the entire region.

Goals

The focus of the school is to Bridge the Practice to Theory by gathering world class leaders in the field with young researchers, IT security practitioners, e-business innovators, business resilience managers and cyber-defense professionals.

The Summer School is a milestone of a longer-term joint program of the organizers (BPIAS, ESI CEE, Minu Balkanski Foundation, and international partners), composed by trainings on IT and information security (form schools to universities), series of lectures and visiting speakers, awareness campaign for the civil digital society, and forming an operational Cyber-Defense cluster.

Who should attend?

The Summer School is tailored for researchers, students and professionals involved and interested in these special theoretical and practical areas. Both users and developers of applications will benefit from the program. Industry representatives will discover new opportunities for development and bridging with theory. Authorities using or supporting secure communications and information exchange are welcomed. Cyber-defense professionals and officers will gain both know-how and foresight to meet the “unknown”.

For more information and registration, click here!

Resources in CryptoBG* "Cryptography & Cyber Defense"


Back to Top


CMMI & SPI  |  Cyber Resilience  |  e-Leadership  |  e-Society  |  e-Competences  |  Training  |  Our Partners  |  Projects  |  Resources  |  News

2004 - 2011 © ESI Center Bulgaria, 2012 - 2015 © ESI Center Eastern Europe. All rights reserved. Read Legal policy and Privacy policy.