Training and funding for security related projects Baku, March 11, 2005 Jacek Gajewski
CEENet
What is CEENet?
Central and Eastern European Networking Association (CEENet) is an association (registered in Austria, HQ in Warsaw) of 25 national organizations from CEE and fSU countries, which focus on academic, research and educational computer networking (NRENs). AZNET and AZRENA Azerbaijan in CEENet.
jointly
represent
Geographical Scope of CEENet
CEENet Educational Activities
CEENet organizes workshops on: •Network Policy •Network Managerial Methods •Network Technology (NATO ANW: „Security Technologies for Collaborative Networking in ESociety”, June 25-30, 2005 Ohrid, Macedonia) •Distance Education Technology (E-course Incubators)
Security training
(Network, Computer, Data) Security Training is nowadays believed to be the necessary component of every security policy and strategy. It may and should be realized at different levels: -Security awareness and basic security techniques at school level -Security technologies and strategies at university level -Practical IT security at company (SME) level -Security policies and CSIRTs at bigger entyerprises
Security awareness at school
In the (secondary) schools, where pupils get their first contact with computers, data and network it is important that they understand, that: -loosing data or network disturbances is painful -there are external threads to security -there are (simple) methods to (partially) protect - there are constructive ways to exercise your IT skills and hobbies
CERT & CSIRT Due to the global character of the security threads Computer Emergency Response Teams (CERT) and Computer Security and Incident Response Teams (CSIRT) are necessary elements of each country, big organization or ISP security policy. There is a
need of cooperation and coordination
in countermeasures to security threads between all stakeholders (also competitors). Coordination is easier if you comply to certain international standards of information exchange and undertaken actions.
Training of CERT & CSIRT staff
Courses are offered by various organizations, but usually are rather expensive + high travel costs. CEENet have been approached to organize such a course for S. Caucasus and will investigate possible cofunding possibilities (TERENA just finishes similar courses). Program will include following topics: -Creating and Managing a CSIRT -(Advanced) Information Security for technical staff -(Advanced) Incident Handling
Basics of incident handling
-CSIRT environment, code of conduct, tools used -overview of probes, scans, and common attack types -identifying critical information -creation and analyze of incident reports -handling the CSIRT hotline, finding contact information -coordinating response -PGP for CSIRTs -handling common attacks: e-mail spoofing, bombing, and spamming; denial of service; malicious code -working with law enforcement
Funding for security projects
Many (international) organizations offer funding for security related ICT projects. A relatively easy and quick procedures are offered by NATO via:
„Programme for Security Through Science” and
„Computer Networking Programme”
Security Through Science
-Defence against Terrorism: detection of CBRN weapons or agents, …., computer security and terrorism, … -Other Threads to Security: environmental security, water management, …. Information Security,…, Human and Societal Dynamics, … Country Priorities (Azerbaijan has choosen): …, Information Technology (Virtual Silk Highway project, computer networking, information security, simulation), …
Security Through Science
Mechanisms of support available: -Collaborative Linkage grants -Expert Visits -Advanced Research Workshops -Reintegration grants -Science for Peace Projects
Collaborative Linkage grants
Grants for projects that rely for basic costs on national funding but where the costs for the international collaboration cannot be met. CLGs support travel and living expenses of investigators for short visits to partner institutions abroad and reciprocal visits of me bers of the collaborating teams . Support ranges from funding for two or three scientists to visit one another's laboratories over a period of one year, to a maximum of five research teams involving a maximum of five people per team to collaborate over a two-year period.
Science for Peace projects
SfP funds will be provided to cover the cost of scientific equipment, computers, software, travel, training of project personnel, and project-specific consumables. Maximum of 10% of grant is available as stipends to young scientists. The following will NOT be covered from SfP funds: salaries, office equipment, overhead costs.
Computer Networking Programme
To develope the networking infrastructure for science and education. Grant mechanisms: -Network Infrastructure Grants (NIGs) – especially to enlarge access to Virtual Silk Highway central node -Advanced Networking Workshops (ANWs), two types: Training or Policy – to train the staff or to create constructive contacts with major stakeholders, government and regulatory agencies.
Thank You !
Thank You for your attention! Questions?
Jacek Gajewski CEENet Secretary General Gajewski (at) ceenet.org
tel/fax +48 22 6685807