« CI Crise cyber et entraînement/en » : différence entre les versions

De Wiki Campus Cyber
Aller à :navigation, rechercher
(Page créée avec « The importance of implementing crisis management and business continuity processes is further illustrated by the existence of numerous related standards (ISO 27001, 27031, 22301, and 31000) and the establishment of the European Network and Information System Security Directive (NIS, 2016). The implementation of generic measures, now widely used in the organizations covered by these texts, is no longer sufficient to deal with the intensity, complexity and duration... »)
Aucun résumé des modifications
 
(26 versions intermédiaires par 2 utilisateurs non affichées)
Ligne 2 : Ligne 2 :
|ShortDescription FR=Doctrine, méthode et outillage autour de la gestion de crises d'origine cyber.
|ShortDescription FR=Doctrine, méthode et outillage autour de la gestion de crises d'origine cyber.
|ShortDescription EN=Doctrine, methods and tools for managing cyber crises.
|ShortDescription EN=Doctrine, methods and tools for managing cyber crises.
|Status=En cours
|WorkGroup=Crise cyber et entrainement : doctrine, Crise cyber et entrainement : méthodologie d'entrainement, Crise cyber et entrainement : outillage
|WorkGroup=Crise cyber et entrainement : doctrine, Crise cyber et entrainement : méthodologie d'entrainement, Crise cyber et entrainement : outillage
}}
}}
Ligne 9 : Ligne 10 :
The importance of implementing crisis management and business continuity processes is further illustrated by the existence of numerous related standards (ISO 27001, 27031, 22301, and 31000) and the establishment of the European Network and Information System Security Directive (NIS, 2016). The implementation of generic measures, now widely used in the organizations covered by these texts, is no longer sufficient to deal with the intensity, complexity and duration of a cyber crisis. To this end, ANSSI has published a "Crisis" collection of three guides sharing recommendations on the organization of crisis exercises (in collaboration with CCA), crisis communication (in collaboration with CapCom') and cyber crisis management (in collaboration with CDSE). These guides must now be accompanied by more operational elements to help organizations grow in maturity.
The importance of implementing crisis management and business continuity processes is further illustrated by the existence of numerous related standards (ISO 27001, 27031, 22301, and 31000) and the establishment of the European Network and Information System Security Directive (NIS, 2016). The implementation of generic measures, now widely used in the organizations covered by these texts, is no longer sufficient to deal with the intensity, complexity and duration of a cyber crisis. To this end, ANSSI has published a "Crisis" collection of three guides sharing recommendations on the organization of crisis exercises (in collaboration with CCA), crisis communication (in collaboration with CapCom') and cyber crisis management (in collaboration with CDSE). These guides must now be accompanied by more operational elements to help organizations grow in maturity.


<div lang="fr" dir="ltr" class="mw-content-ltr">
To this end, the "Cyber Crisis and Training" Community of Interest (COI) intends to develop three areas of work: doctrine and methods for cyber resilience and crisis management, cyber training, and finally maturity assessment and tooling, the deliverables of which should complement existing initiatives. The kick-off meeting of the community of interest launched by ANSSI in conjunction with the Cyber Campus identified the priority issues to be addressed by the CI for each of these three areas of work, as well as the associated deliverables. The ambition is to create a dynamic aimed at producing doctrines, methods and tools for cyber crisis management, with a view to increasing the cyber resilience of organizations. The work of the IC will thus complement the work carried out by professional associations or institutions, which is why certain subjects will not be addressed by the IC, while others will not be retained for inclusion in the 2022/2023 roadmap, but may be in the longer term. One of the CI's challenges will also be to highlight the complementary nature of the actions carried out by the various professional associations (AMRAE, CCA, CDSE, CESIN, CLUSIF) and the actions carried out by the Cyber Campus WGs.
A ce titre, la communauté d'intérêt (CI) « Crise et entrainement cyber » entend développer trois axes de travail autour de la doctrine et méthode autour de la résilience et de gestion de crise d’origine cyber, l’entrainement cyber et enfin l’évaluation de sa maturité et l’outillage, dont les livrables devront venir compléter l’existant. La réunion de lancement de la communauté d'intérêt lancée par l’ANSSI en liaison avec le Campus Cyber a permis d’identifier les enjeux prioritaires à adresser par la CI pour chacun de ces trois axes de travail, ainsi que les livrables associés. L’ambition est de créer une dynamique visant à la production de doctrines, méthodes et outils relatifs à la gestion de crise d’origine cyber, visant à augmenter la résilience cyber des organisations. Les travaux de la CI complèteront ainsi les travaux portés par les associations de professionnels ou les institutions, ce pourquoi certains sujets ne seront pas traités par la CI, tandis que certains ne seront pas retenus pour figurer dans la feuille de route 2022/2023, mais pourront l’être à plus long terme. L’un des enjeux de la CI sera également de valoriser et mettre en visibilité la complémentarité des actions menées par les différentes associations de professionnels (AMRAE, CCA, CDSE, CESIN, CLUSIF) et les actions menées par les GT du Campus Cyber.
==Logbook of the Cyber Crisis and Training WG==
== Journal de bord du GT [[Crise cyber et entraînement]] ==
===Find below the minutes of the meetings===
=== Retrouvez ci-dessous les comptes rendus des réunions ===
On July 04, 2023, the WG met in plenary session.
Le 04 juillet 2023, le GT s'est réuni en plénière.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Initial work was presented. A call for new contributors has been issued. Starting in September, it will be possible to join the working group and participate in the production of current and future deliverables. A meeting will be set up shortly to take stock of the work.
Les premiers travaux ont été présentés.
Un appel à nouveaux contributeurs a été passé.
Il sera possible, dès la rentrée, d'investir le groupe de travail et de participer à la production des livrables en cours et à venir.
Une réunion sera mise en place prochainement afin de se positionner sur les travaux.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
To keep abreast of WG news, members are reminded that they can subscribe to the dedicated mailing list (e-mail request: angele@campuscyber.fr).
Il a été rappelé que, afin d'être tenu au courant des actualités du GT, il est possible de s'inscrire sur la liste de diffusion dédiée (demande par mail : angele@campuscyber.fr).
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
On 18/04/23, the Crisis Management WG met for its monthly COPIL. It reviewed the progress of work:  
Le 18/04/23, le GT Gestion de crise s’est réuni pour son COPIL mensuel. Il a fait le point sur les avancées des travaux : ​ ​
'''Proofreading and layout of deliverables:'''
'''Relecture et maquettage des livrables :'''
*Several dedicated spaces on Teams have been opened: "Livrables en relecture", "Livrables pour maquettage", "Maquettage réalisée".  
* Plusieurs espaces dédiés sur le Teams ont été ouverts : "Livrables en relecture", "Livrables pour maquettage", "Maquettage réalisé".
*A proofreading process will be drawn up.
* Un process de relecture va être rédigé.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''Publication of deliverables:''' ​
'''Publication des livrables :''' ​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*Publication of deliverables is planned for this summer.
* Une publication des livrables est envisagée pour cet été​
*Ready deliverables will be published individually, and all deliverables will eventually be published together.
* Les livrables prêts seront publiés individuellement et l'ensemble des livrables feront l'objet d'une publication unique à terme​
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
''It took the following decisions:''
''Il a pris les décisions de :''
*Put a "word from the WG" at the top of each deliverable.
* Rédiger "un mot du GT" en en-tête des livrables​
*Produce a single glossary to which everyone must contribute definitions
* Réaliser un glossaire unique où chacun doit contribuer en y apportant des définitions​
ANSSI to propose a common maturity grid to be validated by COPIL members.
* Proposer une grille de maturité commune par l'ANSSI pour validations des membres du COPIL​
*Update the general timetable with the launch of the new wave of work at the beginning of September.
* Mettre à jour le calendrier général avec le lancement de la nouvelle vague de travaux début septembre​
 
Il est à noter que le prochain COPIL se tiendra le mardi 16 mai de 17h30 à 19h en format hybride. La plénière avec la communauté d'intérêt aura lieu le mardi 4 juillet après-midi. ​ ​
Please note that the next COPIL will be held on Tuesday May 16 from 5:30 to 7pm in hybrid format. The plenary session with the community of interest will take place on Tuesday afternoon, July 4.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
​ ​
​ ​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
On 31/01/23, the Crisis Management WG met for its monthly COPIL. It reviewed the progress of work:
Le 31/01/23, le GT Gestion de crise s’est réuni pour son COPIL mensuel. Il a fait le point sur les avancées des travaux : ​ ​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Part 1: "Digital resilience concepts and methodology" '''
'''Volet 1 : « Concepts et méthodologie de résilience numérique »'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*Creation of an interview form to standardize the summary of interviews and appointments with the list of interviewees (around thirty).
* Création d’une fiche d’interview permettant de standardiser la synthèse des entretiens et prises de rdv avec la liste des interviewés (une trentaine)
*Launch of action on resilience documentation  Reading sheet being written to standardize analysis and inventory of available documentation.
* Lancement de l’action sur la documentation sur la résilience fiche de lecture en cours d’écriture pour standardiser l’analyse et recensement de la documentation disponible​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Part 1: "Reflex cards" (roles in crisis unit, supply chain, cloud)
'''Volet 1 : « Fiches réflexes » (rôles en cellule de crise, supply chain, cloud)'''​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*The first elements of the content of the 3 reflex cards have been drafted.
* Les premiers éléments de contenus des 3 fiches réflexes sont rédigés​
*A v1 of the sheets will be worked on at the/02/15 plenary session + launch of the 3 other sheets
* Une v1 des fiches sera travaillée lors de la plénière du 15/02 + lancement des 3 autres fiches​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''Section 1: "PCA/PRA cyber construction kit".'''
'''Volet 1 : « Kit de construction PCA/PRA cyber »'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Structuring of content, drafting in progress.
* Structuration du contenu, rédaction en cours.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
''' ​Section 2: "Methodology for building a training strategy".''' ​
'''Volet 2 : « Méthodologie de construction d’une stratégie d’entrainement »''' ​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Drafting in progress. Development of a maturity grid for exercises.
* Rédaction en cours. Elaboration d’une grille de maturité pour les exercices​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''Part 2: "FM dedicated to the different types of exercises" and "FM dedicated to the main reference scenarios".'''
'''Volet 2 : « FM dédiée aux différents types d’exercices » et « FM dédiée aux principaux scénarios de référence »'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*With regard to the exercise strategy to be implemented, to be in line with the PACS reference framework.
* Concernant la stratégie d’exercices à mettre en place, s’accorder avec le référentiel PACS​
*Adapt scenario to maturity level
* Adaptation du scénario en fonction du niveau de maturité​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''​ Section 3: "Assessment and digital services '''​
'''Volet 3 : « Evaluation et services numériques »'''​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Inventory of various crisis management tools
* Recensement des différents outils de gestion de crise​
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
"It decided to : "
''Il a pris les décisions de :'' ​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*Create a generic e-mail address for all WG contributors
* Créer une adresse mail générique pour s’adresser à l’ensemble des contributeurs du GT​
*Schedule a Campus/ANSSI meeting to draw up a strategy for valorizing the deliverables.
* Programmer un point Campus/ANSSI pour élaborer la stratégie de valorisation des livrables​
*Schedule a plenary session in mid-March with all contributors, and another in mid-May with the community of interest, to present the deliverables in progress.
* Programmer une plénière mi mars avec l’ensemble des contributeurs et une autre mi mai avec la communauté d’intérêt pour présenter les livrables en cours.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Please note that the next COPIL will be held on Wednesday March 1, from 5:30 to 7 p.m. in person at Campus Cyber.
Il est à noter que le prochain COPIL se tiendra le mercredi 1er mars de 17h30 à 19h en présentiel au Campus Cyber.
</div>
{{PageSubHeader Communauté d'intérêt}}
{{PageSubHeader Communauté d'intérêt}}

Dernière version du 17 avril 2024 à 09:51

Doctrine, méthode et outillage autour de la gestion de crises d'origine cyber.

Catégorie : Communauté d'intérêt


Statut : En cours

Description

Today, the dependence of organizations on digital tools means that each of them must equip themselves with crisis management systems adapted to the specificities of cyber attacks, in order to reinforce their robustness (cyber business continuity and recovery plan, systems reconstruction, crisis governance, third-party management, communication, cyber defense and insurance). In particular, organizations must be prepared to maintain degraded operating modes, and be able to prioritize the restoration of critical activities, in a controlled way, within a given timeframe. The growing interdependence of organizations with their partners (third parties, suppliers, insurers, players in the same business sector) makes this work even more complex, requiring players to think in terms of a global approach to cyber risk and crisis management.

The importance of implementing crisis management and business continuity processes is further illustrated by the existence of numerous related standards (ISO 27001, 27031, 22301, and 31000) and the establishment of the European Network and Information System Security Directive (NIS, 2016). The implementation of generic measures, now widely used in the organizations covered by these texts, is no longer sufficient to deal with the intensity, complexity and duration of a cyber crisis. To this end, ANSSI has published a "Crisis" collection of three guides sharing recommendations on the organization of crisis exercises (in collaboration with CCA), crisis communication (in collaboration with CapCom') and cyber crisis management (in collaboration with CDSE). These guides must now be accompanied by more operational elements to help organizations grow in maturity.

To this end, the "Cyber Crisis and Training" Community of Interest (COI) intends to develop three areas of work: doctrine and methods for cyber resilience and crisis management, cyber training, and finally maturity assessment and tooling, the deliverables of which should complement existing initiatives. The kick-off meeting of the community of interest launched by ANSSI in conjunction with the Cyber Campus identified the priority issues to be addressed by the CI for each of these three areas of work, as well as the associated deliverables. The ambition is to create a dynamic aimed at producing doctrines, methods and tools for cyber crisis management, with a view to increasing the cyber resilience of organizations. The work of the IC will thus complement the work carried out by professional associations or institutions, which is why certain subjects will not be addressed by the IC, while others will not be retained for inclusion in the 2022/2023 roadmap, but may be in the longer term. One of the CI's challenges will also be to highlight the complementary nature of the actions carried out by the various professional associations (AMRAE, CCA, CDSE, CESIN, CLUSIF) and the actions carried out by the Cyber Campus WGs.

Logbook of the Cyber Crisis and Training WG

Find below the minutes of the meetings

On July 04, 2023, the WG met in plenary session.

Initial work was presented. A call for new contributors has been issued. Starting in September, it will be possible to join the working group and participate in the production of current and future deliverables. A meeting will be set up shortly to take stock of the work.

To keep abreast of WG news, members are reminded that they can subscribe to the dedicated mailing list (e-mail request: angele@campuscyber.fr).


On 18/04/23, the Crisis Management WG met for its monthly COPIL. It reviewed the progress of work: Proofreading and layout of deliverables:

  • Several dedicated spaces on Teams have been opened: "Livrables en relecture", "Livrables pour maquettage", "Maquettage réalisée".
  • A proofreading process will be drawn up.

Publication of deliverables:

  • Publication of deliverables is planned for this summer.
  • Ready deliverables will be published individually, and all deliverables will eventually be published together.


It took the following decisions:

  • Put a "word from the WG" at the top of each deliverable.
  • Produce a single glossary to which everyone must contribute definitions

ANSSI to propose a common maturity grid to be validated by COPIL members.

  • Update the general timetable with the launch of the new wave of work at the beginning of September.

Please note that the next COPIL will be held on Tuesday May 16 from 5:30 to 7pm in hybrid format. The plenary session with the community of interest will take place on Tuesday afternoon, July 4.

​ ​

On 31/01/23, the Crisis Management WG met for its monthly COPIL. It reviewed the progress of work:

Part 1: "Digital resilience concepts and methodology"

  • Creation of an interview form to standardize the summary of interviews and appointments with the list of interviewees (around thirty).
  • Launch of action on resilience documentation  Reading sheet being written to standardize analysis and inventory of available documentation.

Part 1: "Reflex cards" (roles in crisis unit, supply chain, cloud)

  • The first elements of the content of the 3 reflex cards have been drafted.
  • A v1 of the sheets will be worked on at the/02/15 plenary session + launch of the 3 other sheets

Section 1: "PCA/PRA cyber construction kit".

  • Structuring of content, drafting in progress.

​Section 2: "Methodology for building a training strategy".

  • Drafting in progress. Development of a maturity grid for exercises.

Part 2: "FM dedicated to the different types of exercises" and "FM dedicated to the main reference scenarios".

  • With regard to the exercise strategy to be implemented, to be in line with the PACS reference framework.
  • Adapt scenario to maturity level

​ Section 3: "Assessment and digital services

  • Inventory of various crisis management tools


"It decided to : "

  • Create a generic e-mail address for all WG contributors
  • Schedule a Campus/ANSSI meeting to draw up a strategy for valorizing the deliverables.
  • Schedule a plenary session in mid-March with all contributors, and another in mid-May with the community of interest, to present the deliverables in progress.

Please note that the next COPIL will be held on Wednesday March 1, from 5:30 to 7 p.m. in person at Campus Cyber.


Groupes de travail

 StatusDescription
Crise cyber et entrainement : doctrineEn coursDoctrine et méthode de résilience cyber et gestion de crise d’origine cyber.
Crise cyber et entrainement : méthodologie d'entrainementEn coursDévelopper une méthodologie d’entrainement générique
Crise cyber et entrainement : outillageEn coursDévelopper des outils dédiés à l’évaluation de maturité et à la gestion de crise d’origine cyber.