ISA-99 Industrial Automation & Control Systems Security
|
|
|
- Patience Walsh
- 8 years ago
- Views:
Transcription
1 ISA-99 Industrial Automation & Control Systems Security Jim Gilsinn National Institute of Standards & Technology (NIST) Engineering Laboratory
2 ISA99 Committee Addresses Industrial Automation and Control Systems Compromise could result in: Endangerment of public or employee safety Loss of public confidence Violation of regulatory requirements Loss of proprietary or confidential information Economic loss Impact on entity, local, state, or national security 2
3 Over 500 members Sectors include: Chemical Processing Petroleum Refining Food and Beverage Power Pharmaceuticals Discrete Part Manufacturing Process Automation Suppliers IT Suppliers Government Labs Consultants 3
4 Connecting with Others ISA84 (Safety) ISA100 (Wireless) MSMUG ISA99 Committee IEC & ISO (International) ISCI (Compliance) 4
5 4 Main Series General Policies & Procedures System Component IEC Series Matches 5
6 Terminology, concepts and models Foundational Material Consistent Terminology 6
7 Security Compliance Metrics Consistent Usable Quantitative Non-trivial Measure Achieved SALs 7
8 Establishing & Operating a Security Program Asset Owner Focused Non-Technical Based upon ISO/IEC IACS-Specific Requirements & Guidance 8
9 Patch Management Applying WellEstablished Practices to IACS XML Schema for Patch Descriptions 9
10 Security Technologies Guidance on Applying Existing Tools, Technology and Controls to IACS 10
11 Zones & Conduits Defining Logical Architecture Breakdown Determine Target SALs 11
12 System-Level Security Requirements Technical Controls IACS-Specific Requirements & Guidance Specifies Capability SALs 12
13 Product Development Lifecycle Requirements for Each Development Phase Building Security in From Ground Up 13
14 Component-Level Security Requirements Technical Controls Expand SystemLevel Reqs. For Individual Components IACS-Specific Requirements & Guidance Specifies Capability SALs 14
15 IEC Document Series IEC Additional Document in IEC Series Outside ISA99 Structure Vendor Certification Requirements 15
16 Additional Technical Working Groups WG7 Security & Safety WG8 Communications & Outreach WG9 Wireless Security WG11 Nuclear Plant Security 16
17 Applying the Several organizations using Concepts as defined in ISA Programs as defined in ISA Zone & Conduit model Case studies are becoming available Overall, the feedback is quite good! 17
18 More Information ISA99 Wiki Contacts Eric Cosman, Bryan Singer, Jim Gilsinn, ISA Staff Charley Robinson, 18
1 ISA Security Compliance Institute
1 ISA Security Compliance Institute Internationally Accredited Conformance Scheme ISASecure certification programs are accredited as an ISO/ IEC Guide 65 conformance scheme and ISO/IEC 17025 lab operations
Security Levels in ISA-99 / IEC 62443
Summary Assessment of the security protection of a plant A Security Protection Level has to be assessed in a plant in operation A Protection Level requires both: The fulfillment of the policies and procedures
TECHNICAL SPECIFICATION
TECHNICAL SPECIFICATION IEC/TS 62443-1-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 1-1: Terminology, concepts and models INTERNATIONAL ELECTROTECHNICAL
ISA99 Working Group 5 ISA99 Working Group 5
Date: May 14, 2015 Time: 11:00 ET US Lead: E. Cosman Notes: E. Cosman Distribution: ISA99 committee and stakeholders ISA99 Working Group 5 ISA99 Working Group 5 ISA 67 Alexander Drive PO Box 12277 Research
CSMS. Cyber Security Management System. Conformity Assessment Scheme
CSMS Cyber Security Management System Conformity Assessment Scheme for the CSMS Certification Criteria IEC 62443-2-1:2010 Cyber Security Management Syste 1 Purpose of the CSMS Conformity Assessment Scheme
ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy
ISA Security Role of Product Certification in an Overall Cyber Security Strategy Tom Culling Chevron Andre Ristaino ASCI Kevin Staggs - Honeywell John Cusimano exida 1 ISA Security Agenda Who is the ISA
Industrial Control Systems Security Guide
Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,
FOR REVIEW PURPOSES ONLY!
FOR REVIEW PURPOSES ONLY! THIS EXCERPT FROM AN ISA99 COMMITTEE WORK PRODUCT IS PROVIDED SOLELY FOR THE PURPOSE OF REVIEW IN SUPPORT OF THE FURTHER DEVELOPMENT OF OTHER COMMITTEE WORK PRODUCTS. THIS DOCUMENT
Industrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015
Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA April 2015 Think of a Number! 13642916 Page 2 Prologue: Nineteenth-century Data Overkill Page 3 Prologue: Your Brain
Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities
Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE
Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT
Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT December 3, 2013 slide 1 A global leader in power and
ISA Security Compliance Institute ISASecure IACS Certification Programs
ISA Security Compliance Institute ISASecure IACS Certification Programs This paper describes how international industrial cybersecurity standards and complementary conformance certification programs should
Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
SSA-312. ISA Security Compliance Institute System Security Assurance Security development artifacts for systems
SSA-312 ISA Security Compliance Institute System Security Assurance Security development artifacts for systems Version 1.01 February 2014 Copyright 2013-2014 ASCI - Automation Standards Compliance Institute,
Effective Defense in Depth Strategies
Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the
ISA Security Compliance Institute. ISASecure Embedded Device Security Assurance Certification
ISA Security Compliance Institute ISASecure Embedded Device Security Assurance Certification Introduction The ISASecure program has been developed by an industry consortium called the ISA Security Compliance
State of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
TECHNICAL REPORT IEC TR 62443-2-3. Security for industrial automation and control systems Part 2-3: Patch management in the IACS environment
TECHNICAL REPORT IEC TR 62443-2-3 Edition 1.0 2015-06 colour inside Security for industrial automation and control systems Part 2-3: Patch management in the IACS environment INTERNATIONAL ELECTROTECHNICAL
Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division
Cyber Security focus in ABB: a Key issue 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security in ABB Agenda ABB introduction ABB Cyber
Rethinking Cyber Security for Industrial Control Systems (ICS)
Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security
Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
Manufacturing Operations Management. Dennis Brandl
Manufacturing Operations Management Dennis Brandl BR&L Consulting Peter Owen Eli Lilly & Co Dennis Brandl 1 Objectives Review the ISA 95 standards and how they are being used in companies like Eli Lilly
CONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
The Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
Bentley Systems Launches AssetWise Initiative for Operating and Sustaining Infrastructure Assets
ARC VIEW MARCH 19, 2010 Bentley Systems Launches AssetWise Initiative for Operating and Sustaining Infrastructure Assets By Tom Fiske and Russ Novak Summary As more and more owner-operators shift their
FOR REVIEW PURPOSES ONLY!
FOR REVIEW PURPOSES ONLY! THIS DOCUMENT IS A WORKING DRAFT OF AN ISA99 COMMITTEE WORK PRODUCT. IT MAY NOT BE ACCURATE OF COMPLETE AND IS SUBJECT TO CHANGE WITHOUT NOTICE. IT IS PROVIDED SOLELY FOR THE
Process Control System Cyber Security Standards an Overview
INL/CON-06-01317 PREPRINT Process Control System Cyber Security Standards an Overview 52nd International Instrumentation Symposium Robert P. Evans May 2006 This is a preprint of a paper intended for publication
CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices. ~For More Globally Competitive Control System Devices ~
Press Release July 15, 2014 CSSC Certification Laboratory (CSSC-CL) Control System Security Center (CSSC) CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices ~For
Managing Risk in the Supply Chain
Managing Risk in the Supply Chain Moderator: Derek Harp, ICS Security, SANS Institute Panelists: Nadya Bartol, VP Industry Affaires and Cybersecurity Strategist UTC Samara Moore, Senior Manager CIP Security
Industrial Roadmap for Connected Machines. Sal Spada Research Director ARC Advisory Group sspada@arcweb.com
Industrial Roadmap for Connected Machines Sal Spada Research Director ARC Advisory Group sspada@arcweb.com Industrial Internet of Things (IoT) Based upon enhanced connectivity of this stuff Connecting
NIST Cybersecurity Framework Manufacturing Implementation
NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113
Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113 Contents Enterprise resource planning (ERP) Product data management (PDM) Product lifecycle management
Cybersecurity in a Mobile IP World
Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource Introduction ComSource s cybersecurity initiative
Vision & Positioning Statement For Wurldtech Labs
Vision & Positioning Statement For Wurldtech Labs Wurldtech Security Technologies s Industrial Cyber Security Solutions For Global Process Automation & Control System Stakeholders Presentation Purpose
Ernie Hayden CISSP CEH GICSP Executive Consultant www.securicon.com
Ernie Hayden CISSP CEH GICSP Executive Consultant www.securicon.com V1 10-7-14 This Presentation is Proprietary to Securicon, Inc. Any use of this document without express written approval from Securicon
Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1
Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy
IEC 62443: INDUSTRIAL NETWORK AND SYSTEM SECURITY
IEC 62443: INDUSTRIAL NETWORK AND SYSTEM SECURITY Standards Certification Education & Training Publishing Conferences & Exhibits Tom Phinney Honeywell Integrated Security Technology Lab Tom Phinney 40+
IT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
Help for the Developers of Control System Cyber Security Standards
INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended
This is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
White Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012
Tofino Security exida Consulting LLC White Paper Version 1.0 Published February 16, 2012 Contents Executive Summary... 1 Step 1 Assess Existing Systems... 1 Step 2 Document Policies & Procedures... 3 Step
The role of standards in driving cloud computing adoption
The role of standards in driving cloud computing adoption The emerging era of cloud computing The world of computing is undergoing a radical shift, from a product focus to a service orientation, as companies
SECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS
Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS Jim Gilsinn Kenexis Jim Gilsinn Senior Investigator, Kenexis Consulting ICS Network
Announcement of a new IAEA Co-ordinated Research Programme (CRP)
Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)
GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
Kevin Staggs - CISSP February 2, 2009. Patch Management
Kevin Staggs - CISSP February 2, 2009 Patch Management Topics Our philosophy Advice to our customers Patch qualification and management How we support our customers Industry needs Resources Summary 2 Our
FOR REVIEW PURPOSES ONLY!
FOR REVIEW PURPOSES ONLY! THIS EXCERPT FROM AN ISA99 COMMITTEE WORK PRODUCT IS PROVIDED SOLELY FOR THE PURPOSE OF REVIEW IN SUPPORT OF THE FURTHER DEVELOPMENT OF OTHER COMMITTEE WORK PRODUCTS. THIS DOCUMENT
Copyright 2011 Rockwell Automation, Inc. All rights reserved. Quick Industrial Security Assessment
Copyright 2011 Rockwell Automation, Inc. All rights reserved. Quick Industrial Security Assessment Key Concerns of Control System Security 1. Preventing accidental and unintentional changes to the control
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
SIMATIC IT Production Suite Answers for industry.
Driving Manufacturing Performance SIMATIC IT Production Suite Answers for industry. SIMATIC IT at the intersection of value creation processes With SIMATIC IT, Siemens is broadening the scope of MES. Plant
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder
LABWORKS Laboratory Information Management System. be confident. be informed. take control.
LABWORKS Laboratory Information Management System be confident. be informed. take control. It isn t about Data Management. it s about results. be Confident. PerkinElmer has been delivering Laboratory Solutions
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
ISA Security Compliance Institute
ISA Security Compliance Institute Johan Nye Chairman ISCI Governing Board 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99 Standards 2013 ISCI
Security Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
ISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
ARC WHITE PAPER. Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security VISION, EXPERIENCE, ANSWERS FOR INDUSTRY
ARC WHITE PAPER By ARC Advisory Group SEPTEMBER 2011 Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security Executive Overview... 3 Introduction... 4 Security Lifecycle Approach...
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value
TeleTrusT Bundesverband IT-Sicherheit e.v.
TeleTrusT Bundesverband IT-Sicherheit e.v. TeleTrusT-Workshop "Industrial Security" 2015 München, 11.06.2015 Einführung Industrial Security anhand des IEC 62443; Bedrohungslage für Betreiber von ICS (Industrial
Towards a standard approach to supply chain integrity. Claire Vishik September 2013
Towards a standard approach to supply chain integrity Claire Vishik September 2013 1 Draws from: ENISA s report on this topic Slawomir Gorniak, European Network and Information Security Agency Demosthenes
THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION
THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION Joan Fowler and Robert C. Seate III Data Systems Analysts, Inc. 10400 Eaton Place, Suite 400 Fairfax, VA
Revision History Revision Date 3.0 14.02.10. Changes Initial version published to http://www.isasecure.org
SDLA-312 ISA Security Compliance Institute Security Development Lifecycle Assurance - Security Development Lifecycle Assessment v3.0 Lifecycle Phases Number Phase Name Description PH1 Security Management
Manage Vulnerabilities (VULN) Capability Data Sheet
Manage Vulnerabilities (VULN) Capability Data Sheet Desired State: - Software products installed on all devices are free of known vulnerabilities 1 - The list of known vulnerabilities is up-to-date Desired
Cyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
Which cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
Cloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
A New Standards Project on Avoiding Programming Language Vulnerabilities
A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC
FINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
Building Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
Dr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 (PHC EMR CS) Frequently Asked Questions
December 2011 Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 (PHC EMR CS) Frequently Asked Questions Background and History What is primary health care?
Software Verification and Validation
Software Verification and Validation Georgia L. Harris Carol Hockert NIST Office of Weights and Measures 1 Learning Objectives After this session, using resources and references provided, you will be able
ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM
ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM Domain I: Feasibility Study - identify, scope and justify the automation project Task 1: Define the preliminary scope through currently
ISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
SECURING THE HUMAN FACTOR. Kartik@symosis.com Jeff@baymountainsecurity.com
SECURING THE HUMAN FACTOR Kartik@symosis.com Jeff@baymountainsecurity.com Agenda 1. Human Factor - 52% versus 48% 2. Effective Training 1. Focus on Need 2. Engaging Content 3. Measure Progress + Recognition
The Open Group 2011. Cloud Work Group
The Open Group Cloud Work Group 18 May 2011 Heather Kreger SOA WG co-chair Liaison for SOA, Cloud IBM Cornwallis Rd B062, M307 Research Triangle Park, NC Tel 919-496-9572 Kreger@us.ibm.com www.opengroup.org
International standards and guidance that address Medical Device Software
International standards and guidance that address Medical Device Software Sherman Eagles Technical Fellow Medtronic CRDM Convener IEC 62A/ISO 210 JWG3 Co-convener IEC 62A/ISO 215 JWG7 Standards in the
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
BUSINESS TO MANUFACTURING (B2M) COLLABORATION BETWEEN BUSINESS AND MANUFACTURING USING ISA-95 ABSTRACT
BUSINESS TO MANUFACTURING (B2M) COLLABORATION BETWEEN BUSINESS AND MANUFACTURING USING ISA-95 Dennis Brandl dennis.brandl@sequencia.com Sequencia Corporation ABSTRACT Integrating business and manufacturing
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
ISA Security Compliance Institute
ISA Security Compliance Institute Andre Ristaino, Managing Director, ISCI 28 May 2013 CSSC 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99
Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.
INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing
Microsoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
OPENKONSEQUENZ WORKING GROUP CHARTER
OPENKONSEQUENZ WORKING GROUP CHARTER CONTENTS Contents...1 Goals and Vision...4 Scope and Core Domains...5 Governance and Precedence...5 Applicable Documents and Processes...5 Collaboration...6 Working
IAF Mandatory Document. Witnessing Activities for the Accreditation of Management Systems Certification Bodies. Issue 1, Version 2 (IAF MD 17:2015)
IAF Mandatory Document Witnessing Activities for the Accreditation of Management Systems Certification Bodies (IAF MD 17:2015) Witnessing Activities for the Accreditation Page 2 of 18 The (IAF) facilitates
FISMA Implementation Project
FISMA Implementation Project The Associated Security Standards and Guidelines Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive environment
Is your current safety system compliant to today's safety standard?
Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before
Security for industrial automation and control systems: Patch compatibility information
Security for industrial automation and control systems: Patch compatibility information A Progress Report for Review and Comment From ISA99 Work Group 6 (Patch Management) The material in this report has
Open Vulnerability and Assessment Language (OVAL ) Validation Program Test Requirements (DRAFT)
NIST Interagency Report 7669(Draft) Open Vulnerability and Assessment Language (OVAL ) Validation Program Test Requirements (DRAFT) John Banghart Stephen Quinn David Waltermire NIST Interagency Report
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
Italy. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
PART 4: TECHNICAL SECURITY REQUIREMENTS FOR AN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS
2 3 4 5 6 7 8 PART 4: TECHNICAL SECURITY REQUIREMENTS FOR AN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS 9 0 2 3 4 5 6 7 8 9 20 Draft Edit 02 2008 03 THIS DRAFT VERSION IS STRICTLY FOR REVIEW BY ISA SP99
ISO/IEC 9126-1 Software Product Quality Model
Why do current systems fail? Standish Group found that 51% of projects failed 31% were partially successful Main causes were poor user requirements: 13.1% Incomplete requirements 12.4% Lack of user involvement
Using ISA/IEC 62443 Standards to Improve Control System Security
Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why