1 AR0 by Adam Gauci, P.Eng., Didier Giarratan, and Sandeep Pathania Executive summary The utility industry is under pressure t imprve substatin autmatin cyber security. Manufacturers f substatin prducts use prprietary r prduct-specific methdlgies fr managing device security. As a result, standardizatin and ease f management f these devices is lacking. This paper reviews prcesses and prcedures fr securing a substatin, ffers advice fr vercming substatin asset management challenges, and describes sme f the tls available.
2 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Intrductin Over the past decade, the demand fr digitized, cnnected, and integrated peratins has increased acrss all industries. Cmpared t the IT Industry, the Energy Industry is late t the cnnectivity game. The pressing need t imprve critical pwer distributin infrastructure uptime is accelerating the rate f change in this dmain. Hwever, as the pwer netwrks merge and becme smarter, the benefits f imprved cnnectivity als pen the dr t mre cyber security risks. Accrding t US Department f Hmeland Security s Industrial Cntrl Systems Cmputer Emergency Respnse Team (ICS-CERT), 53% f cyber security incidents reprted and investigated by the agency in the first half f 2013 were related t the energy industry 1 (see Figure 1). Nw that cyber security is a tp-f-mind cncern, utility stakehlders are mimicking their IT peers and are scrambling t put their infrastructure security huse in rder. Within substatins, prprietary devices nce cnsidered fr specialized applicatins are nw vulnerable. Sensitive infrmatin (such as nline dcumentatin that describes hw these devices wrk) can be accessed via the internet by anyne, including thse with malicius intent wh wish t cause disruptin. Figure 1 Number f cyber security incidents and percentage f ttal by industry in the US (curtesy f US Hmeland Security Department) Pstal & Shipping 1% Nuclear 3% Inf Tech 4% Gv Facilities 2% Transprtatin 5% Water 4% Energy 53% Cmmercial Facilities 2% Cmmunicatins 5% Critical Manufacturing 17% Electrical substatins tday are characterized by different mixes f Infrmatin Technlgy (IT) and Operatinal Technlgy (OT). Operatinal Technlgy is defined as the autmatin and cntrl systems and cmpnents that mnitr, measure, and prtect critical infrastructure. When blstering the security f a substatin netwrk, IT infrastructure cmpnents such as PC hsts, netwrk devices (e.g., switches, ruters, and firewalls) are a lgical first step fr prtectin. Technlgies / tls such as SNMP and SYSLOG can be used with security mnitring systems t easily mnitr IT-based devices. Extending this same methdlgy t OT-based devices, hwever, can be mre difficult t achieve. 1 US Department f Hmeland Security, ICS-CERT Mnitr, Incident Respnse Activity, April/May/June 2013, page 2 Schneider Electric White Paper Revisin 0 Page 2
3 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Mst embedded devices and pwer systems applicatins were nt designed with security mnitring in mind. T address this prblem, many substatin autmatin vendrs have tried the blt-n security apprach, keeping cyber security functinally separate frm nn-secured OT devices and building a layer f security arund them. This apprach may allw fr a layer f access cntrl and mnitring, but nce the initial layer is breached, devices remain vulnerable. While blt-n slutins allw fr a fast implementatin t reduce the risk f a cyber-attack n OT devices, substatin asset managers shuld cnsider upgrading their OT devices during their lifecycle t newer devices cntaining built-in cyber security functins. This paper details the level f security functinality required by OT devices in rder t prvide rbust security mnitring. The prcesses and rganizatin needed t supprt an OT security initiative are als described. Device lgging and mnitring Unique human user names Mst devices fund in tday s substatins cntain multiple, fixed access accunts that are shared amng several human users. This makes it difficult t determine which particular user has lgged a security event. The slutin t this prblem is t prvide a mechanism fr eliminating generic and lcally shared accunts and t enfrce human user-based accunts where any actin can be lgged with a specific user s accunt name. Human users can access a multitude f devices inside a substatin. Hence user accunt names shuld be synchrnized acrss all devices. Rather than centralized authenticatin, lcal accunt synchrnizatin is the preferred methd because OT devices shuld always be accessible in case f emergency. In the event f netwrk infrastructure failure, relying n a centralized server fr access is a risky apprach. Unique human user names allws asset security managers t cmpletely audit a user s actins, and t increase user accuntability thrugh nn-repudiatin, meaning that users cannt deny an actin that they may r may nt have taken. When pssible, authenticatin shuld als prtect frnt panel functins. This ensures that all critical device actins and cnfiguratin changes are recrded as events initiated by human users (see Figure 2). Figure 2 Example f unique user name lgn scrlling fr lcal IED device Security lgging Devices must be able t identify the individuals wh are authrized t take an actin. Thse particular security events that shuld be recrded must als be defined. In this case, many OT-related standards such as IEEE 1686 and IEC shuld prvide guidance (see Schneider Electric White Paper Revisin 0 Page 3
4 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Table 1). Internal mechanisms that recrd security events shuld be secure. It shuld nt be pssible t mdify security events. A mechanism shuld be put int place that allws security administratrs t frward security events t a centralized server. Event name Descriptin Table 1 Security events as defined in IEEE 1686 Lg In Manual Lg Out Timed Lg Out Value Frcing Cnfiguratin Access Cnfiguratin Change Firmware Change ID/Passwrd Creatin r Mdificatin ID/Passwrd Deletin Audit Lg Access Time/Date Change Unsuccessful Lgin Attempt Rebt Attempted Use f Unauthrized Cnfiguratin Sftware: Invalid Cnfiguratin r Firmware Dwnlad Unauthrized Cnfiguratin r Firmware File Unexpected Time Signal Out f Tlerance Invalid Field Hardware Changes Successful lg in (lcally r remtely) f a user t the device. User-initiated lg ut. Lg ut f user after a predefined perid f inactivity elapses. Actin f a lgged-in user that verrides real data with manual entry and/r causes a cntrl peratin. Dwnlading f a cnfiguratin file frm the IED t an external device r memry lcatin (e.g., cmputer, memry stick, cmpact disk). The uplading f a new cnfiguratin file t the IED r keystrke entry f new cnfiguratin parameters that causes a change in IED cnfiguratin. Writing t memry f new IED perating firmware. Creatin f new ID/passwrd r mdificatin f ID/passwrd r RBAC levels f authrizatin. Deletin f a user ID/passwrd. User access f audit lg fr viewing r audit lg dwnlad t an external device r memry lcatin (e.g., cmputer, memry stick, cmpact disk). User request t change time and date. Three incrrect passwrd entries in successin during a single lg-in attempt. Successive failed lg-in attempts after three will generate a single entry int the audit lg trail listed listing the time f the last attempt and ttal number f lg-in attempts that have ccurred in successin. The rebting r restarting f the IED by means f remving pwer r thrugh the use f a device-resident rebting mechanism such as a reset buttn, pwer-up sequence, r access sftware feature. The detectin by the IED f an attempted use f cnfiguratin sftware, accessing cmputer, r a cmbinatin theref which is nt registered as legitimately able t be used fr cnfiguratin f the IED. The detectin by the IED f a cnfiguratin r firmware dwnlad t the IED that des nt cntain the prper credentials that identify the cnfiguratin r firmware as valid. The detectin by the IED f a cnfiguratin r firmware dwnlad t the IED that des nt cntain the prper credentials that identify the cnfiguratin r firmware as authrized. The IED shall validate time-synchrnizatin messages received thrugh prtcl r dedicated time-synchrnizatin channels and alarm if the time-synchrnizatin message is nt within the tlerances f the IED's internal/lcal clck. The IED shall validate user-perfrmable (as identified by the vendr) field hardware changes and alarm if the field hardware change is perfrmed imprperly (i.e., wrng I/O bard inserted in a designated I/O slt). Schneider Electric White Paper Revisin 0 Page 4
5 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security SYSLOG is a lng-time IT industry standard used with telecmmunicatins and netwrk infrastructure devices. This standard defines a client / server prtcl fr transmitting lgs t a centralized server. In mst cases, the perimeter f a substatin cntains many different types f devices. T prvide the mst cmplete audit f a substatin perimeter, it is necessary t cllect the security lgs frm as many different devices as pssible. SYSLOG makes it pssible t cllect data frm a multitude f OT devices and frm any IT device that supprts the prtcl. Once the data is aggregated and nrmalized int ne cmplete substatin security lg, it is much easier t crrelate security events generated by multiple devices and t detect ptential malicius behavir. Cllected lgs can als be transferred t an enterprise-level Security Infrmatin and Event Management (SIEM) system. Such a system identifies rt causes f security incidents thrugh analytics, prvides alerts based n ptential malicius activity signatures/patterns, and generates data and statistics that can be used fr cmpliance reprting. Security Mnitring Security mnitring can be accmplished using the cmmn IT administrative Simple Netwrk Management Prtcl (SNMP). SNMP is used t manage IP-based devices such as switches, ruters wrkstatins, and printers via a Netwrk Management System (NMS). Alerts ntify a security administratr in real time f any abnrmal r failing system cmpnents. These alerts can be sent directly as alarms r via r SMS. The SNMP apprach can als be applied t OT devices. Mnitring data that is available via SNMP can als be used fr cyber security mnitring. The data bjects that OT devices can prvide are based n the Management Infrmatin Base (MIB) defined in the IEC standard. Mnitring data frm OT devices can be leveraged at the NMS level in the fllwing ways: 1. Mnitring f device status: The NMS can alert the security administratr f any device failures r changes. 2. Mnitring f device perfrmance and cmmunicatins: Mnitring f the device CPU and cmmunicatins interface can help t alert the security administratr t any ptential verlad cnditins that may help detect many types f attacks, e.g., Denial f Service (DS) attacks. 3. Intrusin detectin: Data regarding device status and perfrmance can be crrelated inside an Intrusin Detectin System (IDS) t help detect changes in cnditin that culd signal a ptential system intrusin. 4. Cnfiguratin management: Prtins f the device cnfiguratin can be mnitred and recrded fr unapprved changes. This can make it easier t ensure the cnfiguratin is restred after a failure. This gives the administratr the ability t make cnfiguratin changes in real time in rder t respnd t a security event. An example f this is t frce the switch f standard redundant cmmunicatin channels t a backup channel if the main channel has been cmprmised. Cyber security cmpliance Secure system deplyment in secndary cntrl systems shuld be supprted by the rganizatinal and peratinal prcesses that manage the critical infrastructures. This is t ensure that all stakehlders (e.g., utility site teams, suppliers, site maintenance and cmmissining teams) are well trained and sensitized t thse security measures that are in place. In additin, these stakehlders must be made t use and maintain the secured system baseline while perfrming daily peratins. Schneider Electric White Paper Revisin 0 Page 5
6 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security The security plicy mdel illustrated in Figure 3 prvides a step-by-step apprach t implementing basic security cncepts such as Availability, Integrity, and Cnfidentiality (AIC), r Authrizatin, Authenticatin and Audit-ability (AAA). Figure 3 Example f a security plicy mdel Step 1: Define security plicy The cyber security plicy prvides a frmal set f rules t be fllwed. The purpse f the plicy is t infrm emplyees, cntractrs, and ther authrized users f their bligatins regarding prtectin f technlgy and infrmatin assets. It describes the list f assets that must be prtected, identifies threats t thse assets, describes authrized users respnsibilities and assciated access privileges, and describes unauthrized actins and resulting accuntability fr the vilatin f the security plicy. The plicy shuld als include the fllwing: A list f cntrl system hardware, embedded device CPUs, hard drives, USB, CD drives, frnt end data and histrian servers, assciated device drivers, perating systems, histrians, backup and restre slutins, anti-malware slutins, s, and web-server applicatins. A list f cntrl system sftware: HMI, gateway applicatins, cnfiguratin and maintenance tls, setting and disturbance analysis applicatins, and engineering sftware. Classificatin and prtectin f infrmatin. Rules t prtect sensitive infrmatin: Fr example, lists defining the sensitive infrmatin (hard cpy r sft cpy) being used, and classifying infrmatin int distinct categries such as cnfidential, nn-cnfidential, internal use, and public. Classificatin and prtectin f cntrl system cmpnents, netwrks, and servers (e.g., whether the device handles sensitive r prtected data, handles missin critical services, can be cnnected t ther netwrks, r can be cnnected t the internet). Schneider Electric White Paper Revisin 0 Page 6
7 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security The key t maintaining an effective security baseline is t cnduct a review nce r twice a year. A risk assessment based n internal and external threats (e.g., hackers, terrrists, disgruntled emplyees r cntractrs, unintentinal usage). Escalatin prcedure fr cyber incidents with the respnsible individual identified (i.e., whm t ntify during a cyber-incident). This is generally addressed using an incident respnse plan. Incident Respnse Plan: This defines hw an rganizatin priritizes, acts, respnds, and cmmunicates in the event f a cyber security incident. Bth internal and exte rnal incidents are cvered. Examples f incidents include: Breach by gaining unauthrized access, taking unauthrized cntrl, extracting cnfidential infrmatin, r manipulating system data. Unintentinal misuse that causes a disruptin f the expected system behavir and impacts essential services. Public disclsure f a new vulnerability by vendrs r cyber security experts which culd impact prducts r sftware applicatin cmpnents f the system in questin. CERT (Cmputer Emergency Respnse Team): This grup f individuals is respnsible fr rganizing, leading, cmmunicating, and reslving cyber security incidents within an rganizatin in a timely manner. This team shuld include participatin frm senir management, technical, and quality departments. The majr respnsibilities f this team include: Assess the incident. Determine validity and rt cause. Crrect the prblem and supprt the peratins teams. Determine hw t avid similar explitatin r vulnerabilities in the future. Cmmunicate effectively with peratins teams. Cmmunicate effectively with vendrs and crprate r federal CERT bdies. Step 2: Define prcesses As system security baselines keep changing in rder t address emerging vulnerabilities, cyber security system prcesses and prcedures need t be reviewed and updated regularly t fllw this evlutin. The key t maintaining an effective security baseline is t cnduct a review nce r twice a year. Anther imprtant step is t maintain a strng patch management system. The deplyment f a patch management system in supprt f secndary cntrl systems invlves the fllwing steps: System inventry baseline: Generate a target system inventry list using an autmated r manual prcess t determine which hardware equipment, perating systems, and sftware applicatins are used. Peridic risk analysis: Mnitr security surces fr vulnerability annuncements and patch and nn-patch remediatin. Analyze the applicability f the same t targeted system architecture. Remediatin f risks: Find, dwnlad, r acquire remediatin frm vendrs. Priritize risks and stre fixes in a cnfiguratin management system fr testing and applicatin n system cmpnents. Testing f patches: Test the patches / fixes in a nn-prductin envirnment r acquire patches frm suppliers that were tested in the intended system cnfiguratin t determine whether there is regressin in the system functins. Schedule a patch implementatin cycle depending n the cmpliance needs r planned system maintenance cycles. Infrm the stakehlders f the patch cycle results. Secure delivery and deplyment f patches t the target system. Schneider Electric White Paper Revisin 0 Page 7
8 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Revise the asset inventry baseline t ensure that n change frm the last revisin is carried ver t the beginning f the next cycle. Step 3: Chse and implement technlgy Chse technlgy based n internatinal standards t implement security plicy and prpsed risk mitigatin actins. A Secure by design apprach which is based n internatinal standards like IEC and IEEE 1686 (as ppsed t a Blt-n security apprach) can help t further reduce risk when securing cntrl system cmpnents. Determine which standards are best suited t implement the cyber security requirements in the peratinal technlgy envirnment and help t enfrce and maintain security plicy needs in an efficient manner. Step 4: Dcument Cyber security dcumentatin shuld include detailed prcedures, prcesses, netwrk diagrams, security architectures, and the prduct and system technical and user dcumentatin supplied by vendrs. As-built dcumentatin f deplyed system and apprved cyber security templates fr peridic security audits, security risk assessments, engineering, servicing, cmmissining, and patch management shuld als be included as part f the essential dcumentatin. Asset management challenges Crss Functinal Expertise Tw ptins exist fr addressing the issue f cyber security implementatin in substatins. The first ptin is t train cyber security specialists capable f wrking in the field. The secnd ptin is t manage cyber security frm a central lcatin where a pl f experts can handle cmplex and crss-disciplinary events. The system cmplexity is driven by the need fr mre crss-dmain activity where prtectin engineers, IT managers, security managers, and applicatin engineers are required t share their expertise t identify the ptential issues and attacks affecting their systems. Cyber security cnstraints are creating a new apprach in substatin design, cmmissining, and peratin. The nature f infrmatin exchange is evlving and driving the trend tward mre rbust cyber security. A settings file, fr instance, is a ptential threat if sme f the infrmatin can be cmprmised r changed. These new cnstraints are nw part f everyday life fr utility peratins and maintenance teams. The integratin f cyber security is als driving dramatic changes in peratinal and maintenance prcesses. Vulnerability Management When cyber threats were less f an issue, the relatinship between a utility and a vendr was based n discussins arund bugs that culd be fund in prducts r systems. Very ften, the utility qualified hardware reliability and tested the sftware and the algrithms embedded in the prduct. The qualificatin f a prduct characterized, in detail, the behavir f the system / prduct. The qualified hardware / sftware were managed cautiusly t guarantee the behavir f the verall prduct. This strategy is nw becming almst impssible t maintain as far as cyber security is cncerned because f a new factr that has entered the picture: vulnerability. A recent example is the heartbleed vulnerability discvered recently n a cmmunicatin stack called OPENSSL. Several releases f this stack were impacted by this vulnerability, leading several cmpanies t release new firmware fr their prducts / systems. As a result, regulatrs are Schneider Electric White Paper Revisin 0 Page 8
9 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security impsing a requirement t update, within a defined and limited perid f time, devices affected by the latest secure instance f firmware, especially when a crypt library is at stake. In this case, it is almst impssible t red the full qualificatin prcesses f the device. The system is smetimes even mre cmplex because direct business relatinships exist between the utility and the relay manufacturer. Fr instance, in sme cmplex ecsystems, cntractrs, integratrs, panel builders, and manufacturers are invlved. The prblem f asset management is becming mre cmplex and, in many cases, the utility is left with the challenge f hw t address these cnstraints. The issue is becming mre critical fr utilities because sme insurance cmpanies are nw refusing t cmpensate damage caused t a system by a cyber attack if all the knwn patches have nt been prperly applied. It has becme clear that all equipment, including OT devices, must fllw the same rules, and that all the cmpnents including internal device sftware libraries must be identified and dcumented. Cnfiguratin Management Cnfiguratin is dynamic and therefre has a great impact n the security f systems. Multiple types f cnfiguratins exist. The first type f cnfiguratin is specific t a device (such as the number f bards and the cnfiguratin f each bard). The secnd type f cnfiguratin is related t the functinality f the device. In this secnd cnfiguratin, the settings, the threshlds, and the different lgics are all accunted fr. While the first type f cnfiguratin is generally static and defined during cmmissining, the secnd is mre dynamic and can change based n peratinal cnditins r n system changes ver time. Access t the cnfiguratin can als be perfrmed in several different ways: Via the settings tl f the device, which can be accessed lcally r remtely Via the frnt panel f the device, where sme parameters can be adjusted Via the lcal Human Machine Interface (HMIs) These ptins are well defined when the system aligns t the IEC standard. Cnfiguratin is dynamic and therefre has a great impact n the security f systems. It is a key tl fr restring the system t a nrmal perating state after a system cmpnent failure. Mst f the standards and regulatins (like NERC CIP) require the management f cnfiguratin data. The management task is quite cmplex because in each instance the infrmatin is different frm ne device t anther and frm ne manufacturer t anther, even if the functin is the same. Regardless f which cnfiguratin methd is used t manage OT equipment, the means t manage device cnfiguratin n a regular basis is a key issue and mandatry frm the cyber security perspective. N standard has yet been develped t address the cnfiguratin management issue. The primary functins f mst OT substatin security systems in place tday are t stre the infrmatin in rder t retrieve it in case f a security incident, and t prvide an alert if a cnfiguratin is different and has been changed n the device. While the cmparisn between tw different cnfiguratins cming frm the same device is quite simple, the cmparisn f the same functin cming frm different vendr devices remains almst impssible. This is why standardizatin effrts are still needed in this area. A cmmn set f grund rules must be established in rder t define bjects that can be cmpared s that these bjects can be better managed. Fr example, security lg event definitins are nt yet defined as a cnfiguratin parameter. Therefre a pwerful tl is needed t crrelate the infrmatin cming frm the different assets, which, in turn, have been prduced by different manufacturers. Schneider Electric White Paper Revisin 0 Page 9
10 2014 Schneider Electric. All rights reserved. A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Cnclusin Utility vendrs shuld apply standardized cyber security techniques and technlgies t substatin devices in rder t prtect critical infrastructure frm cyber threats. Lgging and mnitring is ne area where principles such as unique users and IT prtcls like SYSLOG and SNMP are being deplyed directly int OT embedded devices (e.g., IEDs, bay cntrllers, RTUs, etc.). Cyber security technlgy nly partially addresses the issue f cyber threats. Utilities als need t deply the prper rganizatin and prcesses in rder t supplement the impact f cyber security prtectin technlgies. As cyber security is an nging prcess, new technlgies and security layers need t be develped in rder t address gaps explited by hackers. In the realm f Asset Management, fr example, the lack f a standardized apprach must be vercme. One ptential answer is fr utilities and vendrs t develp standardized prcesses tgether s that cncepts such as device cnfiguratin can be utilized in a hetergeneus vendr envirnment. Abut the authrs Adam F. Gauci is the Cyber Security Marketing Manager, respnsible fr prduct management and critical infrastructure slutins within Schneider Electric s Energy Divisin. Mr. Gauci is currently a member f the IEEE Pwer and Energy Sciety and a registered prfessinal engineer in the prvince f Ontari, Canada. He hlds a Bachelr f Science degree in Cmputer Engineering frm Queen s University at Kingstn, Ontari. His previus wrk experience includes wrking fr Hydr One Netwrks as a Prtectin and Cntrl Engineer and Cper Pwer Systems as a Field Applicatin Engineer. Didier Giarratan is the Directr f Cyber Security Platfrms at Schneider Electric. In this rle, he versees and manages the research and develpment f cyber security slutins fr critical infrastructure. Mr. Giarratan is currently a member f the IEEE Pwer and Energy Sciety and a full participating member f the Pwer Systems Relaying Cmmittee. Sandeep Kumar Pathania is the Offer Creatin Manager within Schneider Electric s Energy Divisin and is respnsible fr leading cyber security and IEC61850 prjects. He hlds a Bachelr in Electrnics & Cmmunicatin Engineering degree frm Punjab Technical University, and a Plytechnic Diplma in Electrnics Engineering with specializatin in micrprcessr prgramming. Mr. Pathania has ver 12 years f wrk experience in energy autmatin and cntrl systems. His previus wrk experience includes digital cntrl system prject engineering at Alstm T&D India and substatin autmatin at AREVA T&D India. He is a member f the IEEE Pwer and Energy Sciety. Schneider Electric White Paper Revisin 0 Page 10
Business Prcess Prtectrs Business Service Management Active Errr Identificatin Event Driven Autmatin Errr Handling and Escalatin Intelligent Ntificatin Prcess Reprting IT Management Business and IT Autmatin
Integratin Cmpetency Center ICC Handbk Versin 3.0 29 Nvember 2012 ICC - Integratin Cmpetency Center ICC is a shared service intended fr cmpanies wh wish t design, develp and maintain integratin slutins
A Call fr Clarity: Open Questins n the Scpe f FDA Regulatin f mhealth A whitepaper prepared by the mhealth Regulatry Calitin December 22, 2010 Authrs Bradley Merrill Thmpsn Epstein, Becker & Green P.C.
White Paper Citrix Cnsulting Best Practices Guide fr Prvisining Services and XenApp Designing an enterprise slutin fr the fast prvisining f XenApp servers Table f cntents Best Practices Guide fr Prvisining
Sample Crprate Mbile Device Acceptable Use and Security Plicy BYOD plicy template made publicly available by a Frtune 1000 Insurance Cmpany CISO WISEGATE MEMBER CONTENT 22 2303 Ranch Rad 620 Suth #135-165
Getting Started Guide fr Administratrs Fr Numara FtPrints, Numara FtPrints fr eservice Versin 9.0 Numara Sftware Inc. Numara FtPrints Getting Started fr Administratrs Manual: Rev 9.0 Numara Sftware numarasftware.cm
Clud PBX Master Service Agreement Versin 1.2 Updated 7/1/2012 http://www.vip-cnnectins.cm 1 email@example.com This Master Service Agreement (this Agreement ) is entered int this day f ( Effective
Cyber Defence Exercise Lcked Shields 2013 After Actin Reprt Tallinn 2013 1 Executive Summary This reprt describes the technical cyber defence exercise (CDX) named Lcked Shields 2013 (LS13). The intended
THIS PAGE LEFT INTENTIONALLY BLANK THE DEPARTMENT OF DEFENSE CYBER STRATEGY April 2015 THIS PAGE LEFT INTENTIONALLY BLANK THIS PAGE LEFT INTENTIONALLY BLANK TABLE OF CONTENTS I. INTRODUCTION...1 II. STRATEGIC
SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 INTRODUCTION The guidance prvided herein is the third versin f the Clud Security Alliance dcument, Security Guidance fr Critical Areas
IDENTIFICATION AND REPORTING OF SECURITY INCIDENTS FOR STRATEGIC OPERATORS A basic guide fr the prtectin f critical infrastructures www.intec.es @inteccert January 2014 CONTENTS THE GUIDE S OBJECTIVE...
Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures www.nimsft.cm Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures PAGE 2 Table f Cntents
Interperability in DALLAS Interim versin 1.0 Published: September 2011 i White Paper - Interperability fr DALLAS applicants and cmmunities v1.0 ii Interperability fr DALLAS applicants and cmmunities Warning
Mnitring Business Critical Applicatins with VMware vcenter Operatins Manager Mnitring Business Critical Applicatins with This prduct is prtected by U.S. and internatinal cpyright and intellectual prperty
www.nvell.cm/dcumentatin System Administratin ZENwrks Mbile Management 2.5.x September 2012 Legal Ntices Nvell, Inc., makes n representatins r warranties with respect t the cntents r use f this dcumentatin,
Detailed Statement f Wrk Evlve IP 989 Old Eagle Schl Rad Suite 815 Wayne, PA 19087 610.964.8000 firstname.lastname@example.org Page 1 Table f Cntents Evlved Office: HPBX...7 General Prduct Terms and Evlve IP Deliverables...
Payment Card Industry (PCI) Card Prductin Physical Security Requirements Versin 1.0 May 2013 PCI Security Standards Cuncil LLC 2013 This dcument and its cntents may nt be used, cpied, disclsed, r distributed
Twards Supprting the Adptin f Sftware Reference Architectures: An Empirically-Grunded Framewrk Silveri Martínez-Fernández Universitat Plitècnica de Catalunya Jrdi Girna, 1-3 08034, Barcelna (Spain) +34
VMware vclud Architecture Tlkit High Perfrmance Data with VMware vfabric GemFire Octber 2011 High Perfrmance Data with VMware vfabric GemFire This prduct is prtected by U.S. and internatinal cpyright and
A Frrester Ttal Ecnmic Impact Study Prepared Fr KPN The Ttal Ecnmic Impact Of KPN s Managed Vide Services As Used By A Large Financial Service Organizatin Prject Directr: Sebastian Selhrst March 2012 TABLE
CALL CENTER APPLICATIONS Call Prcessing, Mapping, Data Management / Reprting Training Catalgue January 2015 Airbus DS Cmmunicatins CCA Training Catalgue January 2015 CRITICAL MATTERS 1 2 Airbus DS Cmmunicatins
TOWARDS INTEGRATED REPORTING Cmmunicating Value in the 21st Century ABOUT THIS DISCUSSION PAPER Cntents Abut this Discussin Paper 1 Summary 2 What is Integrated Reprting? Why d We Need Integrated Reprting?