Prof. Dr. Jens Braband (Siemens AG) Risk Assessment in IT Security for Functional Safety
|
|
- Clyde Beasley
- 8 years ago
- Views:
Transcription
1 Prof. Dr. Jens Braband (Siemens AG) Risk Assessment in IT Security for Functional Safety
2 What s rail automation about?
3 What s in and what s out
4 Basic approach: IT security for functional safety EN does not define security threats and countermeasures explicitly, but requires addressing the prevention of unauthorized access in the safety case. From a conceptual point of view, hazard and threat analyses are quite similar. However, the methodology and target measures are different, e.g. SIL and SL. Chapters of a technical safety report (EN50129) 4 Operation w. external influences 4.6 Access protection Technical Safety report EN IT security for safety IEC EN DIN VDE V Security standardiization activities
5 Basic approach for IT security risk assessment from IEC Breakdown of the system into zones and conduits, so that the IT security requirements are coordinated in zones or conduits each object is allocated to a zone or conduit 2. Assessment of the risk for each zone or conduit and each fundamental requirement identification and authentication control (IAC) use control (UC) system integrity (SI) data confidentiality (DC) restricted data flow (RDF) timely response to events (TRE) resource availability (RA)
6 Security levels in IEC 62443
7 Inheritance of safety principles In the IT security for safety concept, the safety principles from Common Safety Methods (CSM) Regulation 402/2013 can be applied to the IT security domain, such as broadly acceptable risk application of codes of practice comparison with reference systems Only the principles for explicit risk analysis need to be adapted as SL is a qualitative measure. The quantification of IT security risks for safety is considered impossible as the likelihood of an attack can not be estimated objectively ( likelihood trap, see Moreaux, 2014).
8 Traditional IT security management what s the problem? In IEC/ISO 27005, likelihood is used instead of the term probability for risk estimation. It is used as a subjective probability. IEC/ISO states its ease of understanding as an advantage, but the dependence on subjective choice of scale as a disadvantage. Statistical or analytical modeling of threat likelihood is infeasible (Schäbe/Braband, 2014). This means that, for safety certification, we cannot rely on likelihood estimation.
9 A glimpse into IT security risk assessment Resources (R) Low Medium Extended Know-how (K) Generic System-specific Sophisticated Motivation (M) Low Limited High In a first step, R, K and M are evaluated for an attacker and combined into a preliminary security level (PSL). The evaluation is based on a complete discussion of all combinations, given that: SL x is considered sufficient to thwart an attack of type (Rx, Kx, Mx). If R > K, then the attacker could acquire know-how by his resources, so R = K R2 PS 2 PS 3 PS 3 R3 PS 3 PS 3 PS 4 R4 PS 4 PS 4 PS 4 * Means that the PSL may be reduced by 1 if motivation M equals 2.
10 Railway signaling-specific parameters For the parameters, specific tables have been elaborated (Schlehuber, 2013). According to another thesis (Spies, 2013), the following parameters should be considered additionally in railway signaling: location of the attack (L) traceability and non-repudiation (T) potential (severity) of the attack (P) It can be argued that motivation M and L and T are not independent. If the attacker has to access railway tracks or buildings, the motivation is not low. If there is a realistic chance that the attacker is identified, the motivation is not low. So, we can delete the * in the PSL table if we take into account L and T. But L and T are not independent either.
11 Putting it all together L, T and P are proposed to be evaluated on a binary scale with L = 1 if the attacker has to access railway tracks or buildings T = 1 if the attack can very likely be traced and the attacker be identified P = 1 if the attack is targeted at a system which is protected by additional barriers or if the consequences are not catastrophic Formally, we can derive { R, K} I max{ L, T P} SL = max } { R 2, K 4, Note that the SL does neither depend explicitly on the likelihood of the attack nor the motivation of the attacker any more. It is rather a decision of the asset owner which type of attacker he is assuming.
12 Conclusion and outlook The IT security for functional safety approach allows several different risk assessment approaches. For systems that have to undergo a strict certification process, likelihoodbased IT security risk assessments are not reasonable. For explicit IT security risk assessment, a new approach has been presented which avoids the direct assessment of likelihood and derives an SL according to IEC which is suitable for railway signaling.
Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme
ETCS Prüfcenter Wildenrath Interoperabilität auf dem Korridor A Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme Siemens Braunschweig, Oktober 2007 Prof. Dr. Jens Braband Page 1 2007 TS
More informationFunktionale Sicherheit IEC 61508 & IEC 62443
Funktionale Sicherheit IEC 61508 & IEC 62443 Seite 1 PROFIsafe trifft New York PROFIsafe Senior Safety Expert Siemens AG, DF FA AS E&C-PRM3 bernard.mysliwiec@siemens.com Seite 2 Roosevelt Island Picture
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood
More informationTeleTrusT Bundesverband IT-Sicherheit e.v.
TeleTrusT Bundesverband IT-Sicherheit e.v. TeleTrusT-Workshop "Industrial Security" 2015 München, 11.06.2015 Einführung Industrial Security anhand des IEC 62443; Bedrohungslage für Betreiber von ICS (Industrial
More informationInformation System Security
Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationSecurity Levels in ISA-99 / IEC 62443
Summary Assessment of the security protection of a plant A Security Protection Level has to be assessed in a plant in operation A Protection Level requires both: The fulfillment of the policies and procedures
More informationIT Security Management Risk Analysis and Controls
IT Security Management Risk Analysis and Controls Steven Gordon Document No: Revision 770 3 December 2013 1 Introduction This document summarises several steps of an IT security risk analysis and subsequent
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan March 19, 2015 Network Security Reference Books Corporate Computer Security (3rd Edition)
More informationCSMS. Cyber Security Management System. Conformity Assessment Scheme
CSMS Cyber Security Management System Conformity Assessment Scheme for the CSMS Certification Criteria IEC 62443-2-1:2010 Cyber Security Management Syste 1 Purpose of the CSMS Conformity Assessment Scheme
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationT.38 fax transmission over Internet Security FAQ
August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes
More informationSafety Analysis based on IEC 61508: Lessons Learned and the Way Forward
Safety Analysis based on IEC 61508: Lessons Learned and the Way Forward Jens Braband SAFECOMP 2006 Empfohlen Gdansk, September wird auf dem 2006Titel der Einsatz eines vollflächigen Hintergrundbildes (Format:
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationAdvanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
More informationTechnical Bulletin. Understanding Servo Safety Functionality and SIL ratings
Technical Bulletin Understanding Servo Safety Functionality and SIL ratings What is meant by SIL rating and Stop Categories? Why do I need to understand how safety works if none of my current customers
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationITIL and Business Continuity (Service Perspective)
(Service Perspective) Hepix 2012 Conference Prague, 23-27 April 2012 Patricia Méndez Lorenzo, Mats Moller On behalf of the (IT&GS) Service Management team Outlook ITIL Principles Risk Management in ITIL
More information5SV Residual Current Protective Devices
s Siemens AG 2013 SENTRON 5SV Residual Current Protective Devices New portfolio for reliable personnel, material and fire protection Safe protection against residual currents Residual current protective
More informationChallenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationwhite SECURITY TESTING WHITE PAPER
white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...
More informationDo "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?
Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00
More informationChapter 8 Security Systems
Chapter 8 Security Systems 8.1 Robbery and Burglar Alarm Systems (RAS and BAS) 148 8.2 Video Surveillance Systems (CCTV) 150 8.3 Access Control 150 8.4 Danger Management System 151 8 Security Systems There
More informationASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA AND PACIFIC OFFICE ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT DRAFT Second Edition June 2010 3.4H - 1 TABLE OF CONTENTS 1.
More informationCTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationa Medical Device Privacy Consortium White Paper
a Medical Device Privacy Consortium White Paper Introduction The Medical Device Privacy Consortium (MDPC) is a group of leading companies addressing health privacy and security issues affecting the medical
More informationSAFETY MANUAL SIL Switch Amplifier
PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General
More informationWhere Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015
Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA April 2015 Think of a Number! 13642916 Page 2 Prologue: Nineteenth-century Data Overkill Page 3 Prologue: Your Brain
More informationSAFETY MANUAL SIL SMART Transmitter Power Supply
PROCESS AUTOMATION SAFETY MANUAL SIL SMART Transmitter Power Supply KFD2-STC4-(Ex)*, KFD2-STV4-(Ex)*, KFD2-CR4-(Ex)* ISO9001 2 3 With regard to the supply of products, the current issue of the following
More informationIndustrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities
Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE
More informationWhite Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards
From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards Abstract HIPAA requires a number of administrative, technical, and physical safeguards to protect patient information
More informationA Structured Comparison of Security Standards
A Structured Comparison of Security Standards Kristian Beckers 1, Isabelle Côté 3, Stefan Fenz 2, Denis Hatebur 1,3, and Maritta Heisel 1 1 paluno - The Ruhr Institute for Software Technology - University
More informationIs your current safety system compliant to today's safety standard?
Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before
More informationActuator-Sensor-Interface
Selection and ordering data Design Order No. Price Pack 3RX9 307-0AA00 3RX9 307-1AA00 4FD5 213-0AA10-1A 3RX9 305-1AA00 3RX9 306-1AA00 Single output IP 65 current 2.4 A Rated input voltage DC 24 V current
More informationRisk Management Guide for Information Technology Systems. NIST SP800-30 Overview
Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve
More informationThis is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
More informationThe rocky relationship between safety and security
The rocky relationship between safety and security Best practices for avoiding common cause failure and preventing cyber security attacks in Safety Systems Abstract: An industry practice reflected in the
More informationIMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION
48 IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION MATÚŠ HORVÁTH, MARTIN JAKUB 1 INTRODUCTION Managerial work is directly dependent on information, it is therefore
More informationSIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Preface 1. Virus scanner administration 2.
Preface 1 Virus scanner administration 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Commissioning Manual 04/2013 A5E03874574-02 Legal information
More informationThreat Modeling. 1. Some Common Definition (RFC 2828)
Threat Modeling Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system.
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationCSCI 4541/6541: NETWORK SECURITY
1 CSCI 4541/6541: NETWORK SECURITY COURSE INFO CSci 4541/6541 Tuesdays 6:10pm 8:40pm Bell Hall 108 Office Hours: Tuesdays 2:30pm 4:30pm Dr. Nan Zhang Office: SEH 4590 Phone: (202) 994-5919 Email: nzhang10
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationA STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS
A STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS EXECUTIVE SUMMARY March 2003 OF WORK CARRIED OUT FOR JRC ISPRA UNDER CONTRACT
More informationChapter 1: Information Security Fundamentals. Security+ Guide to Network Security Fundamentals Second Edition
Chapter 1: Information Security Fundamentals Fundamentals Second Edition Objectives Identify the challenges for information security Define information security Explain the importance of information security
More informationInformation Security for Modern Enterprises
Information Security for Modern Enterprises Kamal Jyoti 1. Abstract Many enterprises are using Enterprise Content Management (ECM) systems, in order to manage sensitive information related to the organization.
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationISA-99 Industrial Automation & Control Systems Security
ISA-99 Industrial Automation & Control Systems Security Jim Gilsinn National Institute of Standards & Technology (NIST) Engineering Laboratory ISA99 Committee Addresses Industrial Automation and Control
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationInformation technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques
More informationWith Great Power comes Great Responsibility: Managing Privileged Users
With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationSAFETY CLASS, Program 2013-2014
SAFETY CLASS, Program 2013-2014 Would you like to be an - pert? The market of explosion safety is still developing. For example: Zone 2 applications and the advance of Fieldbus, Ethernet, dust explosion
More informationHow To Write A Train Control System
di Base tesi di laurea magistrale Model Driven Engineering of railway control systems with the openetcs process Anno Accademico 2013-2014 relatore Ch.mo Prof. Stefano Russo correlatori Ch.mo Dr. Domenico
More informationOperational Guidelines for Industrial Security
Operational Guidelines for Industrial Security Proposals and recommendations for technical and organizational measures for secure operation of plant and machinery Version 2.0 Operational Guidelines for
More informationDEVELOPING A NETWORK SECURITY PLAN
1-06-30 INFORMATION MANAGEMENT: STRATEGY, SYSTEMS, AND TECHNOLOGIES DEVELOPING A NETWORK SECURITY PLAN Frederick Gallegos and Stephen Tanner INSIDE Securing the New Distributed Environment, Review of Security
More informationInformation Security is not an IT problem! Enterprise Risk & Security Management
Information Security is not an IT problem! Enterprise Risk & Security Management Raymond Slot Security Seminar 20 maart 2015 Some Security Incidents in 2014 Anthem 80 million customer records exposed JPMorgan
More informationCONFIGURABLE SAFETY RELAYS
MSI-m/R, MSI-mx/Rx Configurable MSI Safety Relay with function for efficient material flow in a packaging application Special features Sequential or Parallel with automatic mode detection MSI-mx for separate
More informationDecision making in ITSM processes risk assessment
Decision making in ITSM processes risk assessment V Grekul*, N Korovkina, K Korneva National Research University Higher School of Economics, 20 Myasnitskaya Ulitsa, Moscow, 101000, Russia * Corresponding
More informationISO/IEC JTC1/SC7 N4098
ISO/IEC JTC1/SC7 Software and Systems Engineering Secretariat: CANADA (SCC) ISO/IEC JTC1/SC7 N4098 2008-07-17 Document Type Title Source CD CD 25010.2, Software engineering-software product Quality Requirements
More informationCyber Security Governance in Open Distance Learning
Cyber Security Governance in Open Distance Learning With specific reference to Online Evaluation and Assessment Prof Basie Von Solms Director : Centre for Cyber Security Academy for Computer Science and
More informationAnalyzing the Security Significance of System Requirements
Analyzing the Security Significance of System Requirements Donald G. Firesmith Software Engineering Institute dgf@sei.cmu.edu Abstract Safety and security are highly related concepts [1] [2] [3]. Both
More informationInterim Threat / Risk Assessment. Student E- Communications Outsourcing Project
Interim Threat / Risk Assessment Student E- Communications Outsourcing Project Martin Loeffler Information Security, I+TS Creation Date: Version 1.0 June 24, 2010 Last Updated: Version 2.0 July 6, 2010
More informationSecurity all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.
Security all around Industrial security for your plant at all levels siemens.com/industrialsecurity Answers for industry. A systematic approach to minimize threats With the increased use of Ethernet connections
More informationHow to Prepare for Business Continuity After A Disaster
G C ENS ORP IT INFORMATION TECHNOLOGY SOLUTIONS How to Prepare for Business Continuity After A Disaster genscorp.com Technology has allowed for your business information to run and be stored electronically.
More informationTest Management Tool for Risk-based Security Testing
Test Management Tool for Risk-based Security Testing Michael Berger (Fraunhofer FOKUS) Michael.berger@fokus.fraunhofer.de Outline Introduction to traceability Test Management Tool requirement and concept
More informationTowards Continuous Information Security Audit
Towards Continuous Information Security Audit Dmitrijs Kozlovs, Kristine Cjaputa, Marite Kirikova Riga Technical University, Latvia {dmitrijs.kozlovs, kristine.cjaputa, marite.kirikova}@rtu.lv Abstract.
More informationTECHNICAL SPECIFICATION
TECHNICAL SPECIFICATION IEC/TS 62443-1-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 1-1: Terminology, concepts and models INTERNATIONAL ELECTROTECHNICAL
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationLecture II : Communication Security Services
Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationBest Practices for Key Management for Secure Storage. Walt Hubis, LSI Corporation
Best Practices for Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationSECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS
SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS Christian HÄGERLING Fabian M. KURTZ Christian WIETFELD TU Dortmund University Germany
More informationNova Scotia EMO. Hazard Risk Vulnerability Assessment (HRVA) Model. Guidelines for Use. October, 2010
Nova Scotia EMO Hazard Risk Vulnerability Assessment (HRVA) Model Guidelines for Use October, 2010 EMO NS Hazard Risk Vulnerability Assessment Model Page 1 of 10 Table of Contents 1. Background 2. Definitions
More informationSAFETY MANUAL SIL RELAY MODULE
PROCESS AUTOMATION SAFETY MANUAL SIL RELAY MODULE KFD0-RSH-1.4S.PS2 ISO9001 3 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery
More informationHow To Make Money From Your Business
Profile Absolute ICT Introduction At BATEC we bring it all together for our customers, from revolutionary Technologies to next-generation Mobility Enhanced Networks and sophisticated solutions for Small,
More informationSERVICE DESCRIPTION Web Proxy
SERVICE DESCRIPTION Web Proxy Date: 14.12.2015 Document: Service description: Web Proxy TABLE OF CONTENTS Page 1 INTRODUCTION 3 2 SERVICE DESCRIPTION 4 2.1 Basic service 4 2.2 Options 6 2.2.1 Web Filter
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationLecture 7: Threat Modeling. CS 392/6813: Computer Security Fall 2007. Nitesh Saxena. *Adopted from a previous lecture by Nasir Memon
Lecture 7: Threat Modeling CS 392/6813: Computer Security Fall 2007 Nitesh Saxena *Adopted from a previous lecture by Nasir Memon Course Admin HW 1 to 5 are graded; solutions provided HW6 being graded
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationMore effective protection for your access control system with end-to-end security
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
More informationIT Architecture Review. ISACA Conference Fall 2003
IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture
More informationIntroduction to Security
2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,
More informationAutomation and power products for chemical, oil and gas industries Reliability is our business
Automation and power products for chemical, oil and gas industries Reliability is our business Maximizing production volumes and keeping capital and operating costs under control: these are crucial issues
More informationNetwork Security: A Critical Component to Any Business IT Plan. www.cognoscape.com
Network Security: A Critical Component to Any Business IT Plan www.cognoscape.com Network Security: A Critical Component to Any Business IT Plan In this day and age, every business, no matter its size
More informationZak Khan Director, Advanced Cyber Defence
Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts
More informationControlling Risks Safety Lifecycle
Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationSiemens Chemnitz Siemens AG 2010. Alle Rechte vorbehalten.
Siemens Chemnitz Seite 1 ACOD Leipzig, 18th Feb 2010 Organization: R&D and Production Research & Development CNCs NC components Motion control PLC-Components Distributed I/Os Peripheral modules Power Electronics
More informationWashington Metropolitan Area Transit Authority Board Action/Information Summary
Washington Metropolitan Area Transit Authority Board Action/Information Summary Action Information MEAD Number: 100007 Resolution: Yes No TITLE: IT Data Security Assessment PURPOSE: The purpose of this
More informationRisk Management. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke
Risk Management Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Goals Participants are able to design their own RM process Participants understand the ISO27001 requirements Participants
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationSecurity Risk Assessment
Security Risk Assessment Applied Risk Management July 2002 What is Risk? Risk is: Something that creates a hazard A cost of doing business Risk can never be eliminated, merely reduced to an acceptable
More informationS a f e t y & s e c u r i t y a l i g n m e n t b e n e f i t s f o r h i g h e r o p e r a t i o n a l i n t e g r i t y R A H U L G U P TA
Unraveling the Jargon Between Functional Safety & Cyber Security Related to Industrial Control Systems ( ICS) S a f e t y & s e c u r i t y a l i g n m e n t b e n e f i t s f o r h i g h e r o p e r a
More informationCommon security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon
1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly
More informationInformation Assurance Metrics Highlights
Information Assurance Metrics Highlights Dr. Michael Schildcrout Naval Security Group 1 Outline Metrics Development Process Joint Service Effort DOT&E Sponsorship Risk Levels Remaining Issues 2 Information
More information