Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands
|
|
- Gregory Norman
- 7 years ago
- Views:
Transcription
1 Lessons learned from the new Smart Meter Risk Methodology in the Netherlands Johan Rambi Alliancemanager Privacy & Security Alliander Chairman Policy Committee Privacy & Security Netbeheer Nederland 6 December 2012 Netbeheer Nederland is a branch organization for grid operators (TSO/DSO s) Privacy & Security 2
2 Steps towards the P&S Requirements for Large-scale rollout of smart meters Privacy & Security Requirements Previous Version 1.5 Risk Study Audit Committee P&S Redevelopment Privacy & Security Sector Requirements P&S Requirements Version 2.0 Control Objectives Control Measures Implementation Guidelines Large-scale rollout Dutch Smart Meter Requirements (DSMR) 3 Privacy & Security Smart Metering Infrastructure Framework in NL analysis and rule base Goals of grid operators s expectations Formal legislation and regulations Norms and standards Privacy and security goals Formulation principles Risk analysis Requirements what to protect? Considerations and choices Measures how to realize it? 4
3 Risk Methodology processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 5 processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 6
4 s Society Consumer Organizations Experts Universities Sector Energy suppliers Grid operators Government Knowledge institutes Meter vendors 7 processes processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 8
5 processes Processes Energy Supplier Energy procurement Energy Sales / Invoicing (Billing) Disconnecting (switch off) defaulters Processes Grid Operator Transmission energy Managing power quality Meter Management Capacity Planning Minimize grid losses Market Facilitation: SVO, data collection & billing Processes Private Consumer Energy consumption Energy savings Energy Production Payment purchased products Protection personal data Processes ISP Insight / advice on energy consumption of the private consumer 9 Define Assets processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 10
6 Define Assets Customer Module, e.g. display P1 Grid Operator A manages infrastructure for both electricity and gas P0 P1 Smart E-meter P2 P2 P3 Other meters (G, water, ) P3.1 Data Concentrator (DC) P3.2 Grid Operator B manages infrastructure for gas only P3 Central System A The clouds symbolise network technologies, such as GPRS, PLC (Power Line Communication), internet, etc. Central System B P4 EDSN P4-Portal Data Exchange P4 P4-Portal (EDSN) Data Exchange P4 P4 Energy Suppliers Suppliers ISP Independent Service Provider (ISP) 11 Define Assets Information Assets Function Assets System Assets Measurement Data Measuring Function Meter Switch Data Communication Function Central System Configuration Data Switching Function Data Concentrator Monitoring Data P4-Portal (EDSN) 12
7 and assess threat sources processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 13 and assess threat sources Introduction The threat sources refer to persons or parties responsible for a security incident. Note that disturbances are not always caused by human behavior. Think for instance of a system failure in the Data Concentrator, that is affecting the stored measurement data. Grid Operator Employee System error / malfunction Central system System error / malfunction Data concentrator System error / malfunction meter Persons / Parties / Technical Data communication provider Fault Communications Energy Supplier Employee System energy supplier Private consumer External attacker Researcher (academic / journalist) Fun Hacker Criminal Fraud Terrorist 14
8 and assess threat sources 15 Group Assets processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 16
9 Group Assets Process Link between Asset and Process Asset Asset Category 17 Group Assets Process Link between Asset and Process Asset Asset Category Focus 18
10 Business Impact Assessment processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 19 Business Impact Assessment Impact Classifications s Categories Values Description Values on classifications Classifications 20
11 Business Impact Assessment Results Total Score BIA for Asset on A, I, or C Related to Available, Integrity or Confidentiality (incl. process) Values of stakeholder Score on Business Impact Focussed Asset 21 and assess risks processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 22
12 and assess risks Likelihood Classifications Likelihood Categories Very High High Medium Low Very Low Occurance in time "Daily (more than 100 times a year)" "Monthly (10 to 100 times a year)" "Annual (1 to 10 times a year)" "Probably (once a year to once in 10 years)" "Possible (once in 10 years to once a century)" The calculation of the impact comes from the BIA, but the likelihood of the threat is determined during this step. Several aspects are taken into account: Which vulnerabilities in the assets can lead to the actual occurrence of this threat? What threat sources have an interest? How important is that interest of threat source? What is the extent of the technical complexity to abuse the vulnerability in real life? What is the likelihood of an unintended disruption? 23 and assess risks Related to Available, Integrity or Confidentiality Likelihood Identified Threat Related Asset Impact The identified impact is taken from the Business Impact Assessment (BIA) Main Threat Sub Threat Sub Threat 24
13 and assess risks Count risk 25 Prioritise and present risks processes and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) and assess risks Prioritise and present risks 26
14 Prioritise and present risks Identified Threat Related Asset Risk Risk = Likelihood * Impact Main Threat Sub Threat Sub Threat 27 Approach for redevelopment Risk Risk Other input phase 1 Other input phase 2 Open issues P&S Requirements Version 1.50 Open issues P&S Dutch Smart Meter Requirements 4.0 Official Privacy Code Smart Meter Grid Operators Document Integral Vision Smart Meter P&S Requirements Version 2.0 Control Objectives Alignment with Working Group DSMR Review P&S Audit Committee of the P&S Requirements Desk study P&S Audit Committee Experiences from penetration tests DSMR 4 meters Control Measures Internal review grid operators P&S requirements other European countries Experiences from code reviews DSMR 4 meters Implementation Guidelines Alignment with EDSN about P4-portal Essential Regulatory Recommedations for E.C. (EG-2) incidents Review and alignment ESMIG 28
15 Structure of the requirements Risk s Values Asset process BIA Risks P&S Requirements Version 2.0 Control Objectives Control Measures Implementation Grid Operator Organisation Implementation Guidelines Processes Technical 29 Structure of the requirements Risk s Values Asset process BIA Risks P&S Requirements Version 2.0 Control Objectives Control Measures Implementation Grid Operator Organisation Implementation Guidelines Processes Technical 30
16 Nationaal Cyber Security Centre Cyber Security CPNI.nl Council The Netherlands IRB ICT Response Board (for Crisis) Dutch Data Protection Authority (CBP) ENCS Contact Group Security and Crisismanagement Policy Committee Audit Committee Privacy & Security Privacy & Security Netbeheer Nederland Working Group Smart Grid Cyber Security Project Group Smart Grids NEN European SCADA Control Systems Information Exchange (EuroSCSIE) Thematic Network for Critical Energy Infrastructure Protection (TNCEIP) Cyber Security EG: European Network of Transmission System Operators for Electricity European Commission DG ENER Europe European Commission DG INFSO/CONNECT Smart Grid Task Force Steering committee M/490 Smart Grid Coordination Group.. Expert Group on Smart Grid Security M/490 Smart Grid Steering Committee.. ENISA Expert Group 2 Data Privacy and Cyber Security M/490 Working Group for Smart Grid Information Security (WG SGIS).. EUTC ETSI CEN CENELEC Standardisation European Reference Network Critical Infrastructure Protection (ERNCIP) European Commission DG HOME.. DG HOME CIIP for SCADA and the Smart Grid.. NIST U.S.A. DECC U.K. STEG 31 Security Toolbox M/490 32
17 Security Toolbox M/490 Comparison with Dutch Risk methodology Make for this distinction of the different assets and grouping of the assets for instance a model like this: 33 Security Toolbox M/490 Comparison with Dutch Risk methodology For the information assets the impact of each use case should be defined, of course per category of the different stakeholders. 34
18 Security Toolbox M/490 Comparison with Dutch Risk methodology Now only for the information assets that score significant on impact potential threats are identified: 35 Security Toolbox M/490 Comparison with Dutch Risk methodology Therefore an overall risk can be identified for each potential threat on an asset with a significant impact on the risk categories (operational, legal etc.). These threats should be the trigger to identify the needed essential requirements, and next to analyze the potential gaps in the existing standards: processes Values Security Goals Risk Impact on processes Impact on values Risks the gaps & define actions Actions to solve gaps Gaps Define essential requirements Essential Requirements Compare requirements with standards relevant Standards
19 Are we ready for Cyber Security? 37 Many thanks for your attention! Johan Rambi : Alliancemanager Privacy & Security Telephone : johan.rambi@alliander.com 38
Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids
CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation
More informationENCS/NEC RESEARCH MEETING
ENCS/NEC RESEARCH MEETING Benessa Defend ベネッサ ディフェンド Benessa.Defend@encs.eu April 21, 2014 NEC, Kawasaki 1 PARTNERING FOR CYBER RESILIENCE We create and bring together knowledge and resources to secure
More informationCyber Security in EU: ENISA approach
Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency Norwegian Energy Days 2015, Oslo European Union Agency for Network and
More informationNIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA
NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, 29.10.2014 European Union Agency
More informationCyber Security in EU: ENISA approach
Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency in Electricity Distribution Grids, Brussels European Union Agency for
More informationEnterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security
Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security
More informationEU CIP Project DENSEK. Joining forces against cyber threats on European level
EU CIP Project DENSEK Joining forces against cyber threats on European level DENSEK EU CIP Objectives Improving the resilience of the energy infrastructure i.e. improving the security of the Smart Energy
More informationKPN and Utilities. Agenda
1 Titel van de presentatie Classificatie KPN and Utilities Agenda Company Profile Business Market positioning Environmental Performance ICT in the transformation of the energy market Recap and Conclusions
More informationRobert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens
Robert Malmgren Smart Grid Security Challenges - Legacy and Infrastructure Burdens Short bio Robert Malmgren Independent consultant that have worked with utility companies regarding IT- and info sec since
More informationCloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security
Cloud Security Standardisation & Certification Arjan de Jong Policy Advisor Information Security Overview Economics of standardization and certification (EU) Legal requirements for (cloud) security International
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationTHINK SMART! THE INTRODUCTION OF SMART GAS METERS
23rd World Gas Conference, Amsterdam 2006 THINK SMART! THE INTRODUCTION OF SMART GAS METERS Henk van Bruchem Netherlands ABSTRACT The application of smart metering has many advantages, especially in a
More informationCyber Security for the energy industry
ENERGY Cyber Security for the energy industry 28-03-2014 1 DNV GL 2014 10-03-2014 SAFER, SMARTER, GREENER 2 3 Challenges Utilities are thinking they are ok! The fence around the assets isn t enough anymore
More informationAn ERGEG Public Consultation Paper on Draft Guidelines of Good Practice on Regulatory Aspects of Smart Metering for Electricity and Gas
ERGEG Date: Contact: Per Hallberg Phone: 03.09.2010 Email: per.hallberg@vattenfall.com Fax: An ERGEG Public Consultation Paper on Draft Guidelines of Good Practice on Regulatory Aspects of Smart Metering
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationEuropean Network for Cyber Security
European Network for Cyber Security Cyber Security: a fundamental basis for Smart Grids Project Summary December 19, 2014 Introduction Smart grids are crucial to support the use of more sustainable energy
More informationSmart grid cyber security certification
Smart grid cyber security certification 1 Introduction On 30th September 2014 ENISA organised a workshop where the results of the report on Smart grid security certification (to be published by end of
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationESKISP6056.01 Direct security testing
Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationAppropriate security measures for smart grids
1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationDATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry
DATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry Hans Ten Berge, Secretary General, EURELECTRIC Big Data Europe workshop, 16 June 2015 EURELECTRIC represents the EU electricity
More informationHow To Protect Your Network From Attack
NextGen SCADA security Erwin Kooi Setting the stage This talk is not An introduction to SCADA security AIC versus CIA The latest blinky-lights SCADA security appliance How to use IT security in OT envrionments
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationSmart Metering Implementation Programme: Data Privacy and Security
Smart Metering Implementation Programme: Data Privacy and Security Document type: Supporting Document Ref: 94e/10 Date of publication: 27 July 2010 Deadline for response: 28 October 2010 Target audience:
More informationVolker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015
Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015 Cyber Security Coordination Group Who we are: Advisory body of the European Standards Organizations Composed of experts from CEN/CLC
More informationNIST National Institute of Standards and Technology
NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationProcurement Innovation for Cloud Services in Europe
Procurement Innovation for Cloud Services in Europe Author: Bob Jones (CERN) on behalf of the PICSE consortium www.picse.eu/ @PICSEPROCURE Focus: cloud service procurement and the Digital Single Market
More informationCybersecurity Risk Assessment in Smart Grids
Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30, 2014 1 Risk Assessment:
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationAdvanced Metering Infrastructure
Advanced Metering Infrastructure Research Project 2 Vic Ding SNE, UvA February 8th 2012 Agenda Background Research motivation and questions Research methods Research findings Stakeholders Legislation Smart
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationCyber security guide for boardroom members
Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country
More informationEnterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013
Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of
More informationMeter Data Management
EURELECTRIC Views on Meter Data Management Dr. Pauline Lawson EURELECTRIC TF Smart Grids, Flexible Loads and Storage CEER workshop on Meter Data Management Brussels, 19 April 2012 A customer-centric market
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationNational Cyber Security Strategies
May 2012 National Cyber Security Strategies About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is
More informationVattenfall Eldistribution AB, Sweden Project AMR Automatic Meter Reading
Vattenfall Eldistribution AB, Sweden Project AMR Automatic Meter Reading Toveiskommunikasjon i Norge 2008 21. mai 2008, Gardemoen, Oslo Fra planleggning til ferdig installasjon och drift Erik Nordgren
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationCloud Computing. by Civic Consulting (research conducted October 2011 January 2012)
Cloud Computing by (research conducted October 2011 January 2012) for the European Parliament, DG Internal Policies of the Union, Directorate A (Economic and Scientific Policy); presentation for the EP
More informationDe Nederlandsche Bank N.V. May 2011. Assessment Framework for Financial Core Infrastructure Business Continuity Management
De Nederlandsche Bank N.V. May 2011 Assessment Framework for Financial Core Infrastructure Business Continuity Management Contents INTRODUCTION... 3 BUSINESS CONTINUITY MANAGEMENT STANDARDS... 5 1. STRATEGY
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationDe Nieuwe Code voor Informatiebeveiliging
De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationInformation Security Standards in Critical Infrastructure Protection
Information Security Standards in Critical Infrastructure Protection Berlin 11/11/2015 Alessandro Guarino StudioAG Introduction Computers everywhere! ICT Technologies pervasive even in very analog settings:
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationRoad map for ISO 27001 implementation
ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish
More informationSmart Meters Executive Paper
Smart Meters Executive Paper Smart infrastructure overview The ever growing global demand for energy, combined with increasing scarcity of resources and the threat of climate change, have prompted governments
More informationESKISP6046.02 Direct security architecture development
Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable
More informationOnsight IntelliDefense SECURING YOUR BUSINESS
Onsight IntelliDefense SECURING YOUR BUSINESS Onsight IntelliDefense SECURING YOUR BUSINESS Nowadays, ensuring that business systems and applications function properly and are available is of crucial importance.
More informationManaged Security Services SECURING YOUR BUSINESS
Managed Security Services SECURING YOUR BUSINESS Managed Security Services SECURING YOUR BUSINESS Nowadays, ensuring that business systems and applications function properly and are available is of crucial
More informationAdvanced Project Management Incl. MS Projects 5 DAYS
Imsimbi Training proudly presents Advanced Project Management Incl. MS Projects 5 DAYS Imsimbi Training is a fully accredited training provider with the Services Seta, number 2147, as well as a Level 2
More informationehealth in support of safety, quality and continuity of care within and across borders
ehealth in support of safety, quality and continuity of care within and across borders Gerard Comyn Acting Director Information Society & Media DG European Commission http://europa.eu.int/information_society/activities/health/index_en.htm
More informationSmart grid security analysis
Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationLGMA Qld Governance and Corporate Planning Village Forum
www.pwc.com.au Fraud Risk Management Fraud Risk Assessments LGMA Qld Governance and Corporate Planning Village Forum March 2015 Agenda Introductions Fraud Risk Management Fraud Statistics s Global Economic
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationEmerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP
Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance
More informationClaes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1
Claes Rytoft, ABB, 2009-10-27 Security in Power Systems October 29, 2009 Slide 1 A global leader in power and automation technologies Leading market positions in main businesses 120,000 employees in about
More informationPaul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com
Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud
More informationFlexible Plug & Play Smart grid cyber security design and framework. Tim Manandhar
Flexible Plug & Play Smart grid cyber security design and framework Tim Manandhar Agenda Cyber security for smart grids Smart Grid cyber security framework FPP project approach on Cyber security Conclusions
More informationCloud and Critical Information Infrastructures
Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationCybersecurity & Public Utility Commissions
Cybersecurity & Public Utility Commissions November 12, 2014 TCIPG Ann McCabe, Commissioner Illinois Commerce Commission NARUC (National Association of Regulatory Utility Commissioners) Cybersecurity Primer
More informationEnergy Community Regulatory Board A Review of Smart Meters Rollout for Electricity in the Energy Community
A Review of Smart Meters Rollout for Electricity in the Energy Community Reference Documents Description [1] Directive 2006/32/EC of the European Parliament and of the Council on energy end-use efficiency
More informationThe Exit of Benchmarking Cost. FM Target is Quality and Cost
The Exit of Benchmarking Cost FM Target is Quality and Cost Remko Oosterwijk, Cluster FM of Capgemini Consulting Oslo, 25 th October 2007 Program Introduction Benchmarking in practice History of benchmarking
More informationHow To Manage Risk On A Scada System
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationDBC 999 Incident Reporting Procedure
DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationICAICT704A Direct ICT in a supply chain
ICAICT704A Direct ICT in a supply chain Release: 1 ICAICT704A Direct ICT in a supply chain Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationWORK PROGRAMME 2013 27 NOVEMBER 2012
WORK PROGRAMME 2013 27 NOVEMBER 2012 2 Contents 1 EXECUTIVE SUMMARY...7 1.1 Introduction... 7 1.2 Structure... 7 1.2.1 Core operational activities... 7 1.2.2 Operational Horizontal activities... 7 1.2.3
More informationOverview TECHIS60241. Carry out risk assessment and management activities
Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection
More informationInformation Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications
Thomas K. Lee, Executive Director/CIO Human Resources Department (518) 447-2906 Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationCyber Security Solutions
Cyber Security Solutions Defending the Enterprise General Dynamics Information Technology defends mission-critical systems including government, health, finance, defence, large-enterprise and national
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationOur Services for Partners
Our Services for Partners ElectraLink as the central body providing the infrastructure for the British retail electricity industry can provide unique services to support Partner s projects with utility
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More information