ICAO Symposium Security Overview. EVYYS Juan DOMINGO LOBATO
|
|
- Kerry Dean
- 7 years ago
- Views:
Transcription
1 EVYYS Juan DOMINGO LOBATO ICAO Symposium Security Overview
2 Why we need Security Page 2
3 PHYSICAL THREAT OUTLOOK Selected Examples (Non exhaustive list) Aircraft misappropriation (seizure) for blackmail purpose or for using it as mass destruction weapon (ex : 9/11) Contamination of crews and passengers with CBRN agents Unruly passenger, Hijacker, Terrorist Electromagnetics Interferences (Impulses Jamming) Laser Illuminations Aircraft ground attacks (ManPADS, lasers, drones,...) Ground attack (Bomb, missile ) Gate Outstation Operations & Dispatch centre Aircraft sabotage on ground (unsecured aircraft vicinity / Insiders) Maintenance & Engineering Centre Improvised Explosive Devices (IED) on board (or incendiary devices) Hangar Aircraft data & parts suppliers Warehouse May-16 Footer
4 ICAO Symposium RPAS & ATS Security Topics CYBERSECURITY OUTLOOK Selected Examples (non exhaustive) Satellite Communications (SATCOM) Cabin links accessible to passengers (Cabin Wifi, plugs on cabin seats, FAP, bluetooth ) Aircraft - Ground links (HF, VHF, SATCOM ; GPS, ILS ) with in-flight access COTS, Plugs, Wifi Outstation Air/Ground Links ACARS HF & VHF Satcom Aircraft - Ground wireless links (Gatelink, GSM, Wifi, WiMax ) Gate GateLink (Wireless) Operations & Dispatch centre Maintenance & Industrial systems (PMAT, PDL, troubleshooting equipment, USB keys, ITcards ) Aircraft data & parts suppliers Supply chain (Embedded systems security, Transit of Software from Supplier to Aircraft ) Maintenance & Engineering Centre Hangar 4 Warehouse PMAT Page : Portable 4 Maintenance Terminal PDL : Portable Data-Loader FAP : Flight Attendant Panel 4
5 The reasons of fears Increased passenger connectivity Increased real-time data to operate the A/C Extensive use of connectivity is all the more worrying that, at the same time, economical constraints pushes the community to use General Public Commercial Of The Shelf (GP- COTS) products to support the connectivity needs. Better prediction and reactiveness for improved safety and aircraft operation Non time-critical data Performance analysis and big-data Better prediction of performance trends for sustained aircraft operation Page 5
6 The e-enabled aircraft : The times they are a Changin!! Simple Proprietary Obscure Isolated Closed Complex Standardized Documented Connected Open An evolution of capabilities but technology can be taken hostage ~144 Millions of new malwares samples recorded in millions per month Flight Operations Maintenance Cabin Crew Passengers Navigation Charts Airport Maps Weather Maps Performance Calculations per day Electronic Manuals Technical Logbook 4.5 new malware variant Maintenance Tools Performance Analysis Monitoring Troubleshooting Maintenance Manuals Technical Logbook Cabin Logbook Cabin Management Cabin Systems Control Passenger Lists Electronic Manuals IFE Systems Internet Connectivity Phone Services OnBoard Intranet Service Page 6
7 Main Security Objectives Confidentiality* (access-controlled sensitive info) Integrity* (accuracy & completeness resources & System) Availability* (access at time resources & System) *Definitions taken from NATO Roadmap Page 7
8 Safety Vs Security
9 Aircraft: Always the Last Line of Defense! Intelligence Interdiction Passenger screening Intelligence Interdiction Airline Operations Airplane protection Airport Security CNS/ATM Airplane Page 9
10 Manufacturer regulatory framework Getting Airworthiness Continued Airworthiness CS-25 Certification Specifications + SC Design DOA Production tests Delivery POA Aircraft in operation TC HOLDER 21A.265 (c) Type Design 21A.165 (c)(1) Production 21A.265 (c) MODifications 21A.139 (v)(xvi) Tests and delivery Corrective actions 21A.139 (v)(xvi) MANO (Manuf. Occurences) 21A.3 (a) Continued Airworthiness Part 21 ICA Part M I S O Design secure Legend Produce secure Maintain secure OPERATORS Page 10
11 Break-Down Assets The ATM RPAS own assets Aircraft Control Station Data Link The mission and data ATM Hardware Software Networks Personnel Site Organisation RPA Data Link CONTROL STATION Aircraft Payloads Ground Station Page 11
12 ICAO Symposium RPAS & ATS Security Security Process: Assessment + Assurance Page 12
13 Information Security Assurance Cyber-Security Best Practices Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Page 13
14 Information Security Assurance Cyber-Security Best Practices Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know Account Monitoring and Control Data Protection (Encryption/Secure Erasing) Incident Response and Management Secure Network Engineering Penetration Tests and Red Team Exercises Page 14
15 Conclusions The safe execution of RPAS operations is highly dependent on the security of the RPAS and its environment. Security addresses all aspects (HW, SW, COMMS, Air Traffic,..) that affect RPAS operations. Security shall be involved in the whole lifecycle of the product (design conception, development, production, Customer services, disposal) Exchanging with Aircraft Manufacturers Education, awareness and training to create a security culture Page 15
16 References Manual on remotely piloted Aircraft Systems First Edition 2015 The Critical Security Controls for Effective Cyber Defense Version 5.0. Roadmap for the integration of civil Remotely-Piloted Aircraft Systems into the European Aviation System NATO Guidelines for the security Risk Assessment and risk management of Communication and Information Systems CIS - AC/35-D/lOl7-REV2 Page 16
17 Thank you! Any Questions? Page 17
Cyber Threats, Trends, and Security Configurations. June 2, 2015. Shevaun Culmer-Reid, Program Manager
Cyber Threats, Trends, and Security Configurations June 2, 2015 Shevaun Culmer-Reid, Program Manager The Center for Internet Security is an international nonprofit organization focused on enhancing cyber
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCivil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology
Civil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology Outline Scope Civil aviation regulation History Cybersecurity threats Cybersecurity controls and technology
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationIntegrated Solution for Onboard Information Management. eenabled Aircraft Solutions
Integrated Solution for Onboard Information Management eenabled Aircraft Solutions Introducing ARINC s eenabled Aircraft Solutions ARINC s eenabled Aircraft Solutions are a modular, end-to-end solution
More informationATM Security. Emergent challenges and opportunities focusing on increasing automation and cyber-security. Antonio Nogueras
Emergent challenges and opportunities focusing on increasing automation and cyber-security Antonio Nogueras Civil-Military Coordination Unit SECONOMICS, 5 November 2014 The European Organisation for the
More informationIN FLIGHT SECURITY INCIDENT MANAGEMENT
1. Introduction IN FLIGHT SECURITY INCIDENT MANAGEMENT The tragic events on 9/11 drastically changed the way in-flight security incidents are managed. That day, the world witnessed an unprecedented dimension
More informationPhysical Security of Remote Pilot Stations and Aircrafts (when On Ground)
Physical Security of Remote Pilot Stations and Aircrafts (when On Ground) Airbus Defence and Space / Military Aircraft / INFOSEC Juan Domingo Airbus Defence and Space INFOSEC Expert IF-G-MES84-15002 Table
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationBuilding a More Secure and Prosperous Texas through Expanded Cybersecurity
Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationCyber-hijacking Airplanes:
Cyber-hijacking Airplanes: Truth or Fiction? Dr. Phil of Bloomsburg University @ppolstra http://philpolstra.com Captain Polly of University of @CaptPolly Why This Talk? Lots of bold claims concerning
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationEmerging Threats from Cyber Security in Aviation Challenges and Mitigations
Emerging Threats from Cyber Security in Aviation Challenges and Mitigations ABSTRACT Security threats to civil aviation operations have become more sophisticated and challenging to deal with. One that
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole
The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationDesign & Manufacture Seminar SOFTWARE SECURITY & DESIGN ASSURANCE JAYSON ROWE SENIOR ENGINEER AVIONICS
Design & Manufacture Seminar SOFTWARE SECURITY & DESIGN ASSURANCE JAYSON ROWE SENIOR ENGINEER AVIONICS Aircraft Network Security Development was required for B787 B787 over 1400 Loadable Software Parts
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCommunication, Navigation, Surveillance (CNS) engineers and executives of Airports Authority of India
Communication, Navigation, Surveillance (CNS) engineers and executives of Airports Authority of India CNS Officers Guild 1 Airports Authority of India (AAI) is entrusted with responsibility of providing
More informationMobile Technology: Learn About Managing Mobility
Mobile Technology: Learn About Managing Mobility Presenters: Chris Kiley, Jeppesen Director, Mobile & Web Solutions, UxD Michelle Burnett, AirWatch Learn about. What you will learn/take away from today
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationCode of Practice for Cyber Security in the Built Environment
Brochure More information from http://www.researchandmarkets.com/reports/3085299/ Code of Practice for Cyber Security in the Built Environment Description: This code of practice explains why and how cyber
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationGreat Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore
Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different
More informationElectronic Flight Bag: Real-Time Information Across an Airline s Enterprise
Electronic Flight Bag: Real-Time Information Across an Airline s Enterprise By David Allen Chief Engineer, Crew Information Services The Boeing Electronic Flight Bag (EFB) system has been expanded to include
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationBOEING 1. Copyright 2015 Boeing. All rights reserved.
Maintenance Prognostics Digital solutions to optimize maintenance operations Juan D. Lopez Program Manager, Fleet and Maintenance Solutions September 2015. The statements contained herein are based on
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationInternet of Things Security Companion to the CIS Critical Security Controls (Version 6)
Internet of Things Security Companion to the CIS Critical Security Controls (Version 6) October 2015 Internet of Things Security Companion to the CIS Critical Security Controls (Ver. 6) Introduction...
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationGlobal Network Mobility RIPE 48
John Bender Don Bowman cbbrouting@boeing.com Global Network Mobility RIPE 48 Implementing Network Mobility Summary What is Connexion by Boeing? Network and Service Challenges BGP as a mobility solution
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationAerodrome Advisory Circular
Aerodrome Advisory Circular AC(AD) NO-13 Integration of International Aviation Security (AVSEC) Measures into Designs and Constructions of New Facilities and alterations to Existing Facilities. CIVIL AVIATION
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationAircraft Tracking & Flight Data Recovery
Airframer view Presented by: Claude Pichavant Aircraft Tracking & Flight Data Recovery Aircraft Tracking & Flight Data Recovery Airbus has contributed to the Aircraft Tracking Task Force (ATTF), to the
More informationTHE UNIVERSAL SECURITY AUDIT PROGRAMME (USAP)
THE UNIVERSAL SECURITY AUDIT PROGRAMME (USAP) 1 Objectives USAP objective The objective of the USAP is to promote global aviation security through auditing Contracting States, on a regular basis, to determine
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationOpening the European Sky to UAS From military to civilian
Unmanned Systems Opening the European Sky to UAS From military to civilian applications Pablo González Aerodays 2011 /Madrid/31 de March 2011 INTRODUCTION From military to civilian applications Currently,
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationSUMMARY: The FAA seeks comments on current policy, guidance, and procedures that
[4910-13] DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Parts 91, 121, 125 and 135 Docket No. FAA-2012-0752 Passenger Use of Portable Electronic Devices On Board Aircraft AGENCY:
More informationDEPARTMENT OF DEFENSE COMMERCIAL AIR TRANSPORTATION QUALITY AND SAFETY REQUIREMENTS INTRODUCTION
DEPARTMENT OF DEFENSE COMMERCIAL AIR TRANSPORTATION QUALITY AND SAFETY REQUIREMENTS INTRODUCTION The Department of Defense (DOD), as a customer of airlift services, expects an air carrier or operator soliciting
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More informationThe Connectivity Challenge: Protecting Critical Assets in a Networked World. A Framework for Aviation Cybersecurity. An AIAA Decision Paper
The Connectivity Challenge: Protecting Critical Assets in a Networked World A Framework for Aviation Cybersecurity An AIAA Decision Paper August 2013 America must also face the rapidly growing threat
More informationAircraft Hacking Practical Aero Series
Aircraft Hacking Practical Aero Series IT Security Commercial Pilot Hugo Teso (@hteso) (@48bits) www.48bits.com One and a half architecture Aero Series www.commandercat.com Agenda Part 1: The $PATH to
More informationAerospace Cyber Physical Systems Challenges in Commercial Aviation
Aerospace Cyber Physical Systems Challenges in Commercial Aviation Dr. Susan X. Ying, Dr. Steven Venema, Dr. David Corman, Dr. Ian Angus, and Dr. Radhakrishna Sampigethaya Boeing Research and Technology
More informationOverview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015
Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source
More informationCAUSES OF AIRCRAFT ACCIDENTS
CAUSES OF AIRCRAFT ACCIDENTS 10 th Week (9.00 am 10.30 am) 3 rd Oct 2009 (Friday) COURSE : DIPLOMA IN AVIATION MANAGEMENT MODULE : AVIATION SAFETY AND SECURITY (AVS 2104) 1 LEARNING OBJECTIVES Understand
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationSolving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense
Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Boeing and Exostar Cyber Security Supply Chain Risk Management INTERVIEWS Robert Shaw Computing Security & Information Protection Specialist, Boeing
More informationEmirates Airline. Cargo Security The EK Experience
Emirates Airline Cargo Security The EK Experience The aim of Aviation Security The aim of aviation security is to safeguard passengers, crew, ground personnel and the general public from acts of unlawful
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationFAA AIRCRAFT SYSTEMS INFORMATION SECURITY PROTECTION OVERVIEW. Abstract
FAA AIRCRAFT SYSTEMS INFORMATION SECURITY PROTECTION OVERVIEW Peter Skaves, Chief Scientific & Technical Advisor for Advanced Avionics, FAA, Renton, WA Background (FAA) The Federal Aviation Administration
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationState of Montana Montana Board of Crime Control. Agency IT Plan Fiscal Year 2012-2017
State of Montana Montana Board of Crime Control Agency IT Plan Fiscal Year 2012-2017 Prepared July 2012 Brooke Marshall, Executive Director Jerry Kozak, IT Manager Board of Crime Control 5 S Last Chance
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationTom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. Session Objectives. Introduction Tom Walsh
Effectively Completing and Documenting a Risk Analysis Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS Session Objectives Identify the difference between risk analysis and risk assessment
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationDate: 9/30/15 AC No: 119-1 Initiated by: AFS-300 Change: 0
U.S. Department of Transportation Federal Aviation Administration Subject: Airworthiness and Operational Authorization of Aircraft Network Security Program (ANSP) Advisory Circular Date: 9/30/15 AC No:
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationThales Satcom and Connectivity
www.thalesgroup.com Thales Satcom and Connectivity Peter Durrant Technical and Product Line Director Thales UK Flight Avionics Ce document ne peut être reproduit, modifié, adapté, publié, traduit, d'une
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationInvitation to Dialogue
Kim Gram June 2013 The most important thing we build is trust AEROSPACE AND SECURITY DIVISION Aerospace Communications Antenna Systems Commercial Systems SATCOM Tactical Communications and Surveillance
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationQualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business
Qualification Specification Level 4 Certificate in Cyber Security and Intrusion For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationDRAFT. Date: DRAFT Initiated by: AFS-300
DRAFT U.S. Department of Transportation Federal Aviation Administration Advisory Circular Subject: Airworthiness and Operational Approval of Aircraft Network Security Program (ANSP) Date: DRAFT Initiated
More informationIntegration of QMS, SMS,
Integration of QMS, SMS, WMO/QM Task Team, 4th Meeting 20.-22. January 2015 / Gerold Fletzer DIESER TEXT DIENT DER NAVIGATION Since last meeting the world has changed: 2015 we are facing ISO 9001:2015
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationELECTRICAL & POWER DISTRIBUTION
ELECTRICAL & POWER DISTRIBUTION END-TO-END ELECTRICAL WIRING INTERCONNECTION SYSTEMS (EWIS) Complete EWIS System Design Harness Installation Design Reconciliation of Wiring Diagrams (2D) & Harness Design
More information