Step by Step: The Journey to Secure SCADA Systems

Size: px
Start display at page:

Download "Step by Step: The Journey to Secure SCADA Systems"

Transcription

1 Step by Step: The Journey to Secure SCADA Systems Miguel Chavero Dec 2012

2 IBERDROLA OVERVIEW Installed Capacity Total Production +286% % Dirección de Servicios Negocio Liberalizado Europa Continental 2

3 IBERDROLA OVERVIEW MW x MW Renewable, 3 Hydro, 21 Coal, 27 Renewable, 29 Hydro, 51 Nuclear, 7 Cogen, 2 Coal, 10 Nuclear, 20 Combined Cicle, Dirección de Servicios Negocio Liberalizado Europa Continental 3

4 IBERDROLA OVERVIEW EBITDA (MM ) EBITDA by Bussiness Renewable Liberalized Regulated Dirección de Servicios Negocio Liberalizado Europa Continental 4

5 IBERDROLA OVERVIEW EBITDA by Country KPI s (MM ) Brazil Spain USA Gross Margin Net Op. Exp. UK EBITDA Dirección de Servicios Negocio Liberalizado Europa Continental 5

6 IBERDROLA OVERVIEW SANTURCE 396 MW, 109FA CASTEJÓN 379 MW, 109FA We lead the construction of combined cycle power plants on Spain MW since 2001 TARRAGONA POWER 417 MW, 1FA CASTELLÓN A 782 MW, 209FA ARCOS I y II 783 MW, 2X109 FA ARCOS III 823 MW, 209FB ACECA 386 MW, 109FA CASTELLÓN B 839 MW, 209FB ESCOMBRERAS 816 MW, 209FB Dirección de Servicios Negocio Liberalizado Europa Continental 6

7 Chinese philosopher Lao-Tzu said, A journey of a thousand miles begins with a single step, SECURITY IS NOT A PRODUCT IS A PROCESS Dirección de Servicios Negocio Liberalizado Europa Continental 7

8 ISO Information is an asset that, like other important business assets, is essential to an organization s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities. ASSETS => MANAGE RISKS => REVENUES CYBERSECURITY = RISK Dirección de Servicios Negocio Liberalizado Europa Continental 8

9 Electrical Sector After11-S, Department of Homeland Security appeared Since > CIP standards mandatory Since > Nuclear CyberSecurity Standards. 1M USD / day!! penalty UK leading (CNPI), EU still starting Dirección de Servicios Negocio Liberalizado Europa Continental 9

10 Our Journey 2005: EPRI Program 86 EIS (Energy Informatio n Security) 2005: Started AURA Project 2006: AURA.PER IN Project (Firewallin g) on CCGT s 2006: CISSP Certificati on and SANS training 2007: First CyberSecu rity Plan for Thermal Stations 2007: EPRI PowerSec (sectorial benchmar king) 2007: AURA.XXXX projects started 2009: Coal Stations projects 2011: COGEN stations projects 2012: Collaboration with Nuclear stations Dirección de Servicios Negocio Liberalizado Europa Continental 10

11 AURA PROJECT = The Beginning. Impact on your assets RISKS! Consecuences on your process ACTIONS! Dirección de Servicios Negocio Liberalizado Europa Continental 11

12 AURA PROJECT Dirección de Servicios Negocio Liberalizado Europa Continental 12

13 D N B T P W V AURA PROJECT ADH Contramedidas Punto Acceso #2: NINGUNA GT ST UDH/ ArcNet GE Atlanta OSM HMI HMI PDH Contramedidas Punto Acceso #6: NINGUNA WAN DCG PDA VIB PI AW AW NODE BUS RTU Router Contramedidas Punto Acceso #3: NINGUNA IT-MONITOR Contramedidas Punto Acceso #1: Firewall s WAN IBERDROLA INTERNET Otras Redes Contramedidas Punto Acceso #5: VPN s CP CP CP PLC CEMS PC-PLC PC-PLC MEDIOAMBIENTE Fabricante Contramedidas Punto Acceso #4: NINGUNA Casetas Gobierno Host Dirección de Servicios Negocio Liberalizado Europa Continental 13

14 AURA PROJECT Dirección de Servicios Negocio Liberalizado Europa Continental 14

15 AURA PROJECT La Laguna 500 MW Monterrey III 1000 MW Jun 02 Tamazunchale 1000 MW Junio 07 Altamira III y IV 1000 MW Altamira V Nov MW Jun 06 CT Pasajes 200 MW Jun 09 CT Velilla 400 MW Jun 09 Aceca MW Jun 05 Termopernambuco 500 MW Feb MW CT Lada Jul MW Jun 09 Arcos 1 y MW Dic 04 Arcos MW Jun 05 EW Vitoria, Aranda, Valladolid Santurce 4 EW Cartagena 150 MW Jul MW Ene 05 Escombreras MW Nov 06 Castejón MW Abr 03 Castellón MW Sep 02 CN Cofrentes MW Sep 10 CC Riga 400 MW Tarragona Power 400 MW Ene 04 Castellón MW Dic 07 Dirección de Servicios Negocio Liberalizado Europa Continental 15

16 D N B T P W V AURA PROJECT AURA.ANVIR AURA.CABSE AURA.NETMON AURA.SECDIS GT ST UDH/ ArcNet ADH Contramedidas Punto Acceso #2: Migrar a conexión Red a Red GERES-RT134 OSM PDA VIB PI HMI AW HMI AW PDH NODE BUS RTU Contramedidas Punto Acceso #6: A estudiar Router? PDTE. WAN DCG Fabricante IT-MONITOR Contramedidas Punto Acceso #1: Firewall s + Doble Factor + WAN Encriptación + IBERDROLA Detección Intrusión Host Contramedidas INTERNET Punto Acceso #5: VPN s + Doble Factor Otras Redes CP CP AURA.PERIN AURA.DETIN AURA.SECAR/GESUR AURA.ENCRIPTA AURA.SECAR/GESUR CP PLC CEMS PC-PLC PC-PLC MEDIOAMBIENTE AURA.DIALUP RAS Casetas Gobierno Contramedidas Punto Acceso #3 y #4: RAS con CHAP Dirección de Servicios Negocio Liberalizado Europa Continental 16

17 MODE SYST RPS MASTR STAT DUPLX SPEED 1X 2X X 12X 13X 14X X 24X Catalyst 2960 SERIES 1 2 MODE SYST RPS MASTR STAT DUPLX SPEED 1X 2X X 12X 13X 14X X 24X Catalyst 2960 SERIES 1 2 AURA.PERIN CABLE RED PLANO CABLE RED CRUZADO CABLE ALIMENTACIÓN RED CORPORATIVA IBERDROLA 220 V - SAI External FWPERCGARA01 Lan1/Sync External Lan1/Sync FWPERCGARA02 DMZ Consola Consola Internal 220 V - RED TV2 + TV2 Touch Pannel Internal DMZ Port 1 Fa1 Port 2 BOP/HSRG Port 3 CYCLACGARA Port 4 HMICGARA HMITV+Resto elementos SWPERCGARA01 Gi0/2 Gi0/1 Consola Fa0/1 Fa0/2 Fa0/1 Fa0/2 Consola Fa0/8Fa0/9 Fa0/17 Fa0/6 Fa0/15 Fa0/12 Fa0/5 Fa0/24 Fa0/11 Fa0/12 Fa0/24 Fa0/5 Fa0/16 Gi0/1 Gi0/2 Fa0/11 Fa0/6 Fa0/13 SWPERCGARA02 Woodward NetCon RED-2 VOLANTE (PDA) AP RWIFICGARA SWITCH OFICINA RSA RED-1 RED-2 RED-1 RED-3 RSA RED-1 RED-2 RSA OSMCGARA TV1 GW EMERSON HSTCGARA NIDSCGARA OPCCGARA PTA Dirección de Servicios Negocio Liberalizado Europa Continental 17

18 AURA.DETIN (NIDS + HIDS) Dirección de Servicios Negocio Liberalizado Europa Continental 18

19 AURA.ANVIR IBERDROLA Network Firewall Perimetral CMDS AutoFTP Manager Gestor Actualizaciones Ficheros Ciclo Combinado #1 Firewall Perimetral INTRANET INTERNET Firewall Corporativo Web Fabricante Ciclo Combinado #n Firewall Perimetral Dirección de Servicios Negocio Liberalizado Europa Continental 19

20 AURA.BACKUP Automated Backups/Restores Dirección de Servicios Negocio Liberalizado Europa Continental 20

21 AURA.BACON Users Off-Line On-Line Networking devices OS + APP s Cyphered e-safe Dirección de Servicios Negocio Liberalizado Europa Continental 21

22 AURA.SECAR Network to Network Dirección de Servicios Negocio Liberalizado Europa Continental 22

23 AURA.SECAR Network to Network Dirección de Servicios Negocio Liberalizado Europa Continental 23

24 AURA.SECAR Host to Network Dirección de Servicios Negocio Liberalizado Europa Continental 24

25 -0,2-0,4 The Journey to Secure SCADA Systems -0,6 AURA.CPD ,00 horas /05/2012 7:44:28 not available not available not available not available 0-0, /05/2012 7:44:28 24,00 horas 08/05/2012 7:44:28 UNIT 1 - Valor Sensor 1 20,000 50,000 52,000 20,000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0, , , , :unit1SensorValue:1 20, :unit1SensorValue:2 50, :unit1SensorValue:3 52, :unit1SensorValue:4 20, , ,00 horas /05/2012 7:44: /05/2012 7:44: /05/2012 7:44:29 UNIT 1 - Valor Sensores Temperatura :unit1SensorValue:1 20, :unit1SensorValue:4 20,000 SETPOINT LOW.Value 10 SETPOINT WARNING.value 30 SETPOINT HIGH.Value /05/2012 7:44:29 24,09 horas UNIT 1 - Valor Sensores Humedad 08/05/2012 7:50: :unit1SensorValue:2 50, :unit1SensorValue:3 52, SETPOINT LOW_.Value SETPOINT WARNING_.Value /05/2012 7:44:29 24,09 horas 08/05/2012 7:50:02 SETPOINT HIGH_.Value 85 Dirección de Servicios Negocio Liberalizado Europa Continental 25

26 AURA.CPD Dirección de Servicios Negocio Liberalizado Europa Continental 26

27 AURA LABCON DCS MKVI de GE Turbogrup DCS I/A Invensys BOP & Boiler PLC S7400 Siemens Real Sensors LAB Field Points - National Instruments Real PROCESS (Combined Cycels, Coal, Cogen, etc) LAB PC with Models using Labview 2 Dirección de Servicios Negocio Liberalizado Europa Continental 27

28 AURA.xxxx Other Projects AURA.ARMIA: Physical SAFES for backups and media devices. AURA.CABSE: Physical protection against wilfull damages on Network pactch cords and networking devices AURA.ENCRIPTA: Comunnication channels encryptation (256 AES) AURA.NETMON: SCADA end-point and network devices monitoring AURA.DAPLI: Lay-Out and protocols documentation AURA.CENLOG: SIEM tool AURA.DETIN 2.0: Netwitness tool Dirección de Servicios Negocio Liberalizado Europa Continental 28

29 AURA PROJECT: AWARENESS AND POLICIES INFORMATION CLASSIFICATION CRITICAL CYBER ASSETS ASSESMENT EQUIPMENT INVENTORY APPLICATION INVENTORY PHYSICAL LAY- OUTS NELIB Global Criteria BY BUSSINESS LOGIC LAY-OUTS CYBERSECURITY INCIDENT RESPONSE CHANGE MANAEMENT INCIDENT DATABASE CHANGE DATABASE Dirección de Servicios Negocio Liberalizado Europa Continental 29

30 AURA PROJECT: AWARENESS AND POLICIES MALWARE PROTECTION End-Point Secured Inventory BACKUP/RESTORE Maintenance procedures REMOVABLES DEVICES Granted Devices Inventory Procedure Records TECHNICAL PROCEDURES THIRD PARTY DEVICES USAGE Approval Form CREDENTIAL MANAGEMENT Chypered Safe REMOTE ACCESS Granted Provides Inventory NETWORK GUIDELINES Lay-Out Templates Dirección de Servicios Negocio Liberalizado Europa Continental 30

31 AURA PROJECT: AWARENESS AND POLICIES Key-Users awareness through webex Upper Management reporting Key-Users Technical reporting Never give up.keep fighting.. Dirección de Servicios Negocio Liberalizado Europa Continental 31

32 The journey never ends doing now Dirección de Servicios Negocio Liberalizado Europa Continental 32

33 AURA.MARS CONCEPT What is MARS? A hollistic approach to Security Monitoring and Response Why MARS? Because threats are complex, resources are scarce, and response time is critical How is MARS different from standard approaches? We use both the standard and the most advanced Security Strategies and Technologies and highly integrate and automate them so they can work together efficiently Dirección de Servicios Negocio Liberalizado Europa Continental 33

34 AURA.MARS CONCEPT (Note: Nothing to do with Cisco MARS) Dirección de Servicios Negocio Liberalizado Europa Continental 34

35 AURA.MARS CONCEPT Dirección de Servicios Negocio Liberalizado Europa Continental 35

36 AURA SECDIS End-Point Security Whitelisting + Sandboxing Dirección de Servicios Negocio Liberalizado Europa Continental 36

37 AURA e-conseg Reporting Web Console Dirección de Servicios Negocio Liberalizado Europa Continental 37

38 Fighting with STANDARS ISO ISA-99 NIST CIP RG 5.71 SANS CERT CPNI Getting the most Fitting legal/bussiness requirements Dirección de Servicios Negocio Liberalizado Europa Continental 38

39 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 1: Inventory of Authorized and Unauthorized Devices Critical Control 2: Inventory of Authorized and Unauthorized Software Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Critical Control 4: Continuous Vulnerability Assessment and Remediation Critical Control 5: Malware Defenses IBERDROLA STATUS COMMENTS Nowadays defining templates Procedure in place, resources pending Dirección de Servicios Negocio Liberalizado Europa Continental 39

40 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 6: Application Software Security IBERDROLA STATUS COMMENTS Whitelisting Critical Control 7: Wireless Device Control Critical Control 8: Data Recovery Capability Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Never ending Vendor restrictions Dirección de Servicios Negocio Liberalizado Europa Continental 40

41 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services IBERDROLA STATUS COMMENTS Critical Control 12: Controlled Use of Administrative Privileges Very difficult on SCADA environment Critical Control 13: Boundary Defense Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs Critical Control 15: Controlled Access Based on the Need to Know Very difficult on SCADA environment Dirección de Servicios Negocio Liberalizado Europa Continental 41

42 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 16: Account Monitoring and Control IBERDROLA STATUS COMMENTS Critical Control 17: Data Loss Prevention Critical Control 18: Incident Response and Management Critical Control 19: Secure Network Engineering Critical Control 20: Penetration Tests and Red Team Exercises Waiting for resources Dirección de Servicios Negocio Liberalizado Europa Continental 42

43 CONCLUSIONS TAKE YOUR TIME!!!! Holistic approach required. Be GLOBAL Focus on your own risks, each business is different!!! You have to assume some risks (i.e.: vendor restrictions) Be ready for the impact!!!!. Recovery Disaster procedures very important Do not miss forensics tools and procedures Testing facilities is a must There is not a super product. Integration is required Working close to your control system vendors, remember they are not good!!! Open Source helps do not miss it!!! Never walk alone.internal and external support is critical!!! Dirección de Servicios Negocio Liberalizado Europa Continental 43

44 Spanish writer Antonio Machado said, Caminante, no hay camino se hace camino al andar, Walker, there is no path, you do it when you walks Miguel Chavero CISSP#: Dirección de Servicios Negocio Liberalizado Europa Continental 44

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Fleet Optimization. How Enterprise Infrastructure Enables Utilities. By Mark Brown, Power Business Development Executive

Fleet Optimization. How Enterprise Infrastructure Enables Utilities. By Mark Brown, Power Business Development Executive Fleet Optimization How Enterprise Infrastructure Enables Utilities By Mark Brown, Power Business Development Executive Brief Agenda Overview of OSIsoft in Power Generation Overview of Iberdrola s Fossil

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

GE Measurement & Control. Cyber Security for NERC CIP Compliance

GE Measurement & Control. Cyber Security for NERC CIP Compliance GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes

More information

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Check Point and Security Best Practices. December 2013 Presented by David Rawle Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs

More information

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems James Goosby Manager I&C Systems and Field Support 19 th Annual ARC Industry Forum Agenda About Us Compliance

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

5 Steps to Advanced Threat Protection

5 Steps to Advanced Threat Protection 5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious

More information

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Building a More Secure and Prosperous Texas through Expanded Cybersecurity Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity

More information

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Decrease your HMI/SCADA risk

Decrease your HMI/SCADA risk Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name

More information

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?

More information

SCADA/Business Network Separation: Securing an Integrated SCADA System

SCADA/Business Network Separation: Securing an Integrated SCADA System SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater

More information

NERC CIP VERSION 5 COMPLIANCE

NERC CIP VERSION 5 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Three Simple Steps to SCADA Systems Security

Three Simple Steps to SCADA Systems Security Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

QUESTIONS & RESPONSES #2

QUESTIONS & RESPONSES #2 QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense Tony Sager The Center for Internet Security Classic Risk Equation Risk = { Vulnerability, Threat, Consequence } countermeasures

More information

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Assessing the Effectiveness of a Cybersecurity Program

Assessing the Effectiveness of a Cybersecurity Program Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews

More information

One-Man Shop. How to build a functional security program with limited resources DEF CON 22

One-Man Shop. How to build a functional security program with limited resources DEF CON 22 One-Man Shop How to build a functional security program with limited resources DEF CON 22 One-Man Shop Agenda Caveats & Considerations People and Processes Network Architecture System Design Continuous

More information

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

CYBER SECURITY. Is your Industrial Control System prepared?

CYBER SECURITY. Is your Industrial Control System prepared? CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Cybersecurity Strategy

Cybersecurity Strategy SYSTEM SOFT TECHNOLOGIES Cybersecurity Strategy Overview With the exponential growth of cyberspace over the past two decades has come increasing risk of data security breaches involving sensitive and private

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

GE Measurement & Control. Cyber Security for Industrial Controls

GE Measurement & Control. Cyber Security for Industrial Controls GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account

More information

Protecting productivity with Plant Security Services

Protecting productivity with Plant Security Services Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services

More information

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation. Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?

More information

Security Policy for External Customers

Security Policy for External Customers 1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration

More information

The Role of Security Monitoring & SIEM in Risk Management

The Role of Security Monitoring & SIEM in Risk Management The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

White Paper: Consensus Audit Guidelines and Symantec RAS

White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with

More information

Session 14: Functional Security in a Process Environment

Session 14: Functional Security in a Process Environment Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Network Segmentation

Network Segmentation Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or

More information

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background

More information

Symphony Plus Cyber security for the power and water industries

Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy

More information

Control System Integrity (CSI)

Control System Integrity (CSI) Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control System Automating NERC Compliance Assurance February, 7 2012 ARC Forum Orlando Florida Southern Company Facility

More information

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or

More information

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

DHS Chemical Security Program: Cyber Security Requirements

DHS Chemical Security Program: Cyber Security Requirements DHS Chemical Security Program: Cyber Security Requirements Steven Burns Energy Bar Association Electricity Regulation & Compliance Committee System Reliability, Planning & Compliance Committee October

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

Utility Modernization Cyber Security City of Glendale, California

Utility Modernization Cyber Security City of Glendale, California Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES

PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES CONFIDENCE: SECURED WHITE PAPER PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE BENCHMARKS, STANDARDS, FRAMEWORKS

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information