How To Write A Cyber Security Checkout On A Nerc Webinar
|
|
- Stuart Flynn
- 3 years ago
- Views:
Transcription
1 AS WE PREPARE FOR OUR WEBINAR Thanks to each of you for taking the time to participate in our Webinar today, which will provide extensive insight into what is required to address the Version 5 NERC Cyber Security Standards that focus on configuration change management and cyber vulnerability assessments. Our two hosts during the Webinar today at 11:30 AM Eastern Time: Wes Stewart: Before joining Encari as a Sr. NERC CIP Compliance Consultant last year, Wes worked with Southern Company for 14 years. After starting out as a systems analyst supporting computer systems used by the EMS department, Wes' career with Southern Company culminated with his fulfilling the Cyber Security Team Lead role for Southern Company's entire EMS environment. While with Encari, Wes has been assisting electric utilities address complex and diverse compliance issues primarily pertaining to the CIP-005 and CIP-00 7 through CIP-009 NERC Reliability Standards. Lenny Mansell: Lenny is Encari's Director of Consulting Services. Lenny has worked with numerous generation and transmission utilities to develop and apply methodologies to identify and document Critical Cyber Assets. Lenny also has extensive experience in designing, architecting and documenting ESPs, as well as in performing NERC CIP compliance gap assessments, focusing on NERC CIP Reliability Standards CIP-002 and CIP-005 thru CIP-007, and developing and executing accompanying NERC CIP compliance remediation strategies consisting of process, procedural, policy, and technological enhancements and refinements. Three administrative items: 1. If you have a question you would like to have addressed while the Webinar is underway, please type the question and send it to me using the "Question" feature within our Webinar interface. If we are unable to address your question during this Webinar, we will make sure to respond to the question soon thereafter. 2. You may need to transition to full-screen mode within the Webinar interface in order to see the entire contents of the slides that will be presented. 3. We will notify each of you via where you may download a copy of the presentation materials and transcribed questions raised during this Webinar along with Encari's responses to the questions from our Web site.
2 NERC CIP VERSION 5: NEW TECHNICAL CONSIDERATIONS Configuration Change Management Active Vulnerability Assessments Wes Stewart, CISSP Senior NERC CIP Compliance Consultant Lenny Mansell, CISSP Director, Consulting Services February 27, 2014
3 BASELINE CONFIGURATION CHANGE MANAGEMENT R1.1 (HIGH AND MED IMPACT) YOU VE GOT TO HAVE A BASELINE" CIP-010-1, R1.1 baseline configuration, individually or by group, which shall include the following items: Baseline Configurations now require us to record the following information elements at a minimum: OS w/ version software packages intentionally installed with versions any custom software installed any logical network accessible ports 2 any security patches applied
4 BASELINE CONFIGURATION CHANGE MANAGEMENT R1.2 AND R1.3 (HIGH AND MED IMPACT) DOCUMENT AND APPROVE CHANGES, UPDATE BASELINE" R 1.2 Authorize, document [changes which deviate from existing baseline configuration] Document Identify the proposed change from the baseline. Authorize Record the authorization to perform the change. R1.3 Update baseline within 30 days, completing change [for changes which deviate from existing baseline configuration] Baselines. The baseline needs to be updated within 30 days to account for the authorized, current state. NOTE: Completing the change does not mean you can open a 6-month, catch-all change ticket hoping to avoid having to update the documentation within 30 days 3
5 BASELINE CONFIGURATION CHANGE MANAGEMENT R1.4 (HIGH AND MED IMPACT) WHICH CONTROLS? VERIFY CONTROLS PRE AND POST ARE A MATCH R Prior[to change], determine controls could be impacted, [for changes which deviate from existing baseline configuration] Write down which of the baseline controls specifically are expected to be, OR could conceivably be, affected by the change. Consider using select all that apply. R & R1.4.3 Following [change], verify security controls not adversely affected and document verification results. Save the results of a side-by-side comparison of a pre-change vs. a post-change data collection which addresses all security configuration baseline minimum requirements 4
6 BASELINE CONFIGURATION CHANGE MANAGEMENT R1.5 (HIGH IMPACT ONLY) LET S ACTUALLY TRY THE CHANGE OUT IN THE TEST** ENVIRONMENT R1.5.1 and R1.5.2 Technically feasible, prior to production change, test changes [in a] test environment or production w/ minimize adverse effects, document results of testing of security controls Actually perform test changes in a test environment and save the results PRIOR to implementing in production. If test environment used, document how the test environment s security controls (005 and 007 ) differ from the production baseline security controls that are likely to be affected by the change ** One may also test changes in a production environment so long as it is done in a manner that minimizes adverse effects (you have to document how you achieve this) 5
7 BASELINE CONFIGURATION CHANGE MONITORING R2.1 (HIGH IMPACT ONLY) ARE ANY DEVICES RUNNING UNAUTHORIZED CONFIGS? PROVE IT EVERY 35 DAYS Monitor for changes to the baseline configuration for every device at least every 35 days. Document and investigate unauthorized changes that are detected changes to the baseline configuration, as it is used here, refers to the current running configuration of your devices (what it is) as compared to the documented baseline (what it should be). (what it is) vs. (what it should be) = EVIDENCE REs are going to need an easy way to perform this comparison monthly, from cradle to grave (i.e. data collection to annotation of results and finally storage in the evidence locker ). REs are going to perform THIS PROCESS all the time (over and over and over, etc.). 6
8 ACTION PLAN: BASELINE CONFIGURATION CHANGE MANAGEMENT AND MONITORING Develop methods to query your devices for all of the baseline configuration elements. Learn how to measure thyself. Write down specific steps to accomplish. We are striving for data collection methods which are: Repeatable same every time Sufficient demonstrates compliance, hands down Safe Doesn t crash BES Cyber Assets Easy Maintain or increase current levels of employee sanity, decrease job frustration, increase happiness (these things are really valuable to sustainable compliance) Develop methods to compare running configurations against baseline configurations (DIFF running vs. baseline). Include room to annotate acceptable, expected differences on a line item basis. Strive to maximize automation of the process which collects configs and performs two comparisons: pre-change vs. baseline; and post-change vs. baseline Save the side-by-side comparisons as evidence 7
9 V5VULNERABILITY ASSESSMENT When is vulnerability assessment required? Active required every 36 months (High Impact Only); Paper or active required every 15 months (High & Medium impact); New Cyber Assets to production (High Impact). 8
10 PAPER VULNERABILITY ASSESSMENT 1. Network Discovery - paper review to identify all ESP Access Points. Review inventory, etc 2. Network Port and Service Identification - A review to verify that all enabled ports and services have an appropriate business justification. 3. Vulnerability Review - A review of security rule-sets and configurations, including controls for default accounts, passwords, and network management community strings. 4. Wireless Review - Identification of common types of wireless networks (such as a/b/g/n) and a review of their controls if they are in any way used for BES Cyber System communications. 9
11 ACTIVE VULNERABILITY ASSESSMENT Typically, Active Vulnerability testing involves sending numerous probes to devices over the network to look for open ports and known vulnerabilities. Vulnerability scanning 1 device can send ~170,000 separate probes across the network (remember, that is only for scanning one box) Determine SPECIFIC configurations that your devices respond well to. Most scanners have like 1,000 configuration options and many with potentially DANGEROUS consequences. Examples of active tools: Vulnerability scanning Port scanning w/ misc. fingerprinting War dialers Warning: It is relatively easy to break things using active vulnerability assessment tools. 10
12 ACTIVE VULNERABILITY ASSESSMENT BASICALLY CIP V3 CVA WITH WIFI AND PERIODIC ACTIVE Responsible Entities are strongly encouraged to include *at least* the following elements: 1. Network Discovery Use of active discovery tools to discover active devices and identify communication paths in order to verify that the discovered network architecture matches the documented architecture. 2. Network Port and Service Identification Use of active discovery tools (such as Nmap) to discover open ports and services. 3. Vulnerability Scanning Use of a vulnerability scanning tool to identify network accessible ports and services along with the identification of known vulnerabilities associated with services running on those ports. 4. Wireless Scanning Use of a wireless scanning tool to discover wireless signals and networks in the physical perimeter of a BES Cyber System. Serves to identify unauthorized wireless devices within the range of the wireless scanning tool. REs are strongly encouraged to see NIST for vulnerability assessment guidance and best practices. 11
13 DON T SCAN ACROSS WAN 12
14 QUESTIONS/DISCUSSION 13
15 NEXT WEBINAR Got Webinar suggestions? 14
KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS
KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS Lenny Mansell Director, Consulting Services 1 January 29, 2014 AGENDA Introduction Multiple paradigm shifts ahead How
More informationTechnology Solutions for NERC CIP Compliance June 25, 2015
Technology Solutions for NERC CIP Compliance June 25, 2015 2 Encari s Focus is providing NERC CIP Compliance Products and Services for Generation and Transmission Utilities, Municipalities and Cooperatives
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationReclamation Manual Directives and Standards
Vulnerability Assessment Requirements 1. Introduction. Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and
More informationNotable Changes to NERC Reliability Standard CIP-010-3
C L AR I T Y AS S U R AN C E R E S U LT S M I D W E S T R E LIAB I L I T Y ORGAN I Z AT I ON Notable Changes to NERC Reliability Standard CIP-010-3 Cyber Security Configuration Change Management and Vulnerability
More informationCIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationAlberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1
A. Introduction 1. Title: 2. Number: 3. Purpose: To prevent and detect unauthorized changes to BES cyber systems by specifying configuration change management and vulnerability assessment requirements
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationCIP-010-1 R1 & R2: Configuration Change Management
CIP-010-1 R1 & R2: Configuration Change Management June 3, 2014 Steven Keller Lead Compliance Specialist - CIP skeller.re@spp.org 501.688.1633 Outline What is CIP-010-1? How it is different from CIP-003-3
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationCIP-010-2. Ben Christensen Senior Compliance Risk Analyst, Cyber Security
CIP-010-2 Ben Christensen Senior Compliance Risk Analyst, Cyber Security 2 Agenda Help entities understand and prepare for the upcoming CIP 010-2 Differences and relations to current requirements Transient
More informationInternal Controls And Good Utility Practices. Ruchi Ankleshwaria Manager, Compliance Risk Analysis
Internal Controls And Good Utility Practices Ruchi Ankleshwaria Manager, Compliance Risk Analysis 2 Introduction Joined WECC in March 2013 6 years of industry experience prior to joining WECC 4 years at
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationNERC CIP Version 5 webinar series Change management
10/8/2014 NERC CIP Version 5 webinar series Change management Slide 1 Housekeeping All attendees are automatically in Mute. If you have any questions, please type them into the questions panel. This webinar
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE
R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence
More informationControl System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems
Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems James Goosby Manager I&C Systems and Field Support 19 th Annual ARC Industry Forum Agenda About Us Compliance
More informationAutomating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference
Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationVulnerability Management Isn t Simple (or, How to Make Your VM Program Great)
Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Kelly Hammons Principal Consultant, CISSP Secutor Consulting October 2 nd, 2015 97% of breaches could have been avoided through
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationAlberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES cyber systems against compromise
More informationBest Practices for Cyber Security Testing. Tyson Jarrett Compliance Risk Analyst, Cyber Security
Best Practices for Cyber Security Testing Tyson Jarrett Compliance Risk Analyst, Cyber Security 2 About Me Master s Degree Information Systems Cyber Security Reviewed 1562 CIP CMEP items CIP Analyst 4
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationTOP 10 CHALLENGES. With suggested solutions
NERC CIP VERSION 5 TOP 10 CHALLENGES With suggested solutions 401 Congress Avenue, Suite 1540 Austin, TX 78791 Phone: 512-687- 6224 E- Mail: chumphreys@theanfieldgroup.com Web: www.theanfieldgroup.com
More informationAuditing the LAN with Network Discovery
Application Note Auditing the LAN with Network Discovery Introduction This application note is one in a series of papers about troubleshooting local area networks (LAN) from JDSU Communications Test and
More informationAn Evaluation of Security Posture Assessment Tools on a SCADA Environment
An Evaluation of Security Posture Assessment Tools on a SCADA Environment Shahir Majed 1, Suhaimi Ibrahim 1, Mohamed Shaaban 2 1 Advance Informatics School, Universiti Teknologi Malaysia, International
More informationNovaTech NERC CIP Compliance Document and Product Description Updated June 2015
NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC
More informationJenifer Vallace Associate Cyber Security Analyst. Best User Reporting Practices September 24, 2013 CIP 101
Jenifer Vallace Associate Cyber Security Analyst Best User Reporting Practices September 24, 2013 CIP 101 Agenda What s needed when filling out: Self Reports (SR) Self Certifications (SC) Mitigation Plans
More informationManagement (CSM) Capability
CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE
More informationCyber Security Standards Update: Version 5
Cyber Security Standards Update: Version 5 January 17, 2013 Scott Mix, CISSP CIP Technical Manager Agenda Version 5 Impact Levels Format Features 2 RELIABILITY ACCOUNTABILITY CIP Standards Version 5 CIP
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and
More informationeeye Digital Security Product Training
eeye Digital Security Product Training Retina CS for System Administration (4MD) This hands-on instructor led course provides security system administration/analysts with the skills and knowledge necessary
More informationA Tactical Approach to Continuous Compliance. Walt Sikora, Vice President Security Solutions EMMOS 2013
A Tactical Approach to Continuous Compliance Walt Sikora, Vice President Security Solutions EMMOS 2013 Abstract NERC has moved quickly to address shortcomings and lack of clarity in previous versions of
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationChecklist for Vulnerability Assessment
Checklist for Vulnerability Assessment Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationEffective Use of Assessments for Cyber Security Risk Mitigation
White Paper Effective Use of Assessments for Cyber Security Risk Mitigation Executive Summary Managing risk related to cyber security vulnerabilities is a requirement for today s modern systems that use
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationKeshav Sarin CIP Enforcement Analyst. BURP (Best User Reporting Practices) February 11, 2011 Marina del Rey, California
Keshav Sarin CIP Enforcement Analyst BURP (Best User Reporting Practices) February 11, 2011 Marina del Rey, California Quiz How to review CIP items in the most effective manner? o Get the necessary information
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationSecure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!
Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber
More informationNeed for Database Security. Whitepaper
Whitepaper 2 Introduction The common factor in today s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationTyson Jarrett CIP Enforcement Analyst. Best Practices for Security Patch Management October 24, 2013 Anaheim, CA
Tyson Jarrett CIP Enforcement Analyst Best Practices for Security Patch Management October 24, 2013 Anaheim, CA A little about me Graduated from the University of Utah with a Masters in Information Systems
More informationINTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
More information2012 CIP Spring Compliance Workshop May 7-11. Testing, Ports & Services and Patch Management
2012 CIP Spring Compliance Workshop May 7-11 Testing, Ports & Services and Patch Management Purpose This presentation provides an overview of the CIP-007-3 R1 Test Procedures which includes a discussion
More informationSTATE OF ARIZONA Department of Revenue
STATE OF ARIZONA Department of Revenue Douglas A. Ducey Governor September 25, 2015 David Raber Director Debra K. Davenport, CPA Auditor General Office of the Auditor General 2910 North 44 th Street, Suite
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationAHS Flaw Remediation Standard
AGENCY OF HUMAN SERVICES AHS Flaw Remediation Standard Jack Green 10/14/2013 The purpose of this procedure is to facilitate the implementation of the Vermont Health Connect s security control requirements
More informationSecure Remote Substation Access Solutions
Secure Remote Substation Access Solutions Supplemental Project - Introduction Webcast October 16, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com
More informationNB Appendix CIP-004-5.1-NB-1 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationNetwork Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved.
Network Detective PCI Compliance Module Using the PCI Module Without Inspector 2015 RapidFire Tools, Inc. All rights reserved. V20150819 Ver 5T Contents Purpose of this Guide... 4 About Network Detective
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationFERC, NERC and Emerging CIP Standards
Protecting Critical Infrastructure and Cyber Assets in Power Generation and Distribution Embracing standards helps prevent costly fines and improves operational efficiency Bradford Hegrat, CISSP, Principal
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationCIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011
CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 1 Purpose Specific NERC CIP-005 Requirements Underlying fundamentals of the ESP architecture Building
More informationNetwork Security Audit. Vulnerability Assessment (VA)
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
More informationCyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationManageEngine Desktop Central Training
ManageEngine Desktop Central Training Course Objectives Who Should Attend Course Agenda Course Objectives Desktop Central training helps you IT staff learn the features offered by Desktop Central and to
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationDiscover and Manage Your Network Perimeter
Discover and Manage Your Network Perimeter A publication of Lumeta Corporation www.lumeta.com Executive Summary If your network consists of more than a dozen routers or more than a few hundred hosts, chances
More informationPayment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment
Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals
More informationGuide to CIP Cyber Vulnerability Assessment Executive Summary
Guide to CIP Cyber Vulnerability Assessment Executive Summary The North American Electric Reliability Corporation adopted Critical Infrastructure Protection standards in 2006. The standards establish the
More informationAUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
More informationOpen Enterprise Architectures for a Substation Password Management System
CIGRÉ Canada 21, rue d Artois, F-75008 PARIS (154) Conference on Power Systems http : //www.cigre.org Toronto, October 4-6, 2009 Open Enterprise Architectures for a Substation Password Management System
More informationThe Nexpose Expert System
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results
More informationBladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture
BladeLogic Software-as-a- Service (SaaS) Solution Help reduce operating cost, improve security compliance, strengthen cybersecurity posture February 20, 2014 Contents The Configuration Security Compliance
More informationHow To Use Qqsguard At The University Of Minneapolis
Qualys is a vulnerability scanner that is used for critical servers and servers subject to compliance reporting. This scanner is not generally to be used for desktop or laptop scanning. OIT has purchased
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationCyber Security Standards: Version 5 Revisions. Security Reliability Program 2015
Cyber Security Standards: Version 5 Revisions Security Reliability Program 2015 Overview of Development Activities The Team Standard Drafting Team (SDT) appointed to address these revisions in Project
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More information