Cybersecurity Leadership
|
|
- Godwin Gilmore
- 8 years ago
- Views:
Transcription
1 Cybersecurity Leadership How does Dynamic Enterprise Security Governance benefit ICS Security? Christopher A. Peters May 1, 2014
2 Overview A Perilous Time in Boston during 1775 Fast Forward Today Internal Challenges Leadership-driven Solutions Lessons, Benefits, Take-aways 2
3 1775: FUD Headlines Lexington Post Paul Revere: The British Are Coming! Boston Intelligencer Extra Battle of Bunker Hill Rages Patriots Hold Fire Until Whites of Eyes Seen 3
4 Boston 1775: Situation Dire Washington Howe 4
5 Boston 1775: The Paradigm Shift Fort Ticonderoga Washington Turns to Henry Knox 25 Years Old Former Street Fighter Boston Book Seller Paradigm Shifter Guns of Ticonderoga Boston Moves 59 Pieces of Artillery Miles - to Dorchester Heights Middle of the Winter! 5
6 Boston March 1776: British Evacuate! We must acknowledge two additional considerations that are significant as multipliers of combat power: SURPRISE and BOLDNESS MCDP-1 Warfighting 6
7 2014 FUD Headlines
8 A Big Company with Big Challenges 15,500 miles of Transmission Lines 1,800 Substations 82 Fossil Units 11 Nuclear Units 30,000 MW of Generating Capacity 2.7 Million Customers 2 nd Largest Provider of Nuclear Power in the US 8
9 Enterprise Security Governance To achieve a sustainable capability, organizations must make enterprise security the responsibility of leaders at a governance level, not of other organizational roles that lack the authority, accountability, and resources to act and enforce compliance.* WE NEEDED TO ENHANCE OUR CYBER GOVERNANCE Elevate Executive Awareness Comprehensive Strategy Workforce and Vendor Management Long-term Capital Planning Technology Alignment Across the Enterprise Regulatory Excellence Building Accountability IN OTHER WORDS. WE NEEDED TO BE BETTER LEADERS! 9 * Carnegie Mellon University
10 Problems Problems: 85% of people don t care that you have problems at your company; the other 15% are glad you have them Lou Holtz * WE ALL HAVE PROBLEMS THAT REQUIRE SOLUTIONS! 10
11 Problem #1: Asymmetric Threats Put simply, asymmetric threats or techniques are a version of not "fighting fair," which can include the use of surprise in all its operational and strategic dimensions and the use of weapons in ways unplanned by the United States. Strategy that fundamentally alters the terrain on which a conflict is fought. 11
12 Problem #2: Multiple Regulations Impossible to Govern in Silos Single Version of the Truth is Essential! Cost Technology Performance Compliance 12
13 Problem #3: Geographically Dispersed ICS Silos Energy Delivery Fossil Generation Systems Planning and Operation (SPO) Entergy Wholesale Commodities (EWC) Nuclear Business unit responsible for the transmission and distribution system of the Entergy operating companies. Business unit which operates and supports 89 Entergy fossil and hydro generating units. Business Unit responsible for dispatching generation, acquiring fuel, and procuring resources to meet Entergy s needs. Business Unit responsible for the functions and assets of Entergy's non-utility generation business. Business Unit responsible for operating 11 reactors in 9 locations across Entergy s Northeast and Southern locations. 13
14 The best way to predict the future is to create it. Peter Drucker Questions? 14
15 Strategy Design Enhance Governance and Oversight Centralize CIP, OT, and IT Capital/O&M Planning Connect the Business Establish Command and Control Build the Cross-Functional Cybersecurity Team Strengthen the Culture Implement Continuous Monitoring 15
16 Leadership Objective #1: Take Action We don t have a 5 Year Plan; we have a 5 minute Plan! 16
17 Leadership Objective #2: Keep it Simple 17
18 Leadership Objectives #3 and 4: Operate in the Fog and Drive Solutions Cyber Fog: Learn to minimize the impact! 18
19 Solutions and Benefits
20 1. Connect the Business Transmission Generation Systems Planning Entergy Wholesale Nuclear Forge Connections Reduce Friction Address Corporate-wide Operational Risk Issues Make Decisions 20
21 2. Strengthen Cyber Security Governance Oversight Structures OCE (especially CFO and COO, and EVP, HR&A) Reliability Oversight Committee Corporate Compliance Committee Information Technology Advisory Council Cyber Security Leadership Team Management VP, Chief Information Officer Director, Corporate IT Security VP, Critical Infrastructure Protection Director, Corporate Security Functional Cyber Security Oversight Committees Workforce Transmission System Planning and Operations Fossil Nuclear Entergy Wholesale Commodities Single View Technology Finance Awareness Compliance Policies and Procedures Laws and Regulations 22
22 3. Build a Cross-Functional Team NIST SP Securing Industrial Control Systems New Capabilities to Augment Existing Personnel Executive Leadership Operational IT Management Internal / External IT Audit and Advisory experience Broad-based industry experience The 360 View Utilities, Oil and Gas, Healthcare, Department of Defense, Fortune 500 Manufacturing, Banking, Telecommunications, Nuclear Multiple Frameworks COBIT, COSO, NIST, HIPAA, ITIL, ISO, GAAP Human Capital Planning is Critical to Success! 22
23 4. Strengthen the Culture Culture of Security, Leadership, and Compliance Office of the Chief Executive Briefings Cross-Business Unit Awareness Webinars Briefings with the Entergy Chief Operating Officer Training Public-Private Partnership Participation Encourage Tactful Dissent 23
24 5. Establish Command and Control Inventories Situational Awareness Executive Reporting Decision Making Trend and Causal Analysis Regulatory Status Capital and O&M Spending Threat Management and Status Monitoring Technology Deployment 24
25 6. Information Sharing Nuclear Energy Institute (NEI) Edison Electric Institute (EEI) North American Transmission Forum (NATF) Electric Power Research Institute (EPRI) ES-ISAC Intelligence Community Law Enforcement Louisiana Fusion Center Homeland Security 26
26 7. Monitor Our Security and Compliance State Programs to assess the effectiveness of our controls NIST Penetration Testing NERC CIP Cyber Vulnerability testing Readiness Assessments Internal Audit General IT Controls Testing Identify and Remediate gaps, vulnerabilities, and weakness Remediate Implement Security Controls Assess Monitor 27
27 Benefits Senior Executive Engagement Informed Decision Making 5 Year Capital Plan Improved Efficiency and Performance Strengthened Entergy and Vendor Workforce Rapid Reaction to Change Enhanced Cyber Protections through Technology Roadmapping Lessons Learned Senior Executive Leadership is Essential! 3 Types of People to Get On the Bus Action Oriented Operate in the Fog Work Across Multiple Organizations Tap the Existing Talent Pool Fundamentals are King Think Enterprise Leadership Takeaways Take Action Operate Seamlessly in the Fog Keep it Simple Drive Solutions Last Word: Never underestimate the impact that effective leadership has on the security state of your organization 29
RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationISE Northeast Executive Forum and Awards
ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information
More informationUtility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities
Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities PART 1 OPERATIONAL AND CYBER SECURITY WITH AlertEnterprise WEDNESDAY, APRIL 30 Monthly Virtual Events Last Wednesday
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationAn International Perspective on Security and Compliance
UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial
More informationPREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationVoluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council
Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Technical Conference on Critical Infrastructure Protection Issues Identified in Order No. 791 Prepared Statement of Melanie Seader, Senior
More informationRebecca Massello Energetics Incorporated
Cybersecurity Procurement Language for Energy Delivery Systems Rebecca Massello Energetics Incorporated NRECA TechAdvantage February 25, 2015 Talking Points What is this document? Who can use this document
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationElectricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationIT Security & Compliance Risk Assessment Capabilities
ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,
More informationDr. Anton Chuvakin @ Security Warrior Consulting
Dr. Anton Chuvakin @ Consulting Services Summary Updated: February 2010 Introduction provides strategic consulting services focused on Security Information and Event Management (SIEM) and log management
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationRegulatory Compliance Management for Energy and Utilities
Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationKeeping the Lights On: Security Priorities for the 21 st Century. Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory
Keeping the Lights On: Security Priorities for the 21 st Century Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory The PSEG Companies PSEG Fast Facts Assets: $32.5 billion
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationA Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst
TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY
More informationICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention
More informationISACA North Dallas Chapter
ISACA rth Dallas Chapter Business Continuity Planning Observations of Critical Infrastructure Environments Ron Blume, P.E. Ron.blume@dyonyx.com 214-280-8925 Focus of Discussion Business Impact Analysis
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationAddressing Dynamic Threats to the Electric Power Grid Through Resilience
Addressing Dynamic Threats to the Electric Power Grid Through Resilience NOVEMBER 2014 INTRODUCTION The U.S. electric power grid is an interconnected system made up of power generation, transmission, and
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Tobias Whitney, Manager of CIP Compliance (NERC) Carl Herron, Physical Security Leader (NERC) NERC Sub-Committee Meeting New Orleans, Louisiana CIP-014
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationCYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH
CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH Matthew J. Butkovic, CISSP Carnegie Mellon University, The Software Engineering Institute, CERT Samuel A. Merrell, CISSP Carnegie Mellon University,
More informationU.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO
U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and
More informationHelp for the Developers of Control System Cyber Security Standards
INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Exelon Corporation Cybersecurity Supply Chain Risk Management INTERVIEWS Spencer Wilcox Managing Security Strategist and Special Assistant to the Chief
More informationFrom Information Management to Information Governance: The New Paradigm
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
More informationNIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH
NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case
More informationStatement for the Record
Statement for the Record Robert M. Blue President Dominion Virginia Power Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities Quadrennial Energy Review Task Force April 11, 2014
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationSecure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services
Secure360 Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Question about Life HOW DO YOU KNOW IF YOU ARE GETTING THE MOST OUT
More informationSan Antonio, TX, August 7, 2011 National Association of Regulatory Utility Commissioners Miles Keogh Christina Cody
San Antonio, TX, August 7, 2011 National Association of Regulatory Utility Commissioners Miles Keogh Christina Cody NARUC & Critical Infrastructure Committee Chair: Commissioner Elizabeth Fleming, South
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationAchieving Security through Compliance
Achieving Security through Compliance Policies, plans, and procedures Table of Contents This white paper was written by: McAfee Foundstone Professional Services Overview...3 The Rock Foundation...3 Governance...3
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationDecades of experience. 47,000 MW. of operational assets. Top-decile performance. It all means more profitability for you.
Decades of experience. 47,000 MW of operational assets. Top-decile performance. It all means more profitability for you. Maximum availability is our mission. Top-decile performance is our measure. Those
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationA Cybersecurity Strategy
A Cybersecurity Strategy How Stop Worrying and Love the Cybersecurity Strategy Lockdown 2015 University of Wisconsin Madison 2 Elements of a Cybersecurity Strategy 1. Have a commonly agreed to purpose
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationGovernance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009
Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 JASON C. RICHARDS CHIEF INFORMATION SECURITY OFFICER VIRGINIA COMMUNITY COLLEGE SYSTEM
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationImproving Energy Infrastructure Security: Costs and Consequences
Improving Energy Infrastructure Security: Costs and Consequences Alex Farrell 1,Hisham Zerriffi 2, Lester Lave 2, Granger Morgan 2 1 Energy and Resources Group, UC Berkeley 2 Dept. of Engineering and Public
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationFlexible, Life-Cycle Support for Unique Mission Requirements
Flexible, Life-Cycle Support for Unique Mission Requirements We Meet the Need Anytime, Anywhere, Any Mission The customers we serve are diverse and so are their requirements. Transformational logistics
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationMeeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes
Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Dennis Lanahan June 1, 2015 Securing the convergence of OT and IT with ST 1 Introduction to Owl US US Owned and & Operated Product
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationAn integrated approach to managing today s energy and utility assets
IBM Software Thought Leadership White Paper September 2011 An integrated approach to managing today s energy and utility assets IBM Maximo Asset Management addresses physical, human and technology challenges
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationSmart Grid. System of Systems Architectures
Smart Grid System of Systems Architectures Systems Evolution to Guide Strategic Investments in Modernizing the Electric Grid K. Mani Chandy, California Institute of Technology Jeff Gooding, Southern California
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationUtilities Webinar Asset Lifecycle Management and Capital Projects & Infrastructure
Utilities Webinar Asset Lifecycle Management and Capital Projects & Infrastructure October 31, 2013 Agenda 1. Context - the Utility CEO s Agenda 2. Asset Lifecycle Management and Utilities 3. What s at
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationUnderstanding the Electric Power Industry s Response and Restoration Process
Understanding the Electric Power Industry s Response and Restoration Process Electricity is a crucial product many of us take for granted. We scarcely think about it, unless we don t have it. Because electricity
More informationDr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT
Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT December 3, 2013 slide 1 A global leader in power and
More informationAmid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry
Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry IT leaders are battening down the hatches, according to Protiviti s latest
More informationAchieving Security through Compliance
White Paper Achieving Security through Compliance Policies, plans, and procedures Part I By Jeff Tucker, Principal Security Consultant McAfee Foundstone Professional Services Table of Contents Overview
More informationDesigning Compliant and Sustainable Security Programs 1 Introduction
Designing Compliant and Sustainable Security Programs 1 Introduction The subject of this White Paper addresses several methods that have been successfully employed by DYONYX to efficiently design, and
More informationBridging the Security Governance Divide in Utilities
Bridging the Security Governance Divide in Utilities About Me Energy Security Advisor to utilities, regulators, integrators, energy start-ups Member: GTM GridEdge Exec Council ISC-ISAC Corporate Board
More informationCyber security: Practical Utility Programs that Work
Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009 The Electric Grid - Challenges
More informationRoadmaps to Securing Industrial Control Systems
Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick
More informationWhere insights lead Cybersecurity and the role of internal audit: An urgent call to action
Where insights lead Cybersecurity and the role of internal audit: An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)
Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one
More information