Cyber Security Framework: Intel s Implementation Tools & Approach

Similar documents
Intel Platform Controller Hub EG20T

Upgrading Intel AMT 5.0 drivers to Linux kernel v2.6.31

Development for Mobile Devices Tools from Intel, Platform of Your Choice!

PHYSICAL CORES V. ENHANCED THREADING SOFTWARE: PERFORMANCE EVALUATION WHITEPAPER

ARM* to Intel Atom Microarchitecture - A Migration Study

Developing secure software A practical approach

Internal LVDS Dynamic Backlight Brightness Control

Implementing the U.S. Cybersecurity Framework at Intel A Case Study

DDR2 x16 Hardware Implementation Utilizing the Intel EP80579 Integrated Processor Product Line

An Architecture to Deliver a Healthcare Dial-tone

Intel IXP42X Product Line of Network Processors and IXC1100 Control Plane Processor: Spread-Spectrum Clocking to Reduce EMI

Processor Reorder Buffer (ROB) Timeout

Using GStreamer for hardware accelerated video decoding on Intel Atom Processor E6xx series

White Paper David Hibler Jr Platform Solutions Engineer Intel Corporation. Considerations for designing an Embedded IA System with DDR3 ECC SO-DIMMs

CT Bus Clock Fallback for Linux Operating Systems

Xen in Embedded Systems. Ray Kinsella Senior Software Engineer Embedded and Communications Group Intel Corporation

How To Install An Intel System Studio 2015 For Windows* For Free On A Computer Or Mac Or Ipa (For Free)

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

Embedded Controller Usage in Low Power Embedded Designs

Intel Rapid Storage Technology (Intel RST) in Linux*

Using Windows* 7/Windows Embedded Standard 7* with Platforms Based on the Intel Atom Processor Z670/Z650 and Intel SM35 Express Chipset

Intel EP80579 Software for Security Applications on Intel QuickAssist Technology Cryptographic API Reference

Intel(R) IT Director User's Guide

Contents Overview and Product Contents

Accessing the Real Time Clock Registers and the NMI Enable Bit

Debugging Machine Check Exceptions on Embedded IA Platforms

The Cybersecurity Framework in Action: An Intel Use Case

Implementing Multiple Displays with IEGD Multi-GPU - Multi-Monitor Mode on Intel Atom Processor with Intel System Controller Hub US15W Chipset

Inside Linux* graphics

Intel Dialogic System Software for PCI Products on Windows

Enabling new usage models for Intel Embedded Platforms

Device Management API for Windows* and Linux* Operating Systems

Enhanced Intel SpeedStep Technology for the Intel Pentium M Processor

White Paper Amit Aneja Platform Architect Intel Corporation. Xen* Hypervisor Case Study - Designing Embedded Virtualized Intel Architecture Platforms

Product Change Notification

Considerations for Designing an Embedded Intel Architecture System with System Memory Down

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Software PBX Performance on Intel Multi- Core Platforms - a Study of Asterisk* White Paper

Intel EP80579 Software for IP Telephony Applications on Intel QuickAssist Technology

Unleashing Linux*-Based Secure Storage Performance with Intel AES New Instructions

Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction

Intel Parallel Studio XE 2015 Cluster Edition

CPU Monitoring With DTS/PECI

Tip and Technique on creating adhoc reports in IBM Cognos Controller

50x Zettabytes*

The new Manage Requisition Approval task provides a simple and user-friendly interface for approval rules management. This task allows you to:

Serial ATA II Native Command Queuing Overview

Why Finance Should Automate Management & Regulatory Reporting Processes

IBM Cognos 10: Enhancing query processing performance for IBM Netezza appliances

Framework for Improving Critical Infrastructure Cybersecurity

Intel Desktop public roadmap

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

White Paper James Coleman Performance Architect Intel Corporation. Reducing Interrupt Latency Through the Use of Message Signaled Interrupts

IBM Software Services for Collaboration

Page Modification Logging for Virtual Machine Monitor White Paper

Intel Server Raid Controller. RAID Configuration Utility (RCU)

Title. Click to edit Master text styles Second level Third level

How To Write A Cybersecurity Framework

Linux Power Management

Intel Parallel Studio XE 2015 Update 1 Cluster Edition

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

Intel Core 2 Duo Mobile Processors on 45-nm process for Embedded Applications

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Intel Core TM 2 Duo E6400, E4300, and Intel Pentium Dual-Core E2160 Processor

SNMP Agent Software for Windows Operating Systems

Framework for Improving Critical Infrastructure Cybersecurity

Product Change Notification PCN

Hardware- Accelerated Video Decode on the Intel Atom Processor with the Intel System Controller Hub US15W Chipset Platform

Cybersecurity Framework: Current Status and Next Steps

Building Security In:

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

How to Deliver Measurable Business Value with the Enterprise CMDB

About Intel Virtualization Technology

Oracle Sales Cloud for Consumer Goods

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Reducing Risk Through Effective Certificate Management

Intel Sideband Technology. AN OVERVIEW OF THE INTEL SERVER MANAGEABILITY INTERFACES Intel LAN Access Division

Understanding the NIST Cybersecurity Framework September 30, 2014

Intel Fortran Building Applications. Document Number: US

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Oracle Fusion Incentive Compensation

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Platform LSF Version 9 Release 1.2. Migrating on Windows SC

Intel Desktop Board DG43RK

An Oracle White Paper May The Role of Project and Portfolio Management Systems in Driving Business and IT Strategy Execution

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

Tapping the benefits of business analytics and optimization

Intel Communications Chipset 8900 to 8920 Series Software

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Transcription:

Cyber Security Framework: Intel s Implementation Tools & Approach Tim Casey Senior Strategic Risk Analyst @timcaseycyber NIST Workshop #6 October 29, 2014

Intel s Goals in Using the CSF Establish alignment on risk tolerance Inform budget planning for 2015 Communicate risk heat map to Senior Leadership CSF as risk management approach NOT a compliance checklist! 2

Strategy: 3-Phase Approach Infrastructure Align Macro-level risk management practices to CSF Focus initially on OFFICE and ENTERPRISE Perform initial CSF assessment against infrastructure We are here Product Explore mapping of products and services capabilities to CSF Examine product assurance initiatives (SDL, etc.) through CSF lens Supply Chain/Third Party Contracting Examine and potentially pilot contracting updates to align to CSF language

Infrastructure Assessment Process Set Targets Establish Core Group (key SME s and Managers) Evaluate and modify Categories and Subcategories F2F Session with Core Group to set targets and score actuals (2x4 hour sessions/8-10 SME s) Validate Targets with Decision Makers (CISO & Staff) Assess Current State Identify Key SME Scorers Train SMEs (virtual 1 hour sessions) SME Use Tools to self score [note: SME s do not know Targets] Analyze Results Aggregate Individual SME roll-up with Core Team Actuals and compare to Targets Use simple heat map to identify gaps >1 Drill down on subcategories for identified gaps >1 to identify key issues Communicate Results Review findings & recommendations with CISO & Staff Inform impacted Managers to ensure prioritization feed into budget and planning cycles Brief Senior Leadership on findings and resulting recommendations

SME Rollup 1 1 Mapping highlighted outliers and major differences 5

SME-Core Target Roll Up Significant differences between Core and Individual scores can highlight visibility issues High 2 s Focus Areas stand out Results matched Gut Check expectations 6

Management Outcomes Program Management CSF utilization has progressed with no major deviations from plan of record Very light-weight organizationally leveraged existing processes & org structures Estimated Cost Less than 150 work-hours invested to date with 2 focus areas (Office & Enterprise) complete Repeatable tools & techniques developed so additional areas may be less overhead Feedback from Participants Easy to understand and score No push back on resourcing or time commits Participants see value, with key concerns being granularity and repeatability

Key Learnings Setting Targets is a very valuable exercise Discussions on Tiers and Targets was enlightening and furthered intra-company alignment Categories Categories were useful and for our initial use only one additional Category added DETECT: THREAT INTELLIGENCE We expect additional Categories to emerge as we move through Design, Manufacturing, and Services environments Sub Categories Still a bit of a puzzle on how to optimally use this granularity while balancing overhead Next rev of tool will do away with scoring subcategories and use over/under model for heat mapping inputs

Summary This is a journey. Informed internal discussion is a key aspect of any risk management program the CSF fosters this well For Intel, a relatively low-cost and low-impact process modification Improved harmonization of risk management methodologies and a common language across internal stakeholder communities Improved visibility into our risk landscape

This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. BunnyPeople, Celeron, Celeron Inside, Centrino, Centrino Inside, Core Inside, i960, Intel, the Intel logo, Intel AppUp, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, the Intel Inside logo, Intel NetBurst, Intel NetMerge, Intel NetStructure, Intel SingleDriver, Intel SpeedStep, Intel Sponsors of Tomorrow., the Intel Sponsors of Tomorrow. logo, Intel StrataFlash, Intel Viiv, Intel vpro, Intel XScale, InTru, the InTru logo, InTru soundmark, Itanium, Itanium Inside, MCS, MMX, Moblin, Pentium, Pentium Inside, skoool, the skoool logo, Sound Mark, The Journey Inside, vpro Inside, VTune, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries. *Other names and brands may be claimed as the property of others. Copyright 2014, Intel Corporation. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information