CONCEPTS IN CYBER SECURITY

Similar documents
Why you should adopt the NIST Cybersecurity Framework

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

Why you should adopt the NIST Cybersecurity Framework

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

Risk Management in Practice A Guide for the Electric Sector

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

How To Understand And Manage Cybersecurity Risk

Resilient and Secure Solutions for the Water/Wastewater Industry

The NIST Cybersecurity Framework

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

How To Write A Cybersecurity Framework

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Keeping the Lights On

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Logging In: Auditing Cybersecurity in an Unsecure World

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

CYBER SECURITY POLICY For Managers of Drinking Water Systems

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

GEARS Cyber-Security Services

Defending Against Data Beaches: Internal Controls for Cybersecurity

Building Security In:

NIST Cybersecurity Framework & A Tale of Two Criticalities

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Verve Security Center

The Protection Mission a constant endeavor

Which cybersecurity standard is most relevant for a water utility?

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Cybersecurity: What CFO s Need to Know

Cybersecurity Framework: Current Status and Next Steps

NIST Cybersecurity Framework What It Means for Energy Companies

Critical Controls for Cyber Security.

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Happy First Anniversary NIST Cybersecurity Framework:

Security Policy for External Customers

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Water Sector Approach to Cybersecurity Risk Management

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Industrial Cyber Security 101. Mike Spear

Cyber Security and Privacy - Program 183

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

LogRhythm and NERC CIP Compliance

Obtaining Enterprise Cybersituational

Supplier Information Security Addendum for GE Restricted Data

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

Standard CIP Cyber Security Systems Security Management

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Information Blue Valley Schools FEBRUARY 2015

Building Insecurity Lisa Kaiser

MEDICAL DEVICE Cybersecurity.

GE Measurement & Control. Cyber Security for NERC CIP Compliance

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SANS Top 20 Critical Controls for Effective Cyber Defense

Standard CIP 007 3a Cyber Security Systems Security Management

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

istockphoto/ljupco 36 June 2015 practicallaw.com 2015 Thomson Reuters. All rights reserved.

Risk Management and Cybersecurity for Devices that Contain Software. Seth D. Carmody, Ph.D. 12 th Medical Device Quality Congress March 18, 2015

Information Shield Solution Matrix for CIP Security Standards

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Protecting productivity with Plant Security Services

SCADA City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Symphony Plus Cyber security for the power and water industries

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

Average annual cost of security incidents

Department of Management Services. Request for Information

IBX Business Network Platform Information Security Controls Document Classification [Public]

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Ed McMurray, CISA, CISSP, CTGA CoNetrix

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Attachment A. Identification of Risks/Cybersecurity Governance

Big Data, Big Risk, Big Rewards. Hussein Syed

Threat Management: Incident Handling. Incident Response Plan

Transcription:

CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1

OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE EXAMPLES REFERENCES 2

US CRITICAL INFRASTRUCTURE Chemical Sector Defense Industrial Base Sector Government Facilities Sector Transportation Systems Sector Commercial Facilities Sector Emergency Services Sector Healthcare and Public Health Sector Water and Wastewater Systems Sector Communications Sector Energy Sector Information Technology Sector Critical Manufacturing Sector Financial Services Sector Nuclear Reactors, Materials, and Waste Sector Dams Sector Food and Agriculture Sector

NIST FRAMEWORK UPDATE FEB 12, 2013 EXECUTIVE ORDER EXECUTIVE ORDER 13636 IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY FEB 12, 2014 FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBER SECURITY, V1.0 COMPENDIUM OF INFORMATIVE REFERENCES REVIEW OF OVER 320 NATIONAL & INTERNATIONAL STANDARDS, GUIDELINES, DIRECTIVES, BEST PRACTICES, MODELS, SPECIFICATIONS, POLICIES AND REGULATIONS, INCLUDING INPUT FROM: ANSI ISA NERC API ISO IEC NEI NIST NFPA OIG OLF OPC SANS TIA 4

NIST FRAMEWORK CONCEPTS THE FRAMEWORK COMPLEMENTS, AND DOES NOT REPLACE, AN ORGANIZATION S EXISTING BUSINESS OR CYBERSECURITY RISK MANAGEMENT PROCESS AND CYBERSECURITY PROGRAM. RATHER, THE ORGANIZATION CAN USE ITS CURRENT PROCESSES AND LEVERAGE THE FRAMEWORK TO IDENTIFY OPPORTUNITIES TO IMPROVE AN ORGANIZATION S CYBERSECURITY RISK MANAGEMENT. ALTERNATIVELY, AN ORGANIZATION WITHOUT AN EXISTING CYBERSECURITY PROGRAM CAN USE THE FRAMEWORK AS A REFERENCE WHEN ESTABLISHING ONE. KEY CONCEPTS FRAMEWORK CORE FRAMEWORK IMPLEMENTATION TIERS FRAMEWORK PROFILE 5

NIST FRAMEWORK CONCEPTS CORE FUNCTIONS CATEGORIES SUBCATEGORIES INFORMATIVE REFERENCE TIER 0 - PARTIAL 1- RISK INFORMED 2 - REPEATABLE 3 - ADAPTIVE PROFILE ESTABLISH A ROADMAP Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 6

FRAMEWORK CORE Function Category Subcategory Informative Reference(s) IDENTIFY PROTECT DETECT RESPOND RECOVER Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 7

NIST FRAMEWORK FUNCTIONS IDENTIFY DEVELOP THE ORGANIZATIONAL UNDERSTANDING TO MANAGE CYBERSECURITY RISK TO SYSTEMS, ASSETS, DATA, AND CAPABILITIES. THE ACTIVITIES IN THE IDENTIFY FUNCTION ARE FOUNDATIONAL FOR EFFECTIVE USE OF THE FRAMEWORK. UNDERSTANDING THE BUSINESS CONTEXT, THE RESOURCES THAT SUPPORT CRITICAL FUNCTIONS, AND THE RELATED CYBERSECURITY RISKS ENABLES AN ORGANIZATION TO FOCUS AND PRIORITIZE ITS EFFORTS, CONSISTENT WITH ITS RISK MANAGEMENT STRATEGY AND BUSINESS NEEDS. EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: ASSET MANAGEMENT; BUSINESS ENVIRONMENT; GOVERNANCE; RISK ASSESSMENT; AND RISK MANAGEMENT STRATEGY. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 8

NIST FRAMEWORK CYBERSECURITY CONTROLS IDENTIFY PLANT REFERENCE POLICIES ROLES & RESPONSIBILITIES RISK ASSESSMENT EQUIPMENT LIST AREA / PROCESS CLASSIFICATION P&ID S CYBER CONTROL POLICIES ROLES & RESPONSIBILITIES VULNERABILITY ASSESSMENT ASSET / APPLICATION LIST ASSET / APPLICATION CLASSIFICATION NETWORK DIAGRAMS 9

NIST FRAMEWORK FUNCTIONS PROTECT DEVELOP AND IMPLEMENT THE APPROPRIATE SAFEGUARDS TO ENSURE DELIVERY OF CRITICAL INFRASTRUCTURE SERVICES. THE PROTECT FUNCTION SUPPORTS THE ABILITY TO LIMIT OR CONTAIN THE IMPACT OF A POTENTIAL CYBERSECURITY EVENT. EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: ACCESS CONTROL; AWARENESS AND TRAINING; DATA SECURITY; INFORMATION PROTECTION PROCESSES AND PROCEDURES; MAINTENANCE; AND PROTECTIVE TECHNOLOGY. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 10

NIST FRAMEWORK CYBERSECURITY CONTROLS PROTECT PLANT REFERENCE TRAINING BACKGROUND CHECKS GUARDS CARD KEYS / BADGES ESCORTED ACCESS KEYED LOCKS / LOTO LEAST PRIVILEGE ACCESS PROCEDURES JOB SAFETY ASSESSMENT CYBER CONTROL TRAINING ANTI-VIRUS & PATCHING FIREWALLS CARD KEYS / BADGES ESCORTED ACCESS LOGICAL ACCESS CONTROL LEAST PRIVILEGE ACCESS PROCEDURES CONFIGURATION CHANGE MANAGEMENT 11

NIST FRAMEWORK FUNCTIONS DETECT DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO IDENTIFY THE OCCURRENCE OF A CYBERSECURITY EVENT. THE DETECT FUNCTION ENABLES TIMELY DISCOVERY OF CYBERSECURITY EVENTS. EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: ANOMALIES AND EVENTS; SECURITY CONTINUOUS MONITORING; AND DETECTION PROCESSES. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 12

NIST FRAMEWORK CYBERSECURITY CONTROLS DETECT PLANT REFERENCE LOGS / OPERATOR ROUNDS CAMERA / MOTION DETECT ANALYZERS ALARMS / ALERTS UNAUTHORIZED PERSONNEL INTERVENTION CYBER CONTROL LOGS, SECURITY INFORMATION & EVENT MONITOR (SIEM) INTRUSION DETECTION NETWORK PERFORMANCE MONITORING ALARMS / ALERTS ROGUE DEVICE DETECTION 13

NIST FRAMEWORK FUNCTIONS RESPOND DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO TAKE ACTION REGARDING A DETECTED CYBERSECURITY EVENT. THE RESPOND FUNCTION SUPPORTS THE ABILITY TO CONTAIN THE IMPACT OF A POTENTIAL CYBERSECURITY EVENT. EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: RESPONSE PLANNING; COMMUNICATIONS; ANALYSIS; MITIGATION; AND IMPROVEMENTS. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 14

NIST FRAMEWORK CYBERSECURITY CONTROLS RESPOND PLANT REFERENCE EMERGENCY RESPONSE PLANNING EXECUTE EMERGENCY RESPONSE PLAN NOTIFY AUTHORITIES ISOLATE & PRESERVE INITIATE RECOVERY UPDATE RESPONSE PLAN CYBER CONTROL EMERGENCY RESPONSE PLANNING EXECUTE EMERGENCY RESPONSE PLAN NOTIFY AUTHORITIES ISOLATE & PRESERVE INITIATE RECOVERY UPDATE RESPONSE PLAN 15

NIST FRAMEWORK FUNCTIONS RECOVER DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO MAINTAIN PLANS FOR RESILIENCE AND TO RESTORE ANY CAPABILITIES OR SERVICES THAT WERE IMPAIRED DUE TO A CYBERSECURITY EVENT. THE RECOVER FUNCTION SUPPORTS TIMELY RECOVERY TO NORMAL OPERATIONS TO REDUCE THE IMPACT FROM A CYBERSECURITY EVENT. EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: RECOVERY PLANNING; IMPROVEMENTS; AND COMMUNICATIONS. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014 16

NIST FRAMEWORK CYBERSECURITY CONTROLS RECOVER PLANT REFERENCE BYPASS IMPLEMENT SPARE REPAIR/REBUILD/REPLACE RESET CYBER CONTROL ALTERNATE CONTROLS IMPLEMENT SPARE REPAIR/REBUILD/REPLACE RESET 17

GET HELP REGULATORY BODY RESEARCHERS VENDORS CONSULTANTS American Water Works Association (AWWA) http://www.awwa.org/resources-tools/water-utility-management/cybersecurityguidance.aspx National Institute of Standards and Technology (NIST) Computer Security Division www.nist.gov/itl/csd/ United States Computer Emergency Readiness Team (US-CERT) www.us-cert.gov Critical Infrastructure & Security Practice (CISP) iom.invensys.com/cybersecurity gary.kneeland@schneider-electric.com

19

20

21

22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information