GEN-14 Cyber Security Solutions for Less Regulated Industries
|
|
- Gilbert Poole
- 6 years ago
- Views:
Transcription
1 Slide 1
2 GEN-14 Cyber Security Solutions for Less Regulated Industries Douglas Clifton Tim Johnson Michael Martinez #SoftwareRevolution Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
3 Agenda 1. Cyber Security Compliance 2. Technology 3. Invensys Critical Infrastructure & Security Practice (CISP) Slide 3
4 Cyber Security Compliance Michael Martinez 2013 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
5 What is Cyber Security? Slide 5
6 Cyber Security Compliance Why do it? Increase safety Protect intellectual property Reduce down time Industry or internal policy It could be the law How to do it? Leverage product security features Augment with cyber security knowledge and solutions Repeat Slide 6
7 It s all about compliance Customer requirements built on customer expectations Customer compliance Regulatory requirements Cyber security solutions Product security standards Development Slide 7
8 Product v. Client Compliance Invensys fills the GAP between product offering and client compliance needs. Invensys Product Development Concerns Customer Concerns ISASecure NEI Achilles ISA 99 WIB NIST SP MS SDL ISO/IEC Etc. 6 CFR 27 (CFATS) NERC CIP ANSI/AWWA G CFR 195 API 1164 Slide 8
9 February 12, 2013 Executive Order Improving Critical Infrastructure Cyber Security Sec 6. Consultative Process calls for DHS to work with existing Sector Coordinating Councils (SCC) or the transportation sector in the case of pipelines Sec 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure Call for NIST to establish a Cybersecurity Framework within approx 1 year of order (Feb 12,2013) Sec. 8. Voluntary Critical Infrastructure Cybersecurity Program temporary Sec. 9. Identification of Critical Infrastructure at Greatest Risk within 150 days of order these assets shall be identified Sec. 10. Adoption of Framework within 90 days of final framework, the existing sectors must report on their ability to comply with framework special attention to Sec 9 assets If they do not/cannot comply, then other agencies must step in to define mitigating actions. Slide 9
10 U.S. Critical Infrastructure Chemical Sector Emergency Services Sector Information Technology Sector Commercial Facilities Sector Energy Sector Nuclear Reactors, Materials, and Waste Sector Communications Sector Financial Services Sector Critical Manufacturing Sector Food and Agriculture Sector Dams Sector Government Facilities Sector Defense Industrial Base Sector Healthcare and Public Health Sector Slide 10 Transportation Systems Sector Water and Wastewater Systems Sector
11 NIST Framework Update February 12, 2013 Executive Order Executive Order Improving Critical Infrastructure Cyber Security September 11-13, 2013 Fourth Cyber Security Framework Workshop Draft Compendium of Informative References Review of over 320 National and International Standards, Guidelines, Directives, Best Practices, Models, Specifications, Policies, and Regulations, including input from: ANSI ISA NERC API ISO IEC NEI NIST NFPA OIG OLF OPC SANS TIA Discussion Draft of the Preliminary Cybersecurity Framework, August 28, 2013 Slide 11
12 NIST Framework Concepts The framework complements, and does not replace, an organization s existing business or cyber security risk management process and cyber security program. Rather, the organization can use its current processes and leverage the framework to identify opportunities to improve an organization s cyber security risk management. Alternatively, an organization without an existing cyber security program can use the framework as a reference when establishing one. Key Concepts Framework Core Framework Implementation Tiers Framework Profile Discussion Draft of the Preliminary Cybersecurity Framework, August 28, 2013 Slide 12
13 NIST Framework Concepts Core Tier Functions 0 - Partial Categories 1- Risk Informed Subcategories 2 - Repeatable Informative Reference 3 - Adaptive Discussion Draft of the Preliminary Cybersecurity Framework, August 28, 2013 Slide 13 Profile Establish a Roadmap
14 Framework Core Function Category Subcategory Informative Reference(s) IDENTIFY PROTECT DETECT RESPOND RECOVER Discussion Draft of the Preliminary Cybersecurity Framework, August 28, 2013 Slide 14 14
15 Products + Consulting = Compliance Invensys provides a full lifecycle Cyber Security Methodology, NOT a product-centric point solution like many IT-based security companies do. Point solutions such as anti-virus software or firewalls on their own fall short and miss the security target. The integration of sound cyber security best practices that encompass best-in-class COTS products provides and enables a complete and holistic cyber security compliance solution that hits the target. Slide 15
16 Technology Tim Johnson 2013 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
17 Impact of Cyber Security to Business 90% of companies suffered a cyber attack in the past 12 months Some suffered multiple Of all the attacks reported, 41% claimed at least half a million U.S. dollars ($500,000) in damages Other reported they were unable to determine their immediate losses. Slide 17 ICS-CERT responded to and investigated 198 cyber incidents (compared to 130 in 2011) The Energy sector was the most targeted industry in 2012, accounting for 41% of events The Water sector was the second most targeted industry in 2012, accounting for 15% of events The cyber security response team helped with incident responses for 23 oil/natural gas sector events Chemical organizations reported 7 incidents to ICS-CERT The Nuclear sector reported 6 incidents to ICS-CERT
18 Invensys Recommended Industrial Control System Security Features epolicy Orchestrator (epo) Anti Malware Host Intrusion Detection (HIDS) Data Loss Prevention (DLP) Active Directory (A/D) Hardened OS Whitelisting Backup Exec System Recovery (BESR) Slide 18
19 Cyber Security Best Practices Standards organizations like those in the image below help companies develop effective cyber security strategies. While these organizations have different approaches, they all have a common element to establish a best practice approach to cyber security. Slide 19
20 Cyber Security in Industry Control System Enhancements Consulting Services Sample Control Systems AND All Process Systems MS Active Directory Security Best Practices McAfee Suite epo, AV, DLP, Access Control / AD Workshop Symantec BESR Technology Workshop Product level patching Disaster Recovery Planning No Fixed Root User System Security Management Controls Whitelisting Hardened OS Etc. Slide 20 Patch Management (entire site)
21 Invensys Industrial Control System Security Features epolicy Orchestrator (epo) epolicy Orchestrator (epo) is a unifying security management open platform by McAfee. epo makes risk and compliance management simpler, enabling clients to connect security solutions to their enterprise infrastructure to increase visibility, gain efficiencies, and strengthen protection. Anti-Malware Virus scans prevent, detect, and remove malware, including but not limited to system viruses, computer viruses, computer worms, Trojan horses, spyware, and adware. Host Intrusion Detection System (HIDS) Host Intrusion Detection System (HIDS) monitors and analyzes the internals of a computing system. A host-based IDS monitors all or parts of the dynamic behavior and the state of a computer system. Slide 21
22 Invensys Industrial Control System Security Features Data Loss Prevention (DLP) Data Loss Prevention (DLP) systems enable organizations to reduce the corporate risk of the unintentional disclosure of confidential information. Active Directory (A/D) Active Directory (A/D) provides a central location for network administration and security. It authenticates and authorizes all users and computers in a Windows domain type network assigning and enforcing security policies for all computers and installing or updating software. Harden OS Factory hardening is a procedure that updates patches and anti-virus software and disables unused ports and services. System hardening is necessary because default operating system installations focus more on ease of use rather than security. Slide 22
23 Invensys Industrial Control System Security Features Whitelisting Whitelisting is the opposite of Blacklisting. Whitelists contain only those programs you wish to grant access to as opposed to those you do not. This makes Whitelisting a lot less labor intensive since you only have to keep up with the applications you know about. Backup Exec System Recovery (BESR) Centrally manage backup and recovery tasks for multiple desktops across the network. Schedule backups to run automatically, including event-triggered backups, without disrupting network usage. Slide 23
24 Cyber Threat Management (CTM) Module The CTM Module is a unique offering from the Invensys Cyber Security team. Slide 24 Combination of Best-in-Class firewall plus Invensys in-depth industry and cyber security knowledge Focuses on the Water, Power, Oil/Gas Pipeline, and Manufacturing industries Comes with Invensys pre-configured rule sets for each focus industry Each CTM is pre-bundled to ensure fast turn around
25 FortiWifi 60CM Features All pre-bundled as part of the Invensys CTM Cyber Threat Management Module Slide 25 ForiWifi 60CM Wireless or non-wireless operation FortiGuard Anti-virus Intrusion Prevention Web filtering Anti-spam Application Control Vulnerability scan IPSec and SSL VPN Data Loss Prevention Device Awareness FortiClient End Point Management Wifi a/b/g/n (multi SSID)
26 Why SQL Server Hardening? SQL Injection is the #1 server attack! Slide 26
27 SQL Server Hardening Service Server hardening is one of the most important tasks to be done on your servers. Most server out of the box configurations are not designed with security in mind. SQL servers should be seen as critical assets and any compromise to them could result in significant loss to business and production. Some of the threats to a SQL server are: Indirect attack SQL injection Direct exploit attack Cracking SA Password Direct exploit attack Google hacks SQL server hardening is critical to any cyber security initiative and is part of many regulatory compliance programs. Slide 27
28 IIS Server Hardening IIS servers are a favorite target of hackers. Research shows that 75% of cyber attacks occur at the application level. Business and Industry pay a heavy cost for these security failures: Cost of server clean-up Cost of data loss Cost of lost business opportunities Cost of reduced productivity Server hardening not only provides security but also establishes a baseline for all server platforms assisting with maintenance, patching, and planning. Slide 28
29 Do I Need an Assessment? 64% of companies expect to be hacked! Source: Bit9, Verizon Threat Report Slide 29
30 Security Assessment Most organizations think of anti-virus software, firewalls, and hardening when they think of security. However, few think of a Security Assessment as part of their overall comprehensive security program. They are often faced with a number of challenges: Knowing their current security position Determining their vulnerability level, exposure, and possible impact Experiencing inability to monitor who has access to their network and critical assets Enhancing their existing security strategy Slide 30
31 Invensys Enhanced Solutions Firewall Secure Zone Relay Server Active Directory Centralized Back Up & Restoration Patch Management Network Management/ePO Log Management Network Infrastructure TriStation Compliance Secure File Server OTS Slide 31
32 Cyber Security Solutions Invensys cyber security team provides security solutions The Invensys cyber security team offers a comprehensive list of cyber security solutions to help address any internal needs, regulatory requirements, or program mandates. All of these elements are synergistic, providing not only a broad scope of security but also the defense-in-depth necessary for true cyber security compliance. Our most common solutions include: Slide 32 Active Directory (A/D) Workshop Technology Roadmap Procedures/SOPs Secure Zones Centralized Backups Event Logging Patch Management Network Management Remote Access Relay Server Managed Secure Services
33 Invensys Critical Infrastructure and Security Practice Doug Clifton 2013 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
34 Cyber Security Consulting Why Invensys? Providing cyber security services in Industrial Automation since 2001 Largest vendor-based Industrial Control Security Group in the market Delivering cyber solutions to a global customer base Experienced with IT technologies but with a Process Automation mindset Slide 34
35 Invensys Critical Infrastructure & Security Practice (CISP) CISP Certifications CISSP CCNA CCDA CEH ECS NNCDA CCNP CCS1 CCSA CWNA CCFE MCSE CISM CISA CCSE OSCP CCIE plus others We are a very active business within Invensys. Currently active projects (August 2013): 31 embedded projects 21 CISP-only projects Slide 35
36 What Makes CISP Unique? Platform Independent The CISP solution portfolio will work on ANY control system platform, expanding the market beyond the traditional Invensys customer base. Network Agnostic The CISP solution portfolio can be deployed on any network topology or technology, independent of network lifecycle, due to the lifecycle methodology of the solution portfolio. Industry Relevant The CISP solution portfolio is applicable to any industrial manufacturing industry, whether the focus is on cyber security compliance or network systems optimization. Solution Ecosystem CISP is greater than the sum of its parts: cyber security consulting, network compliance, regulatory experts, auditors, network systems design and implementation, system integrators, and trusted advisors. Slide 36
37 Cyber Security Consulting We can support our clients roadmap by assisting with their compliance requirements. Our customers have requirements. We don t want them to go it alone. Critical time in the market; we have the skills to grow business. It s a market differentiator. Slide 37
38 Partnering for Compliance The Invensys cyber security team partners with clients throughout the compliance lifecycle. Program definition Assessment Remediation Program deployment Audit preparation Audit support Slide 38
39 Plan for Cyber Security Implement a cyber security program. Align cyber security programs with implementation of upgrades. Maintain compliance to current and future cyber security regulations. Slide 39
40 Summary 1. Our clients have compliance requirements larger in scope than secure products alone can provide. 2. We have a comprehensive solution that includes: Compliance with industry standards Products designed with security Cyber security experts and delivery/support personnel Enhanced solutions to meet clients cyber security program needs 3. We are vigilant. Our cyber security solutions will meet the challenging industrial landscape. Safety and cyber security are job one at Invensys. - Mike Caliel, President & CEO Invensys Slide 40
41 Slide 41
42 Slide 42
43 The Cyber Security Problem this is why we do what we do INDUSTRY High-cost prevention High skills Static networks Cyber security is not what they do HACKERS Low-cost tools Low skills Dynamic landscape Hacking is all they do Slide 43
44 Cyber Threat Management Module Motivations Behind Attacks 47% 46% 4% 3% Cyber Crime Hacktivism Cyber Warfare Cyber Espionage 100% 100 % Targeted! Slide 44 Source: Hackmageddon
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant 1 The Foxboro Evo TM Process Automation System Addressing the needs across your operation today and tomorrow. 2 Industrial Control Systems
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationFocus on Water Treatment
this issue Water Treatment Security Industry News Consultants Corner Invensys CISP News Focus on Water Treatment Dept. of Homeland Security (DHS) 2003 Presidential Directive 7 (HSPD7) Water is a Critical
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationLindström Tomas Cyber security from ABB System 800xA PA-SE-XA
Lindström Tomas 2013-09-02 Cyber security from ABB System 800xA PA-SE-XA-015963 Cyber Security solutions from ABB Agenda Cyber Security in ABB: general view, activities, organization How we work with Cyber
More informationCyber Security What Do I Need to Do Now?
Cyber Security What Do I Need to Do Now? PA AWWA 2016 Annual Conference Thursday, May 12, 2016 2:45 3:15 PM Presented by Dick McDonnell Authored by Jeff M. Miller, PE, ENV SP WARNING! Schneider Electric
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationCOMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013
COMPASS FOR THE COMPLIANCE WORLD Asia Pacific ICS Security Summit 3 December 2013 THE JOURNEY Why are you going - Mission Where are you going - Goals How will you get there Reg. Stnd. Process How will
More informationCIT 480: Securing Computer Systems. Putting It All Together
CIT 480: Securing Computer Systems Putting It All Together Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database.
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationCyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016
Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationNIST Cybersecurity Framework Protect / Maintenance and Protective Technology
NIST Cybersecurity Framework Protect / Maintenance and Protective Technology Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationCyber Security Requirements for Supply Chain. June 17, 2015
Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationIndustrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017
Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017 Unrestricted Siemens 2017 usa.siemens.com/mia Table of contents Industrial
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationPlant Security Services Protecting productivity in the digital era October
Plant Security Services Protecting productivity in the digital era October2017 Restricted www.siemens.com/plant-security-services Internet of (hacked) Things Page 2 Use case - No OT cybersecurity company
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationProtect Your Organization from Cyber Attacks
Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers
More informationData Retrieval Firm Boosts Productivity while Protecting Customer Data
Data Retrieval Firm Boosts Productivity while Protecting Customer Data With HEIT Consulting, DriveSavers deployed a Cisco Self-Defending Network to better protect network assets, employee endpoints, and
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationFrom Russia With Love
#ARDAWorld From Russia With Love Is your technology vulnerable to data theft? Do you know your own security protocols? Learn about auditing cyber-security processes and discover how to stay compliant and
More informationSecuring Plant Operation The Important Steps
Stevens Point, WI Securing Plant Operation The Important Steps September 24, 2012 Slide 1 Purpose of this Presentation During this presentation, we will introduce the subject of securing your control system
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationABB Ability Cyber Security Services Protection against cyber threats takes ability
ABB Ability Cyber Security Services Protection against cyber threats takes ability In today s business environment, cyber security is critical for ensuring reliability of automation and control systems.
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationProtecting vital data with NIST Framework
Protecting vital data with NIST Framework About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS About Cohesive Networks 2,000+ customers protect cloudbased applications User-controlled security
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More information