Maritime cyber risk management
|
|
- Esmond Long
- 6 years ago
- Views:
Transcription
1 Javier Yasnikouski Head Maritime Security Sub-Division for Maritime Security and Facilitation
2 The International Maritime Organization IMO mission: Safe, secure and efficient shipping on clean oceans 2
3 Cyber Security 3
4 MSC.1/Circ.1526 on Interim guidelines on maritime cyber risk management The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyberthreats and vulnerabilities and include functional elements that support effective cyber risk management. 4
5 Maritime cyber risk Maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. Maritime Cyber Risk 5
6 Cyber risk management means the process of identifying, analysing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders. The Overall goal is to support safe and secure shipping, which is operationally resilient to cyber risks. 6
7 Vulnerable systems onboard ships Bridge systems Cargo handling and management systems Propulsion and machinery management and power control systems Access control systems Passenger servicing and management systems Passenger facing public networks Administrative and crew welfare systems and Communication systems 7
8 Information technology systems Operational technology systems Use of data as information Use of data to control or monitor physical processes 8
9 Vulnerabilities can result from: inadequacies in operation, design, integration and/or maintenance of cyber systems; or lapses in cyber discipline (e.g. inappropriate use of removable media such as a memory stick). 9
10 Vulnerabilities in operational and/or information technologies can be exposed or exploited, either: directly (e.g. weak passwords leading to unauthorized access) or indirectly (e.g. the absence of network segregation) 10
11 Cyber threats could be presented by: malicious actions (e.g. hacking or introduction of malware); or the unintended consequences of benign actions (e.g. software maintenance or user permissions). Effective cyber risk management should consider both kinds of threat 11
12 Some recent developments (some of them not too recent!) Ship reporting E-navigation Ship communications ECDIS Electronic certificates Maritime Single Window AIS > VDEs Electronic data exchange Access to internet 12
13 Software quality assurance MSC.1/Circ.1512 on Guideline on Software Quality Assurance and Human-Centred Design for e-navigation: Approved by MSC 95 in June SQA focuses on defining and testing software quality and how that helps meet user requirements to ensure that high quality, robust, testable and stable software is used in e-navigation systems. The basic premise of HCD is that systems are designed to suit the characteristics of intended users and the tasks they perform, rather than requiring users to adapt to a system. 13
14 The Guidelines are primarily intended for all organizations in the shipping industry, and are designed to encourage safety and security management practices in the cyber domain. Ships Ship Companies Ship Agents /operators Port authorities Administrations 14
15 Who is involved? Everybody should be involved (crew members, passengers, shipping companies, etc.). However, effective cyber risk management should start at the senior management level. A culture of cyber risk awareness and discipline should be embedded into all levels of an organization. The level of awareness and preparedness should be appropriate to roles and responsibilities in the cyber risk management system. A holistic and flexible cyber risk management regime should be in continuous operation and constantly evaluated through effective feedback mechanisms. 15
16 To address the rapidly evolving technologies and changing threats, the Guidelines recommend a risk management approach to cyber risks that is resilient and evolves as a natural extension of existing safety and security management practices established by this Organization. 16
17 The International Ship and Port Facility Security (ISPS) Code is a mandatory instrument adopted under SOLAS chapter XI-2 on Special Measures to enhance maritime security. It is the IMO's main legislative framework to address maritime security related matters. Contains detailed security-related requirements for Governments, port authorities and shipping companies, and is divided into two sections, a mandatory Part A, and a series of guidelines on how to meet the requirements of Part A in a non-mandatory Part B. 17
18 The International Safety Management (ISM) Code is a mandatory instrument adopted under SOLAS chapter IX Management for the safe operation of ships. The purpose of this Code is to provide an international standard for the safe management and operation of ships and for pollution prevention. The Code establishes safety-management objectives and requires a safety management system (SMS) to be established by "the Company", which is defined as the shipowner or any person, such as the manager or bareboat charterer, who has assumed responsibility for operating the ship. 18
19 Functional elements to support effective cyber risk management: Identify Protect Detect Respond Recover 19
20 Additional guidance and standards may include: The Guidelines on Cyber Security on board Ships by BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO. ISO/IEC standard on Information technology Security techniques Information security management systems Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Security (the NIST Framework). 20
21 Further considerations: - FAL 41 (3-7 April 2017) on shore-side aspects of cyber security; and - MSC 98 (7 to 16 June 2017). 21
22 International Maritime Organization 4 Albert Embankment London SE1 7SR United Kingdom Tel: +44 (0) Fax: +44 (0) info@imo.org twitter.com/imohq facebook.com/imohq youtube.com/imohq flickr.com/photos/ imo-un/collections
GUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More informationST. VINCENT AND THE GRENADINES
ST. VINCENT AND THE GRENADINES MARITIME ADMINISTRATION CIRCULAR N ISM 014 MARITIME CYBER RISK MANAGEMENT MSC.1/CIRC.1526, MSC-FAL.1/CIRC.3, RESOLUTION MSC.428 (98) TO: APPLICABLE TO: SHIPOWNERS, SHIPS
More informationCyber risk management into the ISM Code
Building trust. Shaping Safety No. Subject: Cyber risk management into the ISM Code To: insb auditors/managing companies IMO Resolution incorporates maritime cyber risk management into the ISM Code making
More informationMEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY
E MARITIME SAFETY COMMITTEE 101st session Agenda item 4 26 March 2019 Original: ENGLISH Pre-session public release: MEASURES TO ENHANCE MARITIME SECURITY Cyber risk management in Safety Management Systems
More informationMarine Environment Division International Maritime Organization (IMO) MEPC 71 IMO HQ, London, UK 4 July 2017 MARINE ENVIRONMENT DIVISION
Marine Environment Division International Maritime Organization (IMO) MEPC 71 IMO HQ, London, UK 4 July 2017 Energy efficiency of ships Further measures Data collection system for fuel oil consumption
More informationCyber and information security applicable for the maritime sector
MARITIME Cyber and information security applicable for the maritime sector Svante Einarsson 1 SAFER, SMARTER, GREENER Introduction 2 The tip of the iceberg 2015: 64,199 reported IT Security incidents just
More informationNo related provisions
E FACILITATION COMMITTEE 40th session Agenda item 9 FAL 40/INF.4 30 December 2015 ENGLISH ONLY GUIDELINES ON THE FACILITATION ASPECTS OF PROTECTING THE MARITIME TRANSPORT NETWORK FROM CYBERTHREATS The
More informationCYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE
CYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE Yohan Le Gonidec, head of Shipowner support department, TECNITAS (subsidiary BUREAU VERITAS) 1 AGENDA 2 Introduction 1- Cyber incidents
More informationHuman-Centred Design: Enhancing useability and safety at sea
Human-Centred Design: Enhancing useability and safety at sea Mal Christie Principal Advisor Human Factors System Safety Standards Australian Maritime Safety Authority Dr Michelle Grech Manager Vessel Operations
More informationSMART Ship Program. Najmeh Masoudi Cyber safety and security manager. Palazzo S. Giorgio - Genova, 28/06/ Copyright Bureau Veritas
SMART Ship Program Palazzo S. Giorgio - Genova, 28/06/2017 Najmeh Masoudi Cyber safety and security manager Biography Najmeh Masoudi Cyber safety and security project manager Bureau Veritas Marine & Offshore
More informationCyber Risk A new challenge for Classification Societies
Cyber Risk A new challenge for Classification Societies Pier Carazzai 20 November 2017 Hong Kong Safety Moment 2 Cyber Risk Cyber Risks in the era of SMART vessels What are the main factors driving the
More informationCybersecurity Risk and Options Considered by IMO
Cybersecurity Risk and Options Considered by IMO John Jorgensen October 18, 2017 INTERTANKO North American Panel, Houston, TX 2017 American Bureau of Shipping. All rights reserved Agenda for Today s Discussion
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationProcedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors
(Rev.0 July 2009) (Rev.1 Sep 2012) (Rev.2 Nov 2014) Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors Note: 1. This procedural requirement applies
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationCYBER SECURITY ON BOARD GUIDELINES MARCH 2015
CYBER SECURITY ON BOARD GUIDELINES MARCH 2015 The Guidelines on Cyber Security onboard Ships Terms of Use The advice and information given in the Guidelines on Cyber Security onboard Ships (the Guidelines)
More informationProcedure for Network and Network-related devices
Lloyd s Register Type Approval System Type Approval Requirements for components within Cyber Enabled Systems on board Ships Procedure for Network and Network-related devices September 2017 1 Reference:
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationFORMALITIES CONNECTED WITH THE ARRIVAL, STAY AND DEPARTURE OF PERSONS. Stowaways
E FACILITATION COMMITTEE 38th session Agenda item 6 FAL 38/6/2 31 January 2013 Original: ENGLISH FORMALITIES CONNECTED WITH THE ARRIVAL, STAY AND DEPARTURE OF PERSONS Stowaways International Group of P&I
More informationWelcome & Housekeeping. Marie-Christine Haubert
1. Welcome & Housekeeping Marie-Christine Haubert 1 2. Opening Remarks Marie-Christine Haubert 3. Security Intelligence Presentation Bernard Pilon 2 4. Canada-United States Regulatory and Perimeter Security
More informationABS CyberSafety. 27 July John Jorgensen Director, Cyber and Software American Bureau of Shipping
2016 American Bureau of Shipping. All rights reserved. ABS CyberSafety 27 July 2016 John Jorgensen Director, Cyber and Software American Bureau of Shipping JohnJorgensen@eagle.org SOCP Webinar Purpose
More informationInternational Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface
Meeting the Challenge of the Safety- Security Interface Rhonda Evans Senior Nuclear Security Officer, Division of Nuclear Security Department of Nuclear Safety and Security Outline Introduction Understanding
More informationShip Security Alert Systems (SSAS) Competent Authority as Designated by the Isle of Man Ship Registry
MANX SHIPPING NOTICE DEPARTMENT OF ECONOMIC DEVELOPMENT MSN 12 Revised 02/2016 Ship Security Alert Systems (SSAS) Competent Authority as Designated by the The aim of this notice is to provide guidance
More informationCyber Security in the Maritime Sector Threats, Trends and Reality
Cyber Security in the Maritime Sector Threats, Trends and Reality FUD *Fear, Uncertainty, Doubt 1st ever Maritime Cyber Security Incident was documented thoroughly in 1997 A computer hacker breaks into
More informationGNOSTECH MARITIME CYBERSECURITY SOLUTIONS
GNOSTECH MARITIME CYBERSECURITY SOLUTIONS Disaster Response vs Cyber Incident Response Technologies Facilitates Exceptional Benefits While Creating Cyber Vulnerabilities Shore-based Systems That Directly
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationIMO MEASURES TO ENHANCE MARITIME SECURITY. Outcome of the 2002 SOLAS conference. Information on the current work of the ILO
INTERNATIONAL MARITIME ORGANIZATION E IMO MARITIME SAFETY COMMITTEE 77th session Agenda item 6 MSC 77/6/9 20 March 2003 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Outcome of the 2002 SOLAS
More informationIAEA Division of Nuclear Security
IAEA Division of Nuclear Security Computer Security Activities Overview Donald Dudenhoeffer 25 May 2017 Computer and Information Security The Division of Nuclear Security (NSNS) seeks to support Member
More informationChallenges in Maritime and Supply Chains Security
Challenges in Maritime and Supply Chains Security 1st NMIOTC CYBER SECURITY CONFERENCE Associate Professor N. Polemi, Director of UNIPI Security Lab 4-5/10/2016 1 the evolution (2009-2018). 2009 2018 S-Port
More informationCYBER SECURITY AWARENESS IN THE MARITIME INDUSTRY
CYBER SECURITY AWARENESS IN THE MARITIME INDUSTRY A joint production by DNV GL and GARD 1 SAFER, SMARTER, GREENER STRUCTURE STATUS ON CYBER SECURITY IN MARITIME SHIPPING Risk scenarios (threats) Best practices
More informationData cyber security requirements
HSSC10-07.4A Paper for Consideration by the HSSC-10 IEC Activities affecting HSSC Submitted by: Executive Summary: Related Documents: Related Projects: Hannu Peiponen / IEC TC80 Chair This paper is about
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Risk in the Marine Transportation System MAR'01 1 Objectives IDENTIFY motivations behind a cyber attack. IDENTIFY various types of
More informationISM Cyber Security Process
ISM Cyber Security 01.June 2018 1 ISM Cyber Security Berufsgenossenschaft Verkehrswirtschaft Post-Logistik Telekommunikation Dienststelle Schiffssicherheit ISM Cyber Security Process 1. Policy 8. Qualification
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationMaritime Bulk Liquids Transfer Cybersecurity Framework Profile
Maritime Bulk Liquids Transfer Cybersecurity Framework Profile Table of Contents Executive Summary... iv Background... iv The Profile... iv Benefits... v 1. Introduction... 1 1.1. Purpose... 1 1.2. Audience
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationCompliance with ISPS and The Maritime Transportation Security Act of 2002
Mr. Melchor Becena Security Administrator Port Everglades SecurePort Conference Miami, Florida 25-27 27 February, 2004 Compliance with ISPS and The Maritime Transportation Security Act of 2002 Overview
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security and Port Facility MAR'01 1 Security Plans (PFSP) Lesson Topics Purpose of the PFSP Developing the PFSP Role of Facility Personnel
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationThe Information Age has brought enormous
Cyber threat to ships real but manageable KAI hansen, akilur rahman If hackers can cause laptop problems and access online bank accounts or credit card information, imagine the havoc they can wreak on
More informationCyber Enabled Ships Assurance
Cyber Enabled Ships Assurance Jonathan Earthy 18 th April 2018 Cyber Enabled Ships The Cyber Ship Today s leading suppliers and operators want to innovate, using the latest technologies from ICT sector.
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationP&I Insurance Third Party Liability Types of liabilities covered expressed in Rules The Unique part of P&I : created BY shipowners FOR shipowners 2
THE AMERICAN CLUB CYBER SECURITY: A P&I PERSPECTIVE DOROTHEA IOANNOU Chief Commercial Officer Shipowners Claims Bureau Inc., Managers, American Steamship Owners Mutual Protection and Indemnity Association
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO 13122 First edition 2011-08-15 Ships and marine technology Launching appliances for davit-launched liferafts Navires et technologie maritime Engins de mise à l eau des radeaux
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationPSEG Nuclear Cyber Security Supply Chain Guidance
PSEG Nuclear Cyber Security Supply Chain Guidance Developed by: Jim Shank PSEG Site IT Manager & Cyber Security Program Manager Presented at Rapid 2018 by: Bob Tilton- Director Procurement PSEG Power Goals
More informationHow ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016
How ISO 22301 helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd Threat Threat 1 Threat 2 Organisation Threat 3 2 Threat - Terrorist actions ST 19Mar16
More informationIncident Response. Tony Drewitt Head of Consultancy IT Governance Ltd
Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants
More informationMaritime Knowledge Shipping Session Piracy in the Neighbouring Region
Maritime Knowledge Shipping Session Piracy in the Neighbouring Region Perspectives from the international tanker industry on global security threats and SE Asia Piracy Friday 26 th August 2016 Tim Wilkins
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationMaritime cyber security: Threats & Opportunities. Andy Davis, Research Director Yevgen Dyryavyy, Security Consultant
Maritime cyber security: Threats & Opportunities Andy Davis, Research Director Yevgen Dyryavyy, Security Consultant Agenda Cyber threats to the marine industry Attack surface overview (harbour / ships
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationuanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:
1+1 MARINE SECURITY OPERATIONS BULLETIN No: 2014-001 CLARIFICATION OF TRANSPORT CANADA (TC) MARINE SECURITY MANDATORY THREAT, BREACH AND INCIDENT REPORTING REOUIREMENTS THIS MARINE SECURITY OPERATIONS
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationView from a bridge. Collective navigational challenges in comparable sea areas Ringo Lakeman senior policy adviser / CM IMO NCSR 3
View from a bridge Collective navigational challenges in comparable sea areas Ringo Lakeman senior policy adviser / CM IMO NCSR 3 8th Co-operative Forum Co-operative mechanism on safety of navigation and
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationCYBERSECURITY IMPLEMENTATION FOR THE MARINE AND OFFSHORE INDUSTRIES
GUIDE FOR CYBERSECURITY IMPLEMENTATION FOR THE MARINE AND OFFSHORE INDUSTRIES ABS CyberSafety TM VOLUME 2 SEPTEMBER 2016 NOTICE NO. 2 June 2018 The following Changes were approved by the ABS Rules Committee
More informationCyber Hygiene and Awareness on a Practical Level
Cyber Hygiene and Awareness on a Practical Level Presented by: Capt. Rohit Tandon from FML The Story of Data Breach We all know about the Cyber Risks Yet, we wait till an incident like this shakes us up,
More informationGUIDE 63. Guide to the development and inclusion of safety aspects in International Standards for medical devices
GUIDE 63 Guide to the development and inclusion of safety aspects in International Standards for medical devices Second edition 2012 ISO/IEC 2012 ISO/IEC GUIDE 63:2012(E) This is a preview - click here
More informationCloud Security Standards Supplier Survey. Version 1
Cloud Security Standards Supplier Survey Version 1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved Version
More informationCyber Security. Building and assuring defence in depth
Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationECDIS Regulatory Update
ECDIS Regulatory Update Dr Phillip Belcher Marine Director ECDIS implementation Training SIRE VIQ updates Software updates System robustness Cyber Security Structure of talk ECDIS ECDIS Implementation
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationJoint ICTP-IAEA School of Nuclear Energy Management November 2012
2374-20 Joint ICTP- School of Nuclear Energy Management 5-23 November 2012 Establishing National Nuclear Security Infrastructure (Module 9 Topics 3 & 4) EVANS Rhonda International Atomic Energy Agency,
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationUNSCR 1540 Compliance From Policy to Implementation
Maritime Security Council L UNSCR 1540 Compliance From Policy to Implementation Committee on Hemispheric Security February 18, 2010 Talking Points Presentation Objective MSC Overview OAS Imperatives/Goals
More informationISO INTERNATIONAL STANDARD. Ergonomic design of control centres Part 2: Principles for the arrangement of control suites
INTERNATIONAL STANDARD ISO 11064-2 First edition 2000-12-15 Ergonomic design of control centres Part 2: Principles for the arrangement of control suites Conception ergonomique des centres de commande Partie
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 24762 First edition 2008-02-01 Information technology Security techniques Guidelines for information and communications technology disaster recovery services Technologies
More informationTHE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE
THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More information