Cybersecurity Risk and Options Considered by IMO
|
|
- Allen Fitzgerald
- 6 years ago
- Views:
Transcription
1 Cybersecurity Risk and Options Considered by IMO John Jorgensen October 18, 2017 INTERTANKO North American Panel, Houston, TX 2017 American Bureau of Shipping. All rights reserved
2 Agenda for Today s Discussion Maritime regulatory environment Risk assessment methods to satisfy expected requirements Ways forward for cybersecurity implementation in afloat units and assets 2 Cybersecurity Risk and Options Considered by IMO
3 Maritime Regulatory Environment International Maritime Organization (IMO) Maritime Security Committee (MSC) 96, June 2016, Circ Interim guidelines on cyber risk management extends concept of risk management normally associated with physical risk to cyber domain IMO s MSC 98, June Initial direction to include cybersecurity in risk assessments not later than Jan. 1, 2021 (supersedes MSC 96 Circ.1526) USCG - CG-5P letter, December 2016: guidance for reporting of cyber breaches and suspicious cyber activity - NVIC draft, July 2017: instruction to include cyber-related vulnerability information in Facility Security Assessment (FSA) for MTSA-regulated facilities 3 Cybersecurity Risk and Options Considered by IMO
4 IMO Requirements for Jan. 1, 2021 Source: FAL 41/17, Annex 1 High-level guidance is meant to start the process of including cyberenabled systems in ship and ship system risk assessments 4 Cybersecurity Risk and Options Considered by IMO
5 IMO Requirements for Jan. 1, 2021 Safeguard shipping from threats and vulnerabilities to automated systems Risks can result from operation, integration, maintenance and design not just malicious action Consider risk from IT system connections Source: FAL 41/17, Annex 1 5 Cybersecurity Risk and Options Considered by IMO
6 IMO Requirements for Jan. 1, 2021 Source: FAL 41/17, Annex 1 Risk mgmt approach should extend existing safety and security mgmt Safe, secure, resilient shipping Assess and compare current risk posture with desired state to shape cyber risk management plan 6 Cybersecurity Risk and Options Considered by IMO
7 IMO Requirements for Jan. 1, 2021 Risk mgmt functional elements include I-P-D-R-R from NIST Cyber Security Framework (CSF) Source: FAL 41/17, Annex 1 7 Cybersecurity Risk and Options Considered by IMO
8 USCG Policy Letter CG-5P No For illustrative purposes only Source: USCG Homeport (specific access required) REPORTING SUSPICIOUS ACTIVITY AND BREACHES OF SECURITY The target and intent of malicious cyber activity can be difficult to discern. The fact that business and administrative systems may be connected to operational, industrial control and security systems further complicates this matter. The Coast Guard strongly encourages vessel and facility operators to minimize, monitor, and wherever possible, eliminate any such connections. 8 Cybersecurity Risk and Options Considered by IMO
9 USCG NVIC (Draft) For illustrative purposes only Source: USCG Homeport (specific access required) Navigation and Vessel Inspection Circular (NVIC) 05-17: Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities - Promulgated in request for public comments Defines policies and procedures to mitigate cybersecurity risks at regulated facilities Seeks to clarify cybersecurity risks as part of MTSA foundation Provides guidance on inclusion of cybersecurity risks as part of Facility Security Assessment (FSA) 9 Cybersecurity Risk and Options Considered by IMO
10 Risk Assessment Methods Not easy but it CAN be done in a way that people understand! 10 Cybersecurity Risk and Options Considered by IMO
11 Risk Assessment Requirements Asset Types - Processes and functions - Cyber-physical systems - Logical assets, including IP, regulated data, performance data - Physical systems, including IT, OT, physical ships, offshore assets, facilities, ports 11 Cybersecurity Risk and Options Considered by IMO
12 ABS Cyber-Enabled Systems Risk Method Multi-phase, multidimensional assessment process Connect organizational capabilities with priority operational and monitoring requirements Asset inventory is critical to understanding potential for interrelated effects Decompose system into recognizable functions and asset types Document all methods of connections and all identities with access to the assets Include all types of assets: cyber-physical, logical, physical and function 12 Cybersecurity Risk and Options Considered by IMO
13 Ways Forward for Cybersecurity Implementation Cybersecurity implementation means reducing risks to the ship, its crew, the company and the environment Objectives of cybersecurity implementation include - Understanding and managing risks in cyber-enabled systems; - Supervising and controlling connections where risks may share across domains (cyber-enabled to conventional); - Maintaining a safe and predictably secure environment for work and for commerce; and - Meeting compliance requirements as specified. 13 Cybersecurity Risk and Options Considered by IMO
14 Tanker Management and Self Assessment (TMSA), Third Ed. (2017) New edition adds Element 13, Maritime Security 13.1: Security plans, procedures to recognize threats, mitigation actions, reporting procedures 13.2: Risk assessments, training for security personnel, policies and procedures, awareness training for employees 13.3: Travel policy, security procedure updates, security program covered by internal audit 13.4: Assessments of security measures, contracted assistance for efforts outside company capabilities, vessel security and monitoring equipment, security enhancements as part of refit, testing of innovative technologies 14 Cybersecurity Risk and Options Considered by IMO
15 ABS CyberSafety Frames Functional Security Building and maintaining a cybersecurity program requires grouping, monitoring and managing functional security areas Organizing for Security 13.4 Data Security Access Mgmt 13.1 Reliability, Control & Resilience Risk Assessment Architecture Protections Incident Response & Recovery Management Of Change (MoC) / Software MoC Asset Mgmt 13.4 Physical Security 13.4 Continuous Monitoring 15 Cybersecurity Risk and Options Considered by IMO
16 Organizational Strategy for IT and Cybersecurity Interoperability and integration pre-conditions Life cycle management of technology base Protective functions and expected threat sources Risk posture measurement System operational test (SOT) capabilities in monitoring, with reporting Compliance reporting requirements Incident recognition and response capabilities BC/DR support Schedule for revisit of risk posture 16 Cybersecurity Risk and Options Considered by IMO
17 Implementing the Cybersecurity Program Risk assessment Asset inventory Vulnerability assessment Security threat awareness Process inventory / audit Emergency response plan Contractor / supplier / third party vetting procedures Cyber hygiene training for employees and third parties Threat-risk assessment plan (to gauge sufficiency in risk assessment) Know your posture before you have to know your posture! 17 Cybersecurity Risk and Options Considered by IMO
18 WBS Functional Competency Composition Asset Mgmt 9-Asset Mgmt 31-Certificate Mgmt Control Requirements (Tasks from control catalog) Conformance Criteria (Checklist assessment items) Owner-Builder Complementary Action Requirements (Mutual expectations) Functional Security Competencies combine - Contributing capabilities; - Controls directly adding to the functional area; - Conformance criteria that demonstrate positive presence of the component Complementary task specifications - Inform the owner and the builder what to expect from the other in that area 18 Cybersecurity Risk and Options Considered by IMO
19 Questions and Discussion? amasterphotographer / Shutterstock 19 Cybersecurity Risk and Options Considered by IMO
20 Contact John M. Jorgensen, CISSP-ISSAP - Chief Scientist, Cybersecurity and Software (office) (cell) - JohnJorgensen@eagle.org 20 Cybersecurity Risk and Options Considered by IMO
21 Thank You American Bureau of Shipping. All rights reserved
Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing
This document is scheduled to be published in the Federal Register on 07/12/2017 and available online at https://federalregister.gov/d/2017-14616, and on FDsys.gov 9110-04-P DEPARTMENT OF HOMELAND SECURITY
More informationABS CyberSafety. 27 July John Jorgensen Director, Cyber and Software American Bureau of Shipping
2016 American Bureau of Shipping. All rights reserved. ABS CyberSafety 27 July 2016 John Jorgensen Director, Cyber and Software American Bureau of Shipping JohnJorgensen@eagle.org SOCP Webinar Purpose
More informationCyber Risk A new challenge for Classification Societies
Cyber Risk A new challenge for Classification Societies Pier Carazzai 20 November 2017 Hong Kong Safety Moment 2 Cyber Risk Cyber Risks in the era of SMART vessels What are the main factors driving the
More informationThe Invisible Wire Between Shore and Ship
The Invisible Wire Between Shore and Ship Cris DeWitt September 13, 2016 Portland, OR draganche / 123rf.com 2016 American Bureau of Shipping. All rights reserved Cybersecurity is a safety issue. Every
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationCyber risk management into the ISM Code
Building trust. Shaping Safety No. Subject: Cyber risk management into the ISM Code To: insb auditors/managing companies IMO Resolution incorporates maritime cyber risk management into the ISM Code making
More informationGUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More informationST. VINCENT AND THE GRENADINES
ST. VINCENT AND THE GRENADINES MARITIME ADMINISTRATION CIRCULAR N ISM 014 MARITIME CYBER RISK MANAGEMENT MSC.1/CIRC.1526, MSC-FAL.1/CIRC.3, RESOLUTION MSC.428 (98) TO: APPLICABLE TO: SHIPOWNERS, SHIPS
More informationMEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY
E MARITIME SAFETY COMMITTEE 101st session Agenda item 4 26 March 2019 Original: ENGLISH Pre-session public release: MEASURES TO ENHANCE MARITIME SECURITY Cyber risk management in Safety Management Systems
More informationUnited States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.
United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System Overview Coast Guard Cyber Strategy Cyber Framework (CSF) What does it mean
More informationCyber and information security applicable for the maritime sector
MARITIME Cyber and information security applicable for the maritime sector Svante Einarsson 1 SAFER, SMARTER, GREENER Introduction 2 The tip of the iceberg 2015: 64,199 reported IT Security incidents just
More informationWelcome & Housekeeping. Marie-Christine Haubert
1. Welcome & Housekeeping Marie-Christine Haubert 1 2. Opening Remarks Marie-Christine Haubert 3. Security Intelligence Presentation Bernard Pilon 2 4. Canada-United States Regulatory and Perimeter Security
More informationCYBERSECURITY IMPLEMENTATION FOR THE MARINE AND OFFSHORE INDUSTRIES
GUIDE FOR CYBERSECURITY IMPLEMENTATION FOR THE MARINE AND OFFSHORE INDUSTRIES ABS CyberSafety TM VOLUME 2 SEPTEMBER 2016 NOTICE NO. 2 June 2018 The following Changes were approved by the ABS Rules Committee
More informationSeptember 11, Dear Captain Manning:
September 11, 2017 R.D. Manning Captain U.S. Coast Guard Chief, Office of Port and Facility Compliance 2703 Martin Luther King Jr. Ave Washington, DC 20593-7501 AAPA Comments to Docket No. USCG-2016-1084
More informationMaritime cyber risk management
Javier Yasnikouski Head Maritime Security Sub-Division for Maritime Security and Facilitation The International Maritime Organization IMO mission: Safe, secure and efficient shipping on clean oceans 2
More informationThe U.S. Government s Role in Standards and Conformity Assessment
The U.S. Government s Role in Standards and Conformity Assessment ASTM International-Russian Federation on Technical Regulating and Metrology Coordinated Program Mary Saunders Chief, Standards Services
More informationNOSAC. Phase I and Phase II FINAL REPORT
NOSAC Cyber Security / Cyber Risk Management Sub-Committee Phase I and FINAL REPORT March 30, 2016 Background NOSAC Subcommittee on Cybersecurity/Cyber Risk set up April 8, 2016 Co-Chairs: Kelly McClelland
More informationSmart Grid Standards and Certification
Smart Grid Standards and Certification June 27, 2012 Annabelle Lee Technical Executive Cyber Security alee@epri.com Current Environment 2 Current Grid Environment Legacy SCADA systems Limited cyber security
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationMaritime Bulk Liquids Transfer Cybersecurity Framework Profile
Maritime Bulk Liquids Transfer Cybersecurity Framework Profile Table of Contents Executive Summary... iv Background... iv The Profile... iv Benefits... v 1. Introduction... 1 1.1. Purpose... 1 1.2. Audience
More informationSMART Ship Program. Najmeh Masoudi Cyber safety and security manager. Palazzo S. Giorgio - Genova, 28/06/ Copyright Bureau Veritas
SMART Ship Program Palazzo S. Giorgio - Genova, 28/06/2017 Najmeh Masoudi Cyber safety and security manager Biography Najmeh Masoudi Cyber safety and security project manager Bureau Veritas Marine & Offshore
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationAmerican Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment
American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity May 2017 cyberframework@nist.gov Why Cybersecurity Framework? Cybersecurity Framework Uses Identify mission or business cybersecurity dependencies
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationCYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE
CYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE Yohan Le Gonidec, head of Shipowner support department, TECNITAS (subsidiary BUREAU VERITAS) 1 AGENDA 2 Introduction 1- Cyber incidents
More informationIMO MEASURES TO ENHANCE MARITIME SECURITY. Outcome of the 2002 SOLAS conference. Information on the current work of the ILO
INTERNATIONAL MARITIME ORGANIZATION E IMO MARITIME SAFETY COMMITTEE 77th session Agenda item 6 MSC 77/6/9 20 March 2003 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Outcome of the 2002 SOLAS
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStrategies for Maritime Cyber Security Leveraging the Other Modes
Strategies for Maritime Cyber Security Leveraging the Other Modes Michael Dinning Innovative Technologies for a Resilient Marine Transportation System June 24, 2014 The National Transportation Systems
More informationManagement. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,
Port Security Management Second Edition KENNETH CHRISTOPHER CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business Preface
More informationCyber Security Requirements for Supply Chain. June 17, 2015
Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationDRAFT NAVIGATION AND VESSEL INSPECTION CIRCULAR NO
Commandant U.S. Coast Guard 2703 Martin Luther King Jr. Ave Washington, DC 20593-7501 Staff Symbol: CG-5P COMDTPUB xxxxxxx NVIC 05-17 DRAFT NAVIGATION AND VESSEL INSPECTION CIRCULAR NO. 05-17 Subj: GUIDELINES
More informationSupply Chain, Logistics and Cybersecurity - Regulatory and Risk Allocation Considerations in the New Normal
Supply Chain, Logistics and Cybersecurity - Regulatory and Risk Allocation Considerations in the New Normal TOC Americas Lima, Peru 19 November 2017 Glenn Legge Partner HFW USA, Houston Texas New technology
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationMaritime Cybersecurity Regulation On The Horizon: Part 2
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Maritime Cybersecurity Regulation On The
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationTWIC or TWEAK The Transportation Worker Identification Credential:
TWIC or TWEAK The Transportation Worker Identification Credential: Issues and Challenges for MTSA-Regulated Facility Owner/Operators THE USUAL DISCLAIMER By: Presentation at AAPA Administrative & Legal
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationMaritime Cyber Security Project Work Plan. Maritime Cyber Security. Work Plan Draft
Maritime Cyber Security Project Maritime Cyber Security Draft August 8, 2016 1 INTRODUCTION On July 27, 016, the American Bureau of Shipping (ABS) received notification of award of the Maritime Cyber Security
More informationTHE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE
THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationProcedure for Network and Network-related devices
Lloyd s Register Type Approval System Type Approval Requirements for components within Cyber Enabled Systems on board Ships Procedure for Network and Network-related devices September 2017 1 Reference:
More informationCanadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007
US Chemical Facility Anti-Terrorism Standards (CFATS) Overview Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007 Dorothy Kellogg AcuTech Consulting Group Alexandria, Virginia
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationCyber Risk for Maritime
Cyber Risk for Maritime Enabling a step-change in risk management for the maritime industry kpmg.no kongsberg.com/kdi 0 Cyber Risk for Maritime The international shipping industry is responsible for the
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationExecutive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity
More informationCyber Hygiene and Awareness on a Practical Level
Cyber Hygiene and Awareness on a Practical Level Presented by: Capt. Rohit Tandon from FML The Story of Data Breach We all know about the Cyber Risks Yet, we wait till an incident like this shakes us up,
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationData cyber security requirements
HSSC10-07.4A Paper for Consideration by the HSSC-10 IEC Activities affecting HSSC Submitted by: Executive Summary: Related Documents: Related Projects: Hannu Peiponen / IEC TC80 Chair This paper is about
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationProcedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors
(Rev.0 July 2009) (Rev.1 Sep 2012) (Rev.2 Nov 2014) Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors Note: 1. This procedural requirement applies
More informationISO27001:2013 The New Standard Revised Edition
ECSC UNRESTRICTED ISO27001:2013 The New Standard Revised Edition +44 (0) 1274 736223 consulting@ecsc.co.uk www.ecsc.co.uk A Blue Paper from Page 1 of 14 Version 1_00 Date: 27 January 2014 For more information
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationGNOSTECH MARITIME CYBERSECURITY SOLUTIONS
GNOSTECH MARITIME CYBERSECURITY SOLUTIONS Disaster Response vs Cyber Incident Response Technologies Facilitates Exceptional Benefits While Creating Cyber Vulnerabilities Shore-based Systems That Directly
More informationIMO WORK PROGRAMME. Sub-Committee on Safety of Navigation. New symbols for AIS-AtoN. Submitted by Japan
INTERNATIONAL MARITIME ORGANIZATION E IMO MARITIME SAFETY COMMITTEE 86th session Agenda item 23 23 February 2009 Original: ENGLISH WORK PROGRAMME Sub-Committee on Safety of Navigation New symbols for AIS-AtoN
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationCompliance with ISPS and The Maritime Transportation Security Act of 2002
Mr. Melchor Becena Security Administrator Port Everglades SecurePort Conference Miami, Florida 25-27 27 February, 2004 Compliance with ISPS and The Maritime Transportation Security Act of 2002 Overview
More informationLESSONS LEARNED IN DEVELOPING CYBERSECURITY FRAMEWORK (CSF) PROFILES WITH INDUSTRY AND THE U.S. COAST GUARD (USCG)
UNCLASSIFIED The United States Coast Guard LESSONS LEARNED IN DEVELOPING CYBERSECURITY FRAMEWORK (CSF) PROFILES WITH INDUSTRY AND THE U.S. COAST GUARD (USCG) Homeland Security UNCLASSIFIED 1 Lessons Learned
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationNYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services
NYS DFS Cybersecurity Requirements Stephen Head Senior Manager Risk Advisory Services December 5, 2017 About Me Stephen W. Head Mr. Head is a Senior Manager with Experis Finance, and has over thirty-five
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationstandards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices
standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices mike.garcia@cisecurity.org The big three in their own words ISO 27000: family of standards to help organizations
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationIAF Mandatory Document for the Transfer of Accredited Certification of Management Systems
IAF MD 2:2007. International Accreditation Forum, Inc. IAF Mandatory Document IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems (IAF MD 2:2007) IAF MD2:2007 International
More information