Dynamic Risk Management for Cyber Defence

Size: px
Start display at page:

Download "Dynamic Risk Management for Cyber Defence"

Transcription

1 Dynamic Risk Management for Cyber Defence Douglas Wiemer Director, Cyber Security Solutions FP7 Project number RHEA Group

2 Consortium Participants

3 The User agency: Acea Group Founded in 1909 as the municipality of Rome s Electric Company 1 st water services operator in Italy supplying more than 8.5 Million inhabitants One of the major italian operators in electricity distribution supplying 11 billion kwh of electricity

4 The PANOPTESEC approach Operational use of Dynamic Risk Approaches (DRA) for Automated Cyber Defence Address constantly evolving state of the operations, systems and threats Accurately assess the risk (impact, likelihood) Provide continuous monitoring Proactive Response System (Strategic Response) Focus on potential attack paths to high priority systems Response optimization to minimize operational impact and financial costs Reactive Response System (Tactical Response) Focus on blocking or preventing spread of ongoing attacks Rapid response through automation State-of-the-art weaknesses addressed by PANOPTESEC: Complex, multi-source correlations Operational/financial impact evaluation Automated decision support / Closed loop process to deployment

5 MAPE-K cycle for continuous cyber security management 2016 PANOPTESEC Consortium Decision support for cyber vulnerability, incident detection and response management MONITOR for cyber vulnerabilities and incidents ANALYZE cyber risks and operational impacts PLAN and prioritize mitigation actions through response modeling EXECUTE mitigation actions through policy-based deployment Knowledge-base contains raw and processed information MAPE-K based on An architectural blueprint for autonomic computing, IBM, Monitor sensors Autonomic Manager Analyze Plan Knowledge Execute Effectors Managed Elements State-of-the-art weaknesses addressed by PANOPTESEC: Complex multi-source correlations (Monitor) Operational/financial impact evaluation (Analyze) Automated decision support (Planning) Closed loop process to deployment (Execute)

6 MAPE-K cycle for continuous cyber security management 2016 PANOPTESEC Consortium MAPE-K - Degrees of Autonomicity Level 1 (Basic): System elements are managed by highly skilled staff who utilize monitoring tools and then make the require changes manually. Level 2 (Managed): System s monitoring tools collage information in an intelligent way to reduce the systems administration burden. Level 3 (Predictive): More intelligent monitoring to recognize system behavior patterns and suggest actions approved and carried out by IT staff. Level 4 (Adaptive) System uses the types of tools available to Level 3 but the system is more able to take action. Human interaction is minimized. Level 5 (Fully autonomic): Systems and components are dynamically managed by business rules and policies Monitor sensors Autonomic Manager Analyze Plan Knowledge Managed Elements For CIP, level 3. For other domains, push outcomes into Level 5 Execute Effectors

7 Functional concept (continuous proactive chain) Monitor: Collect network and security relevant information from diverse data sources and build the following information Network/Vulnerability topology Mission Graph (identifies critical supporting assets) Network and system dependency model (from realtime flow data) Reachability matrix Analyze: Perform security analysis of collected information to: Generate the Attack Graph from hypothetical source to critical supporting assets Quantify risk to critical supporting assets Monitor sensors Autonomic Manager Analyze Plan Knowledge Execute Managed Elements Effectors Knowledge Base: Contains raw data collected by the system Contains current and historical results of analytic processes Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies Sensors, Effectors & Scanners: Out of scope. The System can adapt to many different topology/inventory/vulnerability scanners or different data sources

8 Functional concept (continuous reactive chain) Monitor: Augment proactive data with real-time (reactive) incident data: Network events Intrusion events Analyze: Perform security analysis of collected information to: Localize incidents on Attack Graphs Quantify risk to critical supporting assets Monitor sensors Autonomic Manager Analyze Plan Knowledge Execute Effectors Managed Elements Knowledge Base: Contains raw data collected by the system Contains current and historical results of analytic processes Sensors & Effectors: Out of scope. The System can adapt to many different sensors and firewalls Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies

9 Monitored System: Emulated Environment The Emuation Environment (Emu-Env) has been created by RHEA, starting from ACEA Distribution Energy environment (Rome), using the resources of the Disaster Recovery site. Among the data sources for the PANOPTESEC System: - GFI Languard Asset Management System - Whatsup Gold Network Management System - OpenVas Vulnerability Scanner - IDS/IPS/Firewall logs collected by Stonesoft SMC/SIEM and sent to LowLevelCorrelator as Syslogs, Built-in NMAP base Scanner M O N I T O R E D S Y S T E M

10 Architecture of PANOPTESEC System Automated support for cyber vulnerability and incident detection and response management MONITOR: Data collection and correlation system ANALYZE: Attack and risk modeling PLAN: Response modeling EXECUTE: Policy deployment Visualization System KNOWLEDGE PROACTIVE REACTIVE Data Collection System M O N I T O R E D S Y S T E M sensors MONITOR sensors EXECUTE Effectors (Policy Deployer) Integration Framework ANALYZE PLAN Response Modeling Risk Modeling Proactive Reactive Dynamic Risk Management System Attack Modeling QBE Engine ABE Engine PAI Engine

11 Mission Impact and Dependency Model Device dependent Business/Mission Functions, Processes and Companies illustrated with weighted dependency links Provides capability for prioritized security response plans based on business impact Analysis of mission impact due to shock events Shock events include: Impact of known vulnerabilities Impact of incidents Impact of proposed response plans

12 Mission impact analysis Threat-risk quantification Geographic display of risk by affected region Vulnerability view Attacks View (proactive/reactive) Prioritized course of action tables Operator options for course of action selection Tailored views through versatile layering Advanced visual interface

13 Geographic display of risk by affected region

14 Vulnerability views as overlay

15 Network analysis view

16 Vulnerability view

17 Vulnerability views Node level detail

18 Simulation Environment The Simulation Environment (Sim-Env) has been created by RHEA within Work Package 7 starting from ACEA Distribution Energy environment (Rome), using the resources of the Disaster Recovery site. The Disaster Recovery systems used are real operational systems in 'cold standby' mode. These are then augmented by real (standby and test) equipment with virtual clones in order to 'emulate' the scale of the operational environment. The Sim-Env for PANOPTESEC Project is composed of several logical blocks: Emulation Environment Developing Environment Partners Portal for PANOPTESEC Project Development and Testing Among the data sources for the PANOPTESEC System: GFI Languard Asset Management System, Whatsup Gold Network Management System, OpenVas Vulnerability Scanner, IDS/Firewall logs collected by an SMC and sent to LowLevelCorrelator as Syslogs, Built-in Topology Scanner based on Nmap, Mirrored network traffic.

19 Real control systems in cold standby mode (Disaster Recovery site) Real high/medium voltage substations in test mode Cloned SCADA systems for scalability emulation Simulated ICT domain for diversity of application experiments (e.g., non-scada environments) Installed network and security monitoring systems support data collection Emulation Environment

20 Project Status and Ongoing Activity On the Proactive Chain, first tests with up-to 1000 nodes on a mixed topology network nodes (Linux/Windows devices, from 1 to 10 known vulnerabilities) have been performed: PANOPTESEC System computation times of the actual alpha version from data collection and topology/attack paths reconstruction to response plans computation stays under 15 minutes (for 1000 nodes) Given the capability of the sensors, PANOPTESEC System is able to perceive updates in the monitored system within 5 minutes On the Reactive Chain, firsts tests with up to raw alerts/second (collected from IDS and firewalls) have been performed: On a single raw alert collector and correlator component installation, this rate seems absolutely feasible. The System is able to use multiple raw alerts collectors and correlators, in order to scale furthermore: new test will be conducted in the following months.

21 Project Status and Ongoing Activity Version 2 component prototypes delivered October 2015 Ongoing experimentation and test over the Emulation Environment and over the Production Environment Pre-integration complete for both Proactive and Reactive response chains Integration prototypes development ongoing Target delivery planned June 2016 Start formal System Integration and Test activities Planned operational workshop end of October 2016 Hosted by ACEA, Rome, Italy Demonstration on PANOPTESEC Cyber Emulation Environment Wide and open attendance desired Not limited to Critical Infrastructure markets

22 Additional information The PANOPTESEC project is sponsored in part by the European Commission, Seventh Framework Programme, DG Connect, Project number Various PANOPTESEC documents, presentations, scientific papers and videos are publically available at Please follow the project on: Linked in: Twitter: #PANOPTESEC For additional information please contact: (Member of Steering Committee)

23 One last word Thank you!

Symantec Security Monitoring Services

Symantec Security Monitoring Services 24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts

More information

Preemptive PREventivE Methodology and Tools to protect utilities

Preemptive PREventivE Methodology and Tools to protect utilities Preemptive PREventivE Methodology and Tools to protect utilities 2014 2017 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 1 Preemptive description Project objectives

More information

Improving SCADA System Security

Improving SCADA System Security Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

Continuous protection to reduce risk and maintain production availability

Continuous protection to reduce risk and maintain production availability Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS) APPENDI 2 ommendation () () 1. The City Manager in consultation with the Chief Information Officer give consideration to the establishment of an IBMS governance model which provides for senior management

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

Current skills gap for capable CTI analysts: Training for forensics & analysis

Current skills gap for capable CTI analysts: Training for forensics & analysis Current skills gap for capable CTI analysts: Training for forensics & analysis WORKSHOP CTI EU Bonding EU Cyber Threat Intelligence 30-31 October, Link Campus University, Rome, Italy Ing. Selene Giupponi

More information

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW: SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,

More information

CTI Capability Maturity Model Marco Lourenco

CTI Capability Maturity Model Marco Lourenco 1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information

More information

Reinvent Your 2013 Security Management Strategy

Reinvent Your 2013 Security Management Strategy Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

Arbor White Paper Keeping the Lights On

Arbor White Paper Keeping the Lights On Arbor White Paper Keeping the Lights On The Importance of DDoS Defense in Business Continuity Planning About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure the

More information

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats

More information

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,

More information

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location: Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security

More information

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information

Organizational Readiness for Digital Transformation

Organizational Readiness for Digital Transformation IVI Community Event Organizational Readiness for Digital Transformation Dr. Marian Carcary June 22nd 2017 Introduction Digital business transformation goes beyond traditional process optimization, to leveraging

More information

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform Fintech District The First Testing Cyber Security Platform In collaboration with CISCO Cloud or On Premise Platform WHAT IS SWASCAN? SWASCAN SERVICES Cloud On premise Web Application Vulnerability Scan

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams

More information

IBM Internet Security Systems Proventia Management SiteProtector

IBM Internet Security Systems Proventia Management SiteProtector Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and

More information

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable

More information

Security and resilience in Information Society: the European approach

Security and resilience in Information Society: the European approach Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments

More information

Cyber Defence Situational Awareness

Cyber Defence Situational Awareness Cyber Defence Situational Awareness HQ SACT, ACT Office of Security NC3A, CAT-2 1 Objectives of the Workshop Communicate and clarify the context of Cyber Defence within NATO Present ACT s Cyber Defence

More information

The Perfect Storm Cyber RDT&E

The Perfect Storm Cyber RDT&E The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce

More information

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just

More information

Bradford J. Willke. 19 September 2007

Bradford J. Willke. 19 September 2007 A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure

More information

Implementation Strategy for Cybersecurity Workshop ITU 2016

Implementation Strategy for Cybersecurity Workshop ITU 2016 Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren Intricacies and interdependencies cyber policies must address potential

More information

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat

More information

Digital Wind Cyber Security from GE Renewable Energy

Digital Wind Cyber Security from GE Renewable Energy Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well

More information

Securing Industrial Control Systems

Securing Industrial Control Systems L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting

More information

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair

More information

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto

More information

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure

More information

SIEMLESS THREAT DETECTION FOR AWS

SIEMLESS THREAT DETECTION FOR AWS SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting

More information

How AlienVault ICS SIEM Supports Compliance with CFATS

How AlienVault ICS SIEM Supports Compliance with CFATS How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal

More information

REPORT 2015/010 INTERNAL AUDIT DIVISION

REPORT 2015/010 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint

More information

ALIENVAULT USM FOR AWS SOLUTION GUIDE

ALIENVAULT USM FOR AWS SOLUTION GUIDE ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management

More information

Cyber Security Technologies

Cyber Security Technologies 1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales

More information

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors Dubai, June 11, 2007 Challenging Questions > Should we slow down

More information

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( ) Results-Framework Document (RFD) for CERT-In (-) RFD RESULTS-FRAMEWORK DOCUMENT for ICERT Department of Information Technology (-) Page 1 of 13 Results-Framework Document (RFD) for CERT-In (-) SECTION

More information

How security intelligence can be used for incident management. Volker Rath, Techn. Lead Consulting Services

How security intelligence can be used for incident management. Volker Rath, Techn. Lead Consulting Services How security intelligence can be used for incident management Volker Rath, Techn. Lead Consulting Services Safety and protection matters Lots of news about threats and diseases. Which immunizations? Spreading

More information

Cyber Security Solutions Mitigating risk and enhancing plant reliability

Cyber Security Solutions Mitigating risk and enhancing plant reliability P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical

More information

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker ArcGIS in the Cloud Andrew Sakowicz & Alec Walker Key Takeaways How to Identify Organizational Strategy & Priorities Esri s Cloud Offerings A Broad Spectrum Successfully Executing Your Strategy The Cloud

More information

Resilient Smart Grids

Resilient Smart Grids Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main

More information

Objectives of the Security Policy Project for the University of Cyprus

Objectives of the Security Policy Project for the University of Cyprus Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill

More information

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas

More information

Cyber Partnership Blueprint: An Outline

Cyber Partnership Blueprint: An Outline Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.

More information

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014 UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary

More information

About us: Finmeccanica

About us: Finmeccanica About us: Finmeccanica CP EXPO Workshop - «Risks and Security Management in Logistics and Transports» Cyber Security in Railways Systems, Ansaldo STS experience Part 2: Cyber Security Strategy and Design

More information

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

PREEMPTIVE PREventivE Methodology and Tools to protect utilities PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE

More information

Principles of Information Security, Fourth Edition. Chapter 1 Introduction to Information Security

Principles of Information Security, Fourth Edition. Chapter 1 Introduction to Information Security Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Introduction Information security: a well-informed sense of assurance that the information risks and controls

More information

Networks

Networks Networks +617 3222 2555 info@citec.com.au Queensland Government Network (QGN) Our Queensland Government Network (QGN) is central to the ICT services we provide. It is a government owned and managed network,

More information

Business Continuity Planning Keeping Pace with New Technology

Business Continuity Planning Keeping Pace with New Technology Business Continuity Planning Keeping Pace with New Technology Old issues, new threats Force Majeure Increasing severe weather incidents, terrorist attacks Legacy modernization Cutover issues, system crashes,

More information

Information Technology General Control Review

Information Technology General Control Review Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting CYBER THREAT INTEL: A STATE OF MIND Internal Audit, Risk, Business & Technology Consulting WHO ARE WE? Randy Armknecht, CISSP, EnCE Protiviti Director - IT Consulting randy.armknecht@protiviti.com Albin

More information

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants

More information

Continuous Monitoring and Incident Response

Continuous Monitoring and Incident Response Continuous Monitoring and Incident Response Developing robust cyber continuous monitoring and incident response capabilities is mission critical to energy-related operations in today s digital age. As

More information

Member of the County or municipal emergency management organization

Member of the County or municipal emergency management organization EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

Symantec Business Continuity Solutions for Operational Risk Management

Symantec Business Continuity Solutions for Operational Risk Management Symantec Business Continuity Solutions for Operational Risk Management Manage key elements of operational risk across your enterprise to keep critical processes running and your business moving forward.

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Developing a Model for Cyber Security Maturity Assessment

Developing a Model for Cyber Security Maturity Assessment Developing a Model for Cyber Security Maturity Assessment Tariq Al-idrissi, Associate Vice President IT, Trent University Ian Thomson, Information Security Officer, Trent University June 20 th, 2018 (8:45am

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

Seventh Framework Programme Security Research. Health Security Committee CBRN Section. 30 September by Clément Williamson

Seventh Framework Programme Security Research. Health Security Committee CBRN Section. 30 September by Clément Williamson Seventh Framework Programme 2007-2013 Security Research Health Security Committee CBRN Section 30 September 2009 by Clément Williamson clement.williamson@ec.europa.eu Work programme 2009 Info Day European

More information

Cyber Threat Prioritization

Cyber Threat Prioritization Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information

More information

The Importance of Cybersecurity Threat Detection for Utilities

The Importance of Cybersecurity Threat Detection for Utilities The Importance of Cybersecurity Threat Detection for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone

More information

White Paper. View cyber and mission-critical data in one dashboard

White Paper. View cyber and mission-critical data in one dashboard View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland

More information

GIS in Situational and Operational Awareness: Supporting Public Safety from the Operations Center to the Field

GIS in Situational and Operational Awareness: Supporting Public Safety from the Operations Center to the Field GIS in Situational and Operational Awareness: Supporting Public Safety from the Operations Center to the Field Glasgow Bombings- June 2007 Law Enforcement, Public Safety and Homeland Security Organizations

More information

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has

More information

Think Like an Attacker

Think Like an Attacker Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An

More information

Delivering Complex Enterprise Applications via Hybrid Clouds

Delivering Complex Enterprise Applications via Hybrid Clouds Whitepaper Delivering Complex Enterprise Applications via Hybrid Clouds As enterprises and industries shake off the effects of the last recession, the focus of IT organizations has shifted from one marked

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

TRUE SECURITY-AS-A-SERVICE

TRUE SECURITY-AS-A-SERVICE TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Hybrid Cyber Warfare, dual risks?

Hybrid Cyber Warfare, dual risks? Hybrid Cyber Warfare, dual risks? Cologne - 26/04/2017 ing. Giuseppe G. Zorzino ERMCP, CISA, CISM, CGEIT, CRISC, LA ISO27001 Bio Giuseppe Giovanni Zorzino Teacher and consultant of information security,

More information