Securing Plant Operation The Important Steps
|
|
- Angel Quinn
- 6 years ago
- Views:
Transcription
1 Stevens Point, WI Securing Plant Operation The Important Steps September 24, 2012 Slide 1
2 Purpose of this Presentation During this presentation, we will introduce the subject of securing your control system and the principles to bear in mind when designing security for a system: Least Privilege Least Function Defense in Depth To explain major security controls which should be deployed to your control system as a baseline, e.g. patch management, anti virus, hardening, system recovering. We will explain services that ABB has to help implement secure environment September 24, 2012 Slide 2
3 Three Key Issues to Address in System Vulnerability Network connectivity More and more connectivity is desired or even required An air gap is not as secure as many imagine Removable Media May be a valid use of the system with bad results Restrictions on use Proper procedures for necessary use Users of the system Protection against intentional mischief Training to protect against mistakes and human engineering September 24, 2012 Slide 3
4 Defense in Depth September 24, 2012 Slide 4
5 Standardization landscape Scope and completeness of selected standards Energy Design Details Industrial Autom. IT IEC Technical NIST IEEE P 1686 Aspects Details of Operations CPNI Relevance for Manufacturers NERC CIP ISO 27K ISA 99* Management Aspects Operator Completeness Manufacturer * Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to ISA to make the alignment with the IEC series more explicit and obvious.
6 Two Important Principles Common to Most Standards Principle of Least Privilege No user should have more rights and permissions than needed to perform his function in the system Principle of Least Function Only the functions needed for the system to accomplish its purpose should be present or enabled in the system September 24, 2012 Slide 6
7 Example: Least Privilege Considerations Is there is a real strategy for the membership of groups such as Operators, Engineers, Administrators? Do these groups have wide ranging permissions? Are personnel routinely added to multiple groups? No operator should log onto a control system machine as an administrator. No engineering user should log on as an administrator unless there is a need to perform administrative duties and they have this responsibility. Even engineering accounts should have limitations on their rights that limit them to the activities that are part of their jobs. There should be no use of the powerful service account for other any other uses. Local login should be disabled in the security policy for the service account. September 24, 2012 Slide 7
8 Example: Least Function Considerations Is there any software loaded on the system that doesn t need to be there such as games that come with default loads of Windows? Are any services enabled that don t need to be? Are any network ports open that don t need to be? Is removable media access required to accomplish the functions of the control system computers? Should servers in the system be used as operating screens? Perhaps operating workplaces should limit which accounts can log in based on function September 24, 2012 Slide 8
9 Network Architecture Considerations Is the control system network completely isolated from any other network? If connected to another network, does it use a firewall to segregate the networks? Has the firewall been specifically configured for the least access required? Is any use of RPC (DCOM) permitted through the firewall such as for classic OPC? (If so, a tunneling product should be used to eliminate this.) Are there any dual homed hosts in use? (One NIC on the control system LAN and one NIC on another network such as the corporate network) Does the ABB control system share a domain controller with any other control system or with an enterprise domain? Is wireless in use? If so, does it use secure encryption? (WPA Enterprise, Radius Server, IPSEC) Are there any dial up connections to the system? Are there any direct connections such as an EWS or Historian on the corporate network bypassing the firewall? (An example here is a historian on the corporate network connected to an Infi90 system via a CIU.) Any remote connections to the system? Do they use a reverse tunneling technology or are they initiated from outside the firewall? If from outside do they use VPN? September 24, 2012 Slide 9
10 User Account Policies Establish hierarchy of User Accounts (operator, tech, admin, etc) Even an Administrator should not log on as Administrator except to perform those duties Domain wide policy to enforce: Password Requirements and Role Association Define Remote Access Security Operator Group Policy that restricts access to Desktop and Applications Shared Operator Accounts are they okay by standards such as ISA99 and NERC? September 24, 2012 Slide 10
11 Password Policies Standard practice today is complex passwords and regular changes, but this may not be possible for some accounts in a process control environment. What about shared operator accounts? September 24, 2012 Slide 11
12 800xA User Account Model User access is controlled by a three-dimensional model: Person x Object x Function. ƒa role based access is implemented. The system restricts access according to the user and user role configuration. For example Operator role can acknowledge alarms. Security can be further defined for an individual user on a process section basis or even an individual tag basis. For example Unit 1 operators can acknowledge alarms only for Unit 1. ƒall accesses and changes to the 800xA system and data are logged and tracked in the audit trail. September 24, 2012 Slide 12
13 Services A required services list is published for each product Programs that start without user intervention Can be configured to start automatically or manually or not at all Can configure which account starts the program September 24, 2012 Slide 13
14 Securing Removable Media Why secure removable Media? June 2010 Stuxnet; spread via infected removable USB media is discovered. It is the first malware application to include a PLC rootkit. Methods First line of defense: Physical restriction to computers + BIOS protection Second Line of Defense: Physical Locks on Available Ports Third Line of Defense: Deny OS access to removable media using Group Policy or 3 rd party solution September 24, 2012 Slide 14
15 Securing Removable Media Methods Hardware Locks Samples BIOS protection from boot off USB device Microsoft Group Policy Group Policy Management Console 3 rd Party endpoint protection Several free and paid 3 rd party utilities September 24, 2012 Slide 15
16 Securing Removable Media Control Access using Hardware Lock Mechanism Always restrict physical access to the machines as much as possible even if USB locks are used! 2 Types of Locking Mechanisms Effective Secure Dust Protection Cosmetic Child Proof Locking = September 24, 2012 Slide 16
17 Patch Management Patch management Must be certain that no change to the system will adversely affect operation. Patches must be kept current within 30 days. NERC CIP-007, ISA TR Ports and services required for the applications must be identified and only those ports and services may be enabled NERC CIP-007, ISA SR 7.6, 7.7 Account management Authentication and accountability required, principle of least privilege, security audit trail, periodic review, password policies, personnel changes NERC CIP-007, ISA SR 1.1, 1.2, 6.2 September 24, 2012 Slide 17
18 Security Updates Patch Management Which updates are validated for my system? Where do I get the updates? How do I install the updates? September 24, 2012 Slide 18
19 Which updates are validated for my system? Find the validated update document for your products at: September 24, 2012 Slide 19
20 Where do I get the updates? Subscribe to Sentinel Can retrieve update documentation from Solutionsbank New add on service for Sentinel Subscribers Sentinel subscribers can receive a Security Update CD in the mail as they are released. These update cds currently only support 800xa 5.0 and 5.1 systems, but other systems are being considered for inclusion. September 24, 2012 Slide 20
21 Download from Solutionsbank As the updates are validated and compiled for the Security Update cd, they are also made available as a download in Solutionsbank September 24, 2012 Slide 21
22 Automatic Downloads with WSUS Utilizing WSUS services from Microsoft, all updates can be downloaded, approved by you based on the ABB Validated Update document, and installed to all nodes in your system using the built in windows update feature. September 24, 2012 Slide 22
23 Manual Downloads ABB validated updates can also be downloaded manually, directly from the validated update document. Each update listed in the document includes a hyperlink to Microsoft s TechNet update site. September 24, 2012 Slide 23
24 How do I install the updates? Generally the procedure to install the updates will depend on how you got them. If you received the cd in the mail, all you need to do is perform a maintenance stop on the node you want to install to, and install the CD. The security update installation window will appear, prompting to begin the install. After all of the updates have installed, reboot the node to restart all of the ABB services. If you downloaded the update file from Solutionsbank, unzip the file and burn it to a cd, then the procedure will be the same as above. You can also copy the files to a USB flash drive or a network share and run the install from there. If you manually downloaded the files either from the links in the update document or used another manual process, the files need to be individually installed. It is possible to automate the installation process up by creating a batch file to install the updates. September 24, 2012 Slide 24
25 Example References Recovery Plans for Critical Cyber Assets Recovery plans must be documented including who is responsible Plans must be tested at least annually including walking through a simulated loss and recovery These plans are not limited to backing up software, but may include recording configuration settings, etc. Backups can be made without affecting normal plant operation The system shall support automating this function Software backup media must be tested NERC CIP-009, ISA99.03 SR 7.3 September 24, 2012 Slide 25
26 Question: What type of backups do I need to make? September 24, 2012 Slide 26
27 Answer: What type of failure are you going to have? September 24, 2012 Slide 27
28 Software Backup Strategies Application Backups Disk Image Backups Active Directory Backups Domain Controller Backups Scheduling Considerations Verifying Backups September 24, 2012 Slide 28
29 Application backups vs. image backups Application Backups Backs up specific data and configuration for an application or project. Great for restoring pieces of lost information. Useful for replacing corrupt files Only needed as often as the data changes. Not OS or hardware specific but usually version specific Does not backup the application itself. Great for upgrades September 24, 2012 Slide 29
30 Application backups vs. Image backups Disk Images Full sector by sector image of the entire drive or partition. Great for reloading the entire disk or computer. Fastest recovery method for failed hard drive. Useful for creating off-line virtual systems for troubleshooting issues. Regulatory compliance for testing backups can be met through virtualization. File and folder information can be restored through mounting the image as a drive. September 24, 2012 Slide 30
31 Services to help achieve secure the system Security Support Services Software Backup Services Patch Management Services Change Management and Security Logging These services are available for Microsoft Windows based systems: 800xA All connectivity options Symphony Process Portal B, Conductor NT, Conductor VMS clients September 24, 2012 Slide 31
32 Security Support Services Solutions Audits and policy validation Compatibility testing System hardening and policy implementation Documentation and training Consulting September 24, 2012 Slide 32
33 ABB Cyber Security Audit and Hardening Services September 24, 2012 Slide 33
34 Regulatory and Standards Considerations ABB bases our recommendations and service offerings on internationally recognized principles and best practices. Regulations are the key element driving some market segments and help define our programs. Examples: NERC CIP - Has force of law in US OLF Guideline Best Practice widely adopted in Oil and Gas industry Existing and emerging standards help define what steps are taken. Examples: ISA99 ISO NIST September 24, 2012 Slide 34
35 Standardization landscape Scope and completeness of selected standards Energy Design Details Industrial Autom. IT IEC Technical NIST IEEE P 1686 Aspects Details of Operations CPNI Relevance for Manufacturers NERC CIP ISO 27K ISA 99* Management Aspects Operator Completeness Manufacturer * Since the closing of the ESCoRTS project, ISA decided to relabel the ISA 99 standard to ISA to make the alignment with the IEC series more explicit and obvious.
36 Services and Ports A very important step for securing computers is to eliminate unneeded services and network ports Services and ports are audited to record their current state and are compared to the ABB required services documentation Any required third party services are reviewed All others are disabled or uninstalled Reduces the amount of functions for the computer September 24, 2012 Slide 36
37 Additional Security Principles Reviewed Recommendations Made Physical Restriction to Interfaces Removable Media Policies and Settings BIOS Boot Settings and Configuration Passwords Security Policy Administration Principle of Least Privilege Use of shared accounts Standards for desktop lockdown Auditing of Security Events Reporting of Patch Management and Antivirus Deficiencies Network Architecture Considerations September 24, 2012 Slide 37
38 Reporting Detailed reporting provides easy to interpret summary Also provides details of discrepancies with customer s own policy or ABB secure default policies Provides recommendations to correct deficiencies
39 Reporting
40 Reporting
41 Security Support Services System Hardening and Policy Implementation User Roles, Access Control and Workstation Hardening Establish hierarchy of User Accounts (operator, tech, admin, etc) Domain wide policy to enforce: Password Requirements and Role Association Define Remote Access Security Operator Group Policy that restricts access to Desktop and Applications Provide hardening services as applicable Close un-necessary ports Disable non-essential services September 24, 2012 Slide 41
42 Security Support Services System Hardening and Policy Implementation Schedule appropriate time for implementation Often changes can be done with no impact on operations, but an attitude of caution may be prudent depending on the process Software upgrades and major system changes may be recommended if operating systems are obsolete Depending on changes, an outage may be required, e.g. if software upgrades are required Implement changes on site Configuration with firewall and other mechanisms Most changes can be made with group policies if the system is in a domain Final test of all changes in the operating environment Prepare final report of as delivered changes September 24, 2012 Slide 42
43 Security Support Services Consulting and on-going compliance support The system is likely to fall out of compliance over time, as a result of: Intentional or unintentional changes Replacements of PCs Software reloads, upgrades, etc. New threats Periodic Audits to ensure correct settings Discussions with the plant personnel responsible for the program to make sure the program is meeting their needs September 24, 2012 Slide 43
44 Security Support Services Consulting and on-going compliance support Provide training as turnover of security responsible personnel occurs in the plant Create procedure documents for loading computers with correct security policy settings Implement policy requirements for new equipment added to plant or on any replacements shipped to plant Implement a secure remote connection to your system For remote support from ABB (see our remote enabled services demonstration in the US Services exhibit) For your own use to securely connect to the system from a remote location September 24, 2012 Slide 44
45 Software Backup Services Purposes A service to safeguard the data and configuration of the system against loss A service to enable rapid recovery from a computer device failure A service to maintain the data needed in the process of an upgrade of the applications A service that verifies system recovery data is valid A service to help in meeting regulatory requirements such as NERC CIP regulations regarding disaster recovery September 24, 2012 Slide 45
46 Software Backup Services Features Hard drive imaging to a central server Configuration backups in addition to imaging Customized scheduling and scripting to automate the update of images ABB tested bandwidth and CPU utilization to avoid performance problems Full domain integration Backup image testing Restoration training September 24, 2012 Slide 46
47 Patch Management Services Software updates Update ABB control system applications Install MS Operating System Hotfixes and Patches as applicable Submit Summary Report with as-hardened baseline Prepare Patch Management Process documentation Option for quarterly or semi-annual return service for updating available Option for installation of an update server for automating roll-out of Windows Security Patches September 24, 2012 Slide 47
48 Patch Management Services Anti-Virus / Malware Protection Load and configure Antivirus in accordance with ABB guidelines for application performance Update Virus Scan Engine Load current definition files Configure Automated Scan schedule Submit Summary Report Option for installation of an update server for automating update of Anti-Virus updates September 24, 2012 Slide 48
49 Security Solutions Secure Remote Access Connection to Corporate Network via Router w/ Firewall or DMZ. Allows for Remote Diagnostics for Control System support Can Support WSUS (Windows Update) and Anti Virus Updates Allows for Remote Operator and Engineering Clients Secured as Read-Only Configured for off-site Operation and Maintenance September 24, 2012 Slide 49
50 Service Environment Cyber Security Service Portfolio Risk Assessment Create asset register Criticality classification Support security policy creation Support creation of a security organization Gap analysis and Services design Infrastructure for Services delivery Maintenance of System Recovery Plan User Management ABB Remote Monitoring and Operations Room Anti virus management Microsoft Patch Management System backup/restore management NIDS/HIDS Management Virus removal September 24, 2012 Slide 50
51 ABB Group September 24, 2012 Slide 51
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant 1 The Foxboro Evo TM Process Automation System Addressing the needs across your operation today and tomorrow. 2 Industrial Control Systems
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationWindows Server Security Best Practices
University Information Technology Services Windows Server Security Best Practices Page 1 of 13 Initial Document Created by: 2009 Windows Server Security Best Practices Committee Document Creation Date:
More informationThe University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems
The University of Texas at El Paso Information Security Office Minimum Security Standards for Systems 1 Table of Contents 1. Purpose... 3 2. Scope... 3 3. Audience... 3 4. Minimum Standards... 3 5. Security
More informationNERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks
NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCyber Security Solutions Mitigating risk and enhancing plant reliability
P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationLindström Tomas Cyber security from ABB System 800xA PA-SE-XA
Lindström Tomas 2013-09-02 Cyber security from ABB System 800xA PA-SE-XA-015963 Cyber Security solutions from ABB Agenda Cyber Security in ABB: general view, activities, organization How we work with Cyber
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationCyber Essentials Questionnaire Guidance
Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationSERVER HARDENING CHECKLIST
SERVER HARDENING CHECKLIST WINDOWS 2003 SERVER CHECKLIST This checklist contains server hardening procedures for Windows 2003 Server. The procedures listed in this document are a balance of industry best
More informationMobility Windows 10 Bootcamp
Mobility Windows 10 Bootcamp Length: 8 days Format: Bootcamp Time: Day About This Course This boot camp is designed to provide students with the knowledge and skills required to install and configure Windows
More informationCompTIA A+ Certification ( ) Study Guide Table of Contents
CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationEllipse Support. Contents
Ellipse Support Ellipse Support Contents Ellipse Support 2 Commercial In Confidence 3 Preface 4 Mission 5 Scope 5 Introduction 6 What do you need to know about tuning and configuration? 6 How does a customer
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationReady Theatre Systems RTS POS
Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationChapter 16: Advanced Security
: Advanced Security IT Essentials: PC Hardware and Software v4.0 1 Purpose of this Presentation To provide to instructors an overview of : List of chapter objectives Overview of the chapter contents, including
More informationSECURITY POLICY FOR USER. 1.Purpose: The policy aims at providing secure and acceptable use of client systems.
SECURITY POLICY FOR USER 1.Purpose: The policy aims at providing secure and acceptable use of client systems. 2.Scope: This policy is applicable to the employees in the Ministry / Department / Subordinate
More informationIPM Secure Hardening Guidelines
IPM Secure Hardening Guidelines Introduction Due to rapidly increasing Cyber Threats and cyber warfare on Industrial Control System Devices and applications, Eaton recommends following best practices for
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationVMware Mirage Getting Started Guide
Mirage 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationCompTIA A+ Accelerated course for & exams
CompTIA A+ Accelerated course for 220-901 & 220-902 exams Course overview Target Audience This course is for Participants wishing to take and pass both CompTIA A+ exams (220-901 and 220-902) exam. It is
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:
UCOP ITS Systemwide CISO Office Systemwide IT Policy UC Event Logging Standard Revision History Date: By: Contact Information: Description: 05/02/18 Robert Smith robert.smith@ucop.edu Approved by the CISOs
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationGerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures
Gerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures ABB Group June 20, 2012 Slide 1 Situation of today The potential
More informationWindows Server Upgrade tips and tricks. Winnie Leung Technology Specialist Microsoft Corporation
Windows Server Upgrade tips and tricks Winnie Leung Technology Specialist Microsoft Corporation Windows Server Release Cycle Mainstream Service Packs & Updates At least 5 years from major release Extended
More informationVMware Mirage Getting Started Guide
Mirage 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationAdministering System Center Configuration Manager
Course 20703-1A: Administering System Center Configuration Manager Course Outline Module 1: Managing computers and mobile devices in the enterprise This module describes the features of Configuration Manager
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationRIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich
RIPE RIPE-17 Table of Contents The Langner Group Washington Hamburg Munich RIPE Operations Technology Management Plan (MP-17) 0.1 Purpose... 4 0.2 Process Overview... 4 0.3 Implementation Scope... 5 0.4
More informationStandard: Event Monitoring
October 24, 2016 Page 1 Contents Revision History... 4 Executive Summary... 4 Introduction and Purpose... 5 Scope... 5 Standard... 5 Audit Log Standard: Nature of Information and Retention Period... 5
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationServer Hardening Title Author Contributors Date Reviewed By Document Version
Server Hardening The University of Waikato Title Server Hardening Author Milton Markose (Systems Administrator Security) Contributors Information Security Forum (ISF) Date 21-08-2014 Reviewed By Information
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationAgenda. Today s IT Challenges. Symantec s Collaborative Architecture. Symantec TM Endpoint Management Suite. Connecting Symantec Technologies Today
Agenda 1 Today s IT Challenges 2 Symantec s Collaborative Architecture 3 Symantec TM Endpoint Management Suite 4 Connecting Symantec Technologies Today 5 Q & A 1 Traditional Protection isn t Good Enough
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationABB Ability Cyber Security Services Protection against cyber threats takes ability
ABB Ability Cyber Security Services Protection against cyber threats takes ability In today s business environment, cyber security is critical for ensuring reliability of automation and control systems.
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationAbout NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB
About NitroSecurity NitroEDB IDS / IPS SIEM Log Mgmt Database Monitor Application Data Monitor Born from the INL Highly Optimized Core Architecture, Using Patented Technology - 8 unique mechanisms to improve
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Details Course Outline Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More information