Security Metrics. February 25, Annabelle Lee Senior Technical Executive
|
|
- Carmella Conley
- 6 years ago
- Views:
Transcription
1 Security Metrics February 25, 2015 Annabelle Lee Senior Technical Executive
2 Cybersecurity Capability Maturity Model (C2M2) Overview Expansion Project and Comparative Analysis
3 Framework Implementation Guidance Mapping (Project #1) CSF Core C2M2 CSF Tiers C2M2 Functions Categories Subcategories Informative References MIL 1 ES-C2M2 Practices MIL 2 MIL 3 CSF Tiers MIL 1 C2M2 Practices MIL 2 MIL 3 IDENTIFY Tier 1: Partial PROTECT Tier 2: Risk Informed DETECT RESPOND Tier 3: Repeatable RECOVER Tier 4: Adaptive
4 C2M2 Comparative Analysis (Project #2) C2M2 Industry Standards Domains Objectives Practices Cyber Security Framework NISTIR 7628 SP NRECA Cyber Security Guidelines Others as requested by industry Risk Management Asset, Change, & Configuration Management Identity and Access Management Cyber Program Management
5 Next Steps Harmonize Converge the various disparate maps Align controls where applicable Vet Vet harmonization with subject matter experts across industry and government Reconfigure map as appropriate based on feedback Map to C2M2 Add as modules to C2M2 expansion project, with the sectorspecific standards Release as v1.0, acknowledging future releases will be needed as industry uses the modules and maps provided.
6 Practical Risk Management Getting Started.. 6
7 7
8 Risk Management in Practice A Guide for the Electric Sector EPRI Technical Update:
9 Background. DOE ES-C2M2 Toolkit Risk Management Process Energy Sector Cybersecurity Framework Implementation Guidance NIST Framework for Improving Critical Infrastructure Cybersecurity, v1.0, Feb 2014 NISTIR 7628, Guidelines for Smart Grid Cyber Security, v1.0, August 2010 EPRI NESCOR Failure Scenarios and Impact Analyses 9
10 Example from the Document
11 Security Posture using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2): EPRI Technical Update
12 Background. Companion document to: Risk Management in Practice A Guide for the Electric Sector EPRI Technical Update: Traces NISTIR 7628 security requirements to ES-C2M2 security practices Identifies assessment methods based on Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security, SGIP CSWG, _1, Version 1.0, August 24, 2012 Includes application guidance for ES-C2M2 assessments against systems 12
13 Security Posture Assessment NISTIR 7628 assessment methods Examine - review, inspect, observe, study, or analyze one or more assessment objects e.g., specifications, mechanisms, or activities). Interview - conduct discussions with individuals or groups of individuals Test - exercise one or more assessment objects under specified conditions to compare actual with expected behavior ES-C2M2 Determination Not Implemented Partially Implemented Largely Implemented Fully Implemented 13
14 Application Guidance Example Manage Asset Configuration MIL3 Configuration Management: The organization should develop and maintain baseline configurations for the groups of control systems. The ES-C2M2 process should include an assessment to ensure the baselines are reviewed and updated and that the configurations are monitored. The GRC requirements should be developed and applied at the system level, and not at the organization level. SG.CM-2: Baseline Configuration 14
15 Logical Interface Category 6: Interface Between Control Systems in Different Organizations 15 Unique Technical Requirements: SG.AC-14: Permitted Actions with Identification or Authentication The associated ES-C2M2 practice is IAM-2a SG.IA-4: User Identification and Authentication The associated ES-C2M2 practices are IAM-1a and IAM-1b SG.SI-7: Software and Information Integrity The associated ES-C2M2 practices are SA-2e and SA-2i
16 Cyber Security Risk Management in Practice Comparative Analyses Tables EPRI Technical Update
17 Comparative Analyses Content Companion document to the Risk Management and Security Posture documents Includes additional crosswalk tables NISTIR 7628, NIST SP , and NIST Cybersecurity Framework NEI 08-09, NRC RG 5.71 and NISTIR 7628 NESCOR Failure Scenarios, Common Mitigations, Common Vulnerabilities and ES-C2M2 NISTIR 7628 Gap Analysis related to the ES-C2M2 and the NIST Cybersecurity Framework 17
18 Discussion 18
19 Together Shaping the Future of Electricity 19
Smart Grid Standards and Certification
Smart Grid Standards and Certification June 27, 2012 Annabelle Lee Technical Executive Cyber Security alee@epri.com Current Environment 2 Current Grid Environment Legacy SCADA systems Limited cyber security
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationManaging SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland
Managing SCADA Security NISTIR 7628 and the NIST/SGIP CSWG May 25, 2011 Frances Cleveland fcleve@xanthus-consulting.com Xanthus Consulting International Topics NISTIR 7628 NIST/SGIP CSWG and its Subgroups
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationEffectively Measuring Cybersecurity Improvement: A CSF Use Case
SESSION ID: GRC R03F Effectively Measuring Cybersecurity Improvement: A CSF Use Case Greg Witte Sr. Cybersecurity Engineer G2, Inc. @TheNetworkGuy Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle
More informationDeveloping a Model for Cyber Security Maturity Assessment
Developing a Model for Cyber Security Maturity Assessment Tariq Al-idrissi, Associate Vice President IT, Trent University Ian Thomson, Information Security Officer, Trent University June 20 th, 2018 (8:45am
More informationImproving Cybersecurity through the use of the Cybersecurity Framework
Improving Cybersecurity through the use of the Cybersecurity Framework March 11, 2015 Tom Conkle G2, Inc. Agenda Cybersecurity Framework Why it was created What is it Why it matters How do you use it 2
More informationExecutive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity
More informationBonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology
Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity May 2017 cyberframework@nist.gov Why Cybersecurity Framework? Cybersecurity Framework Uses Identify mission or business cybersecurity dependencies
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationAustralian Energy Sector Cyber Security Framework. Frequently Asked Questions FINAL V1-0
Australian Energy Sector Cyber Security Framework Frequently Asked Questions FINAL V1-0 October 2018 Contents Acronyms and Abbreviations 2 General and Background 3 What is the scope of this FAQ? 3 What
More informationThe Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,
The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology 1 Speaker
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationCyber Security & Homeland Security:
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationstandards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices
standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices mike.garcia@cisecurity.org The big three in their own words ISO 27000: family of standards to help organizations
More informationFrom the Trenches: Lessons learned from using the NIST Cybersecurity Framework
From the Trenches: Lessons learned from using the NIST Cybersecurity Framework Greg Witte Sr. Cybersecurity Engineer G2, Inc. Greg.Witte@G2-inc.com Tom Conkle Cybersecurity Engineer G2, Inc. Tom.Conkle@G2-inc.com
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationRISK MANAGEMENT IBERDROLA S CASE
RISK MANAGEMENT IBERDROLA S CASE TODAY S ENVIRONMENT Smart grids entail introducing millions of new intelligent components to energy infrastructures that communicate and control energy distribution and
More informationElectric Sector Security & Privacy Plans for 2011
Electric Sector Security & Privacy Plans for 2011 Galen Rasche Technical Executive Erfan Ibrahim Technical Executive Ad-Hoc Smart Grid Executive Committee 2011-Feb-10 Contents PDU Cyber Security R&D Portfolio
More informationKent Landfield, Director Standards and Technology Policy
Kent Landfield, Director Standards and Technology Policy How would you represent your entire risk landscape to your senior management? And how would you get there? A Changing Landscape Drives Security
More informationCyber Security Requirements for Supply Chain. June 17, 2015
Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationOntario Energy Board Cyber Security Framework
Ontario Energy Board Cyber Security Framework Accelerating compliance using Security-as-a-Service (SECaaS) Office: 888.876.0504 Email: info@stratejm.com Website: www.stratejm.com About this Whitepaper
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationAd Hoc Smart Grid Executive Committee. February 10, 2011 New Orleans, LA
Ad Hoc Smart Grid Executive Committee February 10, 2011 New Orleans, LA Agenda Time Topic and Location Lead 3:00 3:10p Welcome & Introductions George Bjelovuk, AEP 3:10 3:40p Regulatory Trends for Cyber
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationImproving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework
1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationUsing Metrics to Gain Management Support for Cyber Security Initiatives
Using Metrics to Gain Management Support for Cyber Security Initiatives Craig Schumacher Chief Information Security Officer Idaho Transportation Dept. January 2016 Why Metrics Based on NIST Framework?
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationRSA Cybersecurity Poverty Index : APJ
RSA Cybersecurity Poverty Index : APJ 2016 Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationNIST CyberSecurity Framework+ Brian Ventura SANS Community Instructor ISSA Portland, Director of Education Information Security Architect, City of
NIST CyberSecurity Framework+ Brian Ventura SANS Community Instructor ISSA Portland, Director of Education Information Security Architect, City of Portland water@bighead.org @brianwifaneye Who am I? Brian
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 National Institute of Standards and Technology January 10, 2017 Note to Reviewers on the Update and Next Steps The draft
More informationSmart Grid and Cyber Security
Smart Grid and Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology December 10, 2009 President s Cyberspace Policy Review
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationFramework for Improving Critical Infrastructure Cybersecurity
1 Framework for Improving Critical Infrastructure Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Dean Bickerton ISA New Orleans April 5, 2016 A Brief Commercial
More informationThe Water Sector Approach to Cybersecurity
The Water Sector Approach to Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Kevin M. Morley, PhD American Water Works Association 2016 ISA Water / Wastewater
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationRSA Cybersecurity Poverty Index
RSA Cybersecurity Poverty Index 2016 RSA Cybersecurity Poverty Index Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationUnited States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.
United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System Overview Coast Guard Cyber Strategy Cyber Framework (CSF) What does it mean
More informationNational Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division
National Cybersecurity Challenges and NIST Matthew Scholl Chief Computer Security Division National Archives The Importance of Standards Article I, Section 8: The Congress shall have the power to fix the
More informationProtecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities
Cybersecurity Basics For Energy Managers Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific
More informationFISMA Cybersecurity Performance Metrics and Scoring
DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationOverview of the Cybersecurity Framework
Overview of the Cybersecurity Framework Implementation of Executive Order 13636 Matt Barrett Program Manager matthew.barrett@nist.gov cyberframework@nist.gov 15 January 2015 Executive Order: Improving
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationNIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology
NIST Cybersecurity Testbed for Transportation Systems CheeYee Tang Electronics Engineer National Institute of Standards and Technology National Institute of Standards and Technology (NIST) About NIST NIST
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationWide Area Monitoring, Protection, and Control Systems (WAMPAC) Standards for Cyber Security Requirements
Wide Area Monitoring, Protection, and Control Systems (WAMPAC) Standards for Cyber Security Requirements DRAFT October 26, 2012 National Electric Sector Cybersecurity Organization Resource (NESCOR) Wide
More informationDear Mr. Games: Please see our submission attached. With kind regards, Aaron
From: Aaron P. Padilla Date: Mon, Apr 10, 2017 at 3:16 PM Subject: API Response to the Proposed Update to the Framework for Improving Critical Infrastructure Cybersecurity To: "cyberframework@nist.gov"
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationSmart Grid Cyber Security Strategy and Requirements
DRAFT NISTIR 7628 Smart Grid Cyber Security Strategy and Requirements The Smart Grid Interoperability Panel Cyber Security Working Group February 2010 DRAFT NISTIR 7628 Smart Grid Cyber Security Strategy
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationUsing the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017
Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017 Presenters: Allie Russell, Conexxus Kara Gunderson, DSSC Chair, CITGO Petroleum Chris Lietz & Bob Post, Coalfire Housekeeping
More informationMANAGING THE EFFECTIVENESS OF A CYBER SECURITY PROGRAM THROUGH A NIST CYBER SECURITY FRAMEWORK EVALUATION
MANAGING THE EFFECTIVENESS OF A CYBER SECURITY PROGRAM THROUGH A NIST CYBER SECURITY FRAMEWORK EVALUATION Art Ehuan Alvarez & Marsal Global Cyber Risk Services LLC AGENDA þ How does an organization know
More informationMaritime Bulk Liquids Transfer Cybersecurity Framework Profile
Maritime Bulk Liquids Transfer Cybersecurity Framework Profile Table of Contents Executive Summary... iv Background... iv The Profile... iv Benefits... v 1. Introduction... 1 1.1. Purpose... 1 1.2. Audience
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationSYSTEMS ASSET MANAGEMENT POLICY
SYSTEMS ASSET MANAGEMENT POLICY Policy: Asset Management Policy Owner: CIO Change Management Original Implementation Date: 7/1/2017 Effective Date: 7/1/2017 Revision Date: Approved By: NIST Cyber Security
More informationEnterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018
Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk
More informationNational Cybersecurity Center of Excellence
The 3rd Annual Intelligence and National Security Forum Jim McCarthy NIST / NCCoE 05/11/2018 This presentation is unclassified in its entirety Foundations Collaborative Hub The NCCoE assembles experts
More informationFramework for Improving Critical Infrastructure Cybersecurity. and Risk Approach
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationTaking the Guesswork out of the NIST CSF
Taking the Guesswork out of the NIST CSF IADC Cybersecurity Workshop Perry Pederson The Langner Group Washington DC Hamburg Munich Agenda Asset IdenEficaEon Vulnerability Assessment Governance Process
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationProgram Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS
Program Review for Information Security Management Assistance Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS Disclaimer and Purpose PRISMA, FISMA, and NIST, oh my! PRISMA versus an Assessment
More informationCybersecurity Framework Manufacturing Profile
Cybersecurity Framework Manufacturing Profile Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST National Institute of Standards and Technology (NIST) NIST
More informationCyber Information Sharing
Cyber Information Sharing Renault Ross CISSP, MCSE, CHSS, VCP5 Chief Cybersecurity Business Strategist Ian Schmertzler President Know Your Team Under Pressure Trust Your Eyes Know the Supply Chain Have
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationGPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security
GPS Vulnerability and DHS Mitigation Efforts David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security The Office of Infrastructure Protection National Protection
More informationSecuring Buildings & Facilities From Emerging Cyber Threats
Session 5: [Session Title] Securing Buildings & Facilities From Emerging Cyber Threats Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific Northwest National Lab August 10, 2016 Rhode Island
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More information