Industrial Security - Protecting productivity IEC INDA
|
|
- Kristin Whitehead
- 6 years ago
- Views:
Transcription
1 Industrial Security - Protecting productivity IEC INDA siemens.com/industrialsecurity
2 Industrial Security IEC Page
3 IACS, automation solution, control system Industrial Automation and Control System (IACS) Asset Owner System Integrator IACS environment / project specific operates designs and deploys Basic Process Control System (BPCS) Operational and Maintenance policies and procedures + Automation solution Safety Instrumented System (SIS) is the base for Complementary Hardware and Software Product Supplier Independent of IACS environment develops Embedded devices Control System as a combination of Network components Host devices Applications Page
4 Actual structure of IEC / ISA Main documents to be published IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and 2-1 Requirements for an IACS 3-1 Security technologies for IACS models security management system IS* 2009 TR* 2009 Ed.2.0 Profile of ISO / Master glossary of terms and abbreviations 1-3 System security compliance metrics DTS* 1Q14 Rejected CDV* 3Q Patch management in the IACS environment TR* 06/ Requirements for IACS solution suppliers 3-2 Security risk assessment and system design CDV* 3Q System security requirements and security levels IS* 08/ Product development requirements DC* 1Q Technical security requirements for IACS products DC* 3Q15 IS* 06/15 Definitions Metrics Requirements placed on security organization and processes of the plant owner and suppliers Requirements to achieve a secure system Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page
5 Various parts of IEC / ISA are addressing Defense in Depth IACS environment / project specific Asset Owner Operational and Maintenances policies and procedures System Integrator Policies and procedures Security capabilities of the Automation Solution Product Supplier Security capabilities of the products Development process Independent of IACS environment Page
6 Each stakeholder can create vulnerabilities Example User Identification and Authentication Asset Owner System Integrator can create weaknesses IACS environment / project specific designs and deploys can create weaknesses operates Industrial Automation and Control System (IACS) Basic Process Control System (BPCS) Operational and Maintenance policies and procedures + Automation solution Safety Instrumented System (SIS) is the base for Complementary Hardware and Software Invalid accounts not deleted Non confidential passwords Passwords not renewed Temporary accounts not deleted Default passwords not changed Product Supplier can create weaknesses Independent of IACS environment develops Embedded devices Control System as a combination of Network components Example: User Identification and Authentication Host devices Applications Elevation of privileges Hard coded passwords Page
7 Industrial Security IECEE / INDA Page
8 IECEE INDA / Industrial Security IEC CB Schemes MEAS POW Industrial EMC Product Safety.. Security Management Processes Products Systems Organizational Contracts Plant Audit Product Development Page
9 IEC EE INDA / Industrial Security IEC CB Schemes MEAS POW Industrial EMC Product Safety.. Security Management Processes 3 Products 4 Systems Organizational Contracts 1 Plant Audit 2 Product Development Page
10 Actual structure of IEC / ISA Main documents to be published IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and 2-1 Requirements for an IACS 3-1 Security technologies for IACS models security management system IS* 2009 TR* Ed.2.0 Profile of ISO / Master glossary of terms and abbreviations 1-3 System security compliance metrics DTS* 1Q14 Rejected Definitions Metrics 1 CDV* 3Q Patch management in the IACS environment TR* 06/ Requirements for IACS solution suppliers IS* 06/15 Requirements placed on security organization and processes of the plant owner and suppliers Security risk assessment and system design CDV* 3Q System security requirements and security levels IS* 08/2013 Requirements to achieve a secure system Product development requirements DC* 1Q Technical security requirements for IACS products DC* 3Q15 Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page
11 IEC / IECEE Working Groups IEC CAB WG 17 Group for Cyber Security Decision 37/21 CAB WG 17 Cyber Security The CAB thanked WG 17 for its report, CAB/1383/R, noted that its scope is focused on home automation, smart devices (such as smart meters) and medical devices, and indicated that WG 17 should focus on all those sectors concerned with cyber security except those currently being worked on in IECEE (industrial automation). IECEE-PSC WG 3 TF 2 Task Force Cyber Security Terms of Reference: To make an unique approach for conformity assessment to IEC62433 series The initial set-up of a guidance Operational Document to describe how the conformity assessment can be handled. To describe the use of testing tools (start of instrument list) and test protocols. Page
12 Industrial Security Protection Levels / Holistic Approach Page
13 Assessment scopes Asset Owner Service Provider System Integrator Operational and maintenance procedures Realized capabilities of the Automation Solution Protection of an installation in operation Assessment of the operational and maintenance policies and procedures of the asset owner incl. people qualification Assessment of the (realized) functional capabilities of the Automation Solution Objective of cybersecurity System Integrator (Service Provider) Policies / procedures System capabilities IECEE WG3 TF2 Capabilities of the system integrator Assessment of the capabilities of a representative instance of an automation solution Assessment of the processes of the system integrator Gives a certain confidence that the system integrator can realize the required functionalities of the automation solution Product supplier System capabilities Product capabilities Development process Capabilities of the products Assessment of the capabilities of products and the systems Assessment of the quality of the development process Gives a certain confidence that the products and systems realize the claimed functionalities and have less vulnerabilities Page
14 Goal of governments Asset Owner Service Provider System Integrator Operational and maintenance procedures Realized capabilities of the Automation Solution Scope of Protection Levels Protection of an installation in operation Assessment of the operational and maintenance policies and procedures of the asset owner incl. people qualification Assessment of the (realized) functional capabilities of the Automation Solution Objective of cybersecurity Improving Critical Infrastructure Cybersecurity, Executive Order NIST Cybersecurity Framework Loi de programmation militaire pour les années 2014 à 2019 ANSSI Cybersécurité pour les systèmes industriels, Mesures détaillées IT Sicherheitsgesetz BSI Bundesamt für Sicherheit der Informationssysteme Commission Proposal for a Directive concerning measures to ensure a high common level of network and information security (NIS) across the Union Goal of the governments: Protection of critical infrastructures Control System Security Center (CSSC) CSS-Base6 Cybersecurity Test Bed Page
15 Basic documents of IEC / ISA are stable enough to be used IEC / ISA General Policies and procedures System Component 1-1 Terminology, concepts and models 1-2 Master glossary of terms and abbreviations 2-1 Requirements for an IACS security management system Ed.2.0 Profile of ISO / Security technologies for IACS 3-2 Security risk assessment and system design 4-1 Product development requirements 4-2 Technical security requirements for IACS products 1-3 System security compliance metrics 2-3 Patch management in the IACS environment 3-3 System security requirements and security levels Approved ISO/IEC can be used till this part is approved 2-4 Requirements for IACS solution suppliers Approved Definitions Metrics Requirements placed on security organization and processes of the plant owner and suppliers Requirements to achieve a secure system Requirements to secure system components *DC: Draft for Comment *IS: International Standard *CDV: Committee Draft for Vote *TR: Technical Report *ID: Initial Draft Functional requirements Processes / procedures Page
16 Process requirements and functional requirements are linked IACS environment / project specific Protection Level Conformance Cluster 1 Protection Level Conformance Cluster 2 Protection Level Conformance Cluster n Related policies and procedures Related policies and procedures Related policies and procedures AO IEC IEC IEC IEC IEC IEC SI Realized capabilities of the Solution Realized capabilities of the Solution Realized capabilities of the Solution PS IEC IEC IEC Page
17 Protection Levels cover security functionalities and processes Assessment of security functionalities Assessment of security processes SL 1 Capability to protect against casual or coincidental violation ML 1 Initial - Process unpredictable, poorly controlled and reactive. SL 2 Capability to protect against intentional violation using simple means with low resources, generic skills and low motivation ML 2 Managed - Process characterized, reactive SL 3 Capability to protect against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation ML 3 Defined - Process characterized, proactive deployment SL 4 Capability to protect against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation ML 4 Optimized - Process measured, controlled and continuously improved Protection Levels Maturity Level Security Level PL 1 PL 2 PL 3 PL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Page
18 Assessment is conducted in 4 steps Conformance Clusters should cover all relevant security dimensions The Protection Level is assessed for each Conformance Cluster Conformance Cluster 1 Conformance Cluster 2 Conformance Cluster 3 Conformance Clusters Conformance Cluster 4 Conformance Cluster 5 PL 1 PL 2 PL 3 PL 4 Protection against casual or coincidental violation Protection against intentional violation using simple means with low resources, generic skills and low motivation Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation Assess Business Risk to determine Criticality Assign Target Protection Levels Assess Protection Levels Achieved Protection Levels Page
19 Process controls and functional requirements provide the framework for an holistic assessment of Protection Levels Protection Level Conformance Cluster 1 Protection Level Conformance Cluster 2 Protection Level Conformance Cluster 3 Protection Level Conformance Cluster 4 Protection Level Conformance Cluster 5 Asset Owner IEC ISO/IEC All controls of IEC / ISO Service Provider IEC All requirements of IEC Automation Solution IEC All requirements of IEC Page
20 Thank you for your attention! Dr. Pierre Kobes Product and Solution Security Officer PD TI ATS TM 2 pierre.kobes@siemens.com siemens.com/industrialsecurity Page
Protection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels
Protection Levels, Holistic Approach Security is about technology, processes and people Policies and procedures Functional security measures Competency A holistic security protection concept has to include
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits February 2018 Copyright
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationIEC A cybersecurity standard approaching the Rail IoT
IEC 62443 A cybersecurity standard approaching the Rail IoT siemens.com/communications-for-transportation Today s Siemens company structure focusing on several businesses Siemens AG Power and Gas (PG)
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationAchilles System Certification (ASC) from GE Digital
Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber
More informationSiemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris September 2018
Siemens view and approach on critical infrastructure resilience against cyberthreats Joint OECD-JRC Workshop, Paris 24-25 September 2018 Unrestricted https://www.siemens.com/press/charter-of-trust Cybersecurity
More informationTITLE: IECEx Cybersecurity Workshop, June 2018, Weimar Report as copy of workshop presentation INTRODUCTION
ExMC/1400/R July 2018 INTERNATIONAL ELECTROTECHNICAL COMMISSION (IEC) SYSTEM FOR CERTIFICATION TO STANDARDS RELATING TO EQUIPMENT FOR USE IN EXPLOSIVE ATMOSPHERES (IECEx SYSTEM) Ex Management Committee,
More informationHvordan kommer man i gang med et Industrial Security-koncept?
Hvordan kommer man i gang med et Industrial Security-koncept? Lars Peter Hansen siemens.com The Cyber Threat Why worry? Danmark står fortsat over for en meget høj cybertrussel, særligt fra fremmede stater.
More informationISA Security Compliance Institute
ISA Security Compliance Institute ISASecure from an Asset Owner s perspective ISA Automation Week 2013 1 ISA Security Compliance Institute Presentation objectives Introduction to ISA/IEC 62443 Standards
More informationCOMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013
COMPASS FOR THE COMPLIANCE WORLD Asia Pacific ICS Security Summit 3 December 2013 THE JOURNEY Why are you going - Mission Where are you going - Goals How will you get there Reg. Stnd. Process How will
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationRole of I&C Conceptual Design in NPP Licensing
Role of I&C Conceptual Design in NPP Licensing RASU Deputy Design Division Director, Head of Subdivision Galivets Eugeniy Moscow October, 2016 Abstract Currently, modern NPP construction projects face
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationConformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:
TECHNICAL SPECIFICATION ISO/IEC TS 17021-6 First edition 2014-12-01 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 6: Competence requirements
More informationISO/IEC ISO/IEC
ISO/IEC 27000 2010 6 3 1. ISO/IEC 27000 ISO/IEC 27000 ISMS ISO IEC ISO/IEC JTC1 SC 27 ISO/IEC 27001 ISO/IEC 27000 ISO/IEC 27001 ISMS requirements ISO/IEC 27000 ISMS overview and vocabulary ISO/IEC 27002
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationPierre Sebellin. Systems Technical Officer International Electrotechnical Commission
Pierre Sebellin Systems Technical Officer International Electrotechnical Commission Introduction IEC is a global organization that publishes consensus-based international Standards and manages Conformity
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationInformation technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011
TECHNICAL REPORT ISO/IEC TR 90006 First edition 2013-11-01 Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011
More informationSecurity in Power System Automation Status and Application of IEC Steffen Fries, Siemens Corporate Technology, June 13 th, 2017
Security in Power System Automation Status and Application of IEC 62351 Steffen Fries, Siemens Corporate Technology, June 13 th, 2017 Operator Integrator Vendor IEC 62351-10 Power Systems Security Architecture
More informationSPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)
BELAC 2-405-ISMS R0 2017 SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001) The only valid versions of the documents
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationPlant Security Services Protecting productivity in the digital era October
Plant Security Services Protecting productivity in the digital era October2017 Restricted www.siemens.com/plant-security-services Internet of (hacked) Things Page 2 Use case - No OT cybersecurity company
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 24762 First edition 2008-02-01 Information technology Security techniques Guidelines for information and communications technology disaster recovery services Technologies
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27006 Second edition 2011-12-01 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems
More informationIECRE Certification for PV Systems
IEC System for Certification to Standards Relating to Equipment for Use in Renewable Energy Applications IECRE Certification for PV Systems Forum on Regional Cooperation: Developing Quality Infrastructure
More informationThe cybersecurity platform for industrial small and medium-sized enterprises (SME) Andreas Harner, Head of
CERT@VDE The cybersecurity platform for industrial small and medium-sized enterprises (SME) Andreas Harner, Head of CERT@VDE What is a Computer Emergency Response Team (CERT)? A CERT (sometimes called
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationInformation technology Service management. Part 10: Concepts and vocabulary
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 20000-10 First edition 2018-09 Information technology Service management Part 10: Concepts and vocabulary Technologies de l'information Gestion
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 27017 First edition 2015-12-15 Information technology Security techniques Code of practice for information security
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationTR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:
TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS Approved By: Chief Executive Officer: Ron Josias Senior Manager: Mpho Phaloane Author: Project Manager:
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 First edition 2008-12-15 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationInformation technology Security techniques Requirements for bodies providing audit and certification of information security management systems
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27006 Third edition 2015-10-01 Information technology Security techniques Requirements for bodies providing audit and certification of information
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationEXIN Specialist in IT Service Management based on ISO/IEC Preparation Guide
EXIN Specialist in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 25064 First edition 2013-09-01 Systems and software engineering Software product Quality Requirements and Evaluation (SQuaRE) Common Industry Format (CIF) for usability:
More informationISA99 Industrial Automation and Controls Systems Security
ISA99 Industrial Automation and Controls Systems Security Standards Certification Education & Training Publishing Conferences & Exhibits Committee Status Update June 2015 June 2015 Copyright ISA 1 Purpose
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationMeasuring the effectiveness of your ISMS implementations based on ISO/IEC 27001
Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001 Information Security Management Systems Guidance series The Information Security Management Systems (ISMS) series of books
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationEXIN Expert in IT Service Management based on ISO/IEC Preparation Guide
EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationMaarten Oosterink for PPA 2010 Delft, Vendor Requirements. Process Control Domain - Security Requirements for Vendors
Maarten Oosterink for PPA 2010 Delft, 11-03-2010 Vendor Requirements Process Control Domain - Security Requirements for Vendors Contents Purpose, Scope and Audience Development process Contents of WIB
More informationTool-Supported Cyber-Risk Assessment
Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationInformation technology Process assessment Concepts and terminology
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 33001 Second edition 2015-03-01 Information technology Process assessment Concepts and terminology Technologies de l information Évaluation
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 27011 Second edition 2016-12-01 Information technology Security techniques Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications
More informationThis document is a preview generated by EVS
TECHNICAL REPORT IEC TR 62443-2-3 Edition 1.0 2015-06 colour inside Security for industrial automation and control systems Part 2-3: Patch management in the IACS environment IEC TR 62443-2-3:2015-06(en)
More informationCyber Security Requirements for Electronic Safety and Security
This document is to provide suggested language to address cyber security elements as they may apply to physical and electronic security projects. Security consultants and specifiers should consider this
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More informationISO/IEC INTERNATIONAL STANDARD. Conformity assessment Requirements for bodies certifying products, processes and services
INTERNATIONAL STANDARD ISO/IEC 17065 First edition 2012-09-15 Conformity assessment Requirements for bodies certifying products, processes and services Évaluation de la conformité Exigences pour les organismes
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 15443-3 First edition 2007-12-15 Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods Technologies de l'information
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationEVALUATING HOW AN OPERATOR HAS EFFECTIVELY IMPLEMENTED CYBER- SECURITY POLICIES TO MANAGE AND ADMINISTER THE SYSTEM. Wurldtech Security Technologies
EVALUATING HOW AN OPERATOR HAS EFFECTIVELY IMPLEMENTED CYBER- SECURITY POLICIES TO MANAGE AND ADMINISTER THE SYSTEM Wurldtech Security Technologies Objectives Discuss how to: Evaluation of effectiveness
More informationISO/IEC Conformity assessment Fundamentals of product certification and guidelines for product certification schemes
INTERNATIONAL STANDARD ISO/IEC 17067 First edition 2013-08-01 Conformity assessment Fundamentals of product certification and guidelines for product certification schemes Évaluation de la conformité Éléments
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 90003 First edition 2004-02-15 Software engineering Guidelines for the application of ISO 9001:2000 to computer software Ingénierie du logiciel Lignes directrices pour l'application
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationSiemens Research Cyber Security
Siemens Research Cyber Security Rainer Falk, Uwe Blöcher November 26 th, 2018 Siemens Corporate Technology Cyber Security is the most important enabler for Digitalization Design & Engineering Automation
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationSecurity Standardization and Regulation An Industry Perspective
Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationSystems and software engineering Information technology project performance benchmarking framework. Part 4:
INTERNATIONAL STANDARD ISO/IEC 29155-4 First edition 2016-10-15 Systems and software engineering Information technology project performance benchmarking framework Part 4: Guidance for data collection and
More informationSecuring Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager
with the IEC 62443-4-2 Standard What You Should Know Vance Chen Product Manager Industry Background As the Industrial IoT (IIoT) continues to expand, more and more devices are being connected to networks.
More informationConsolidation Committee Final Report
Committee Details Date: November 14, 2015 Committee Name: 36.6 : Information Security Program Committee Co- Chairs: Ren Flot; Whitfield Samuel Functional Area: IT Functional Area Coordinator: Phil Ventimiglia
More informationInternational Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions
November 2002 International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management Introduction Frequently Asked Questions The National Institute of Standards and Technology s
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSummary of Contents LIST OF FIGURES LIST OF TABLES
Summary of Contents LIST OF FIGURES LIST OF TABLES PREFACE xvii xix xxi PART 1 BACKGROUND Chapter 1. Introduction 3 Chapter 2. Standards-Makers 21 Chapter 3. Principles of the S2ESC Collection 45 Chapter
More informationIEC TC57 WG15 - Cybersecurity Status & Roadmap
INTERNATIONAL ELECTROTECHNICAL COMMISSION IEC TC57 WG15 - Cybersecurity Status & Roadmap June, 2012 Frances Cleveland Convenor WG15 Mission and Scope of WG15 on Cybersecurity Undertake the development
More informationInformation technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL
Provläsningsexemplar / Preview TECHNICAL REPORT ISO/IEC TR 20000-11 First edition 2015-12-15 Information technology Service management Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationGUIDE 75. Strategic principles for future IEC and ISO standardization in industrial automation. First edition
GUIDE 75 First edition 2006-11 Strategic principles for future IEC and ISO standardization in industrial automation Reference number ISO/IEC GUIDE 75:2006(E) GUIDE 75 First edition 2006-11 Strategic principles
More informationSystems and software engineering Requirements for managers of information for users of systems, software, and services
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC/ IEEE 26511 Second edition 2018-12 Systems and software engineering Requirements for managers of information for
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More information