Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018
|
|
- Kenneth Austin
- 6 years ago
- Views:
Transcription
1 Indegy Industrial Cyber Security ISA New Orleans Section Applying the NIST Framework February 6, 2018
2 Agenda 1. Introductions 2. Indegy Background 3. NIST Background and History with ICS 4. What is the NIST Cybersecurity Framework? 5. How does Indegy Support Implementation of the Framework? 6. Wrap-up
3 Indegy Industrial Cyber Security Founded 2014 Customers Pharma, Energy, Water, Automotive, Chemicals, F&B Investors Shlomo Kramer Gen. David Petraeus, Vertex, Magma, Aspect, SBI Holdings Locations HQ New York R&D - Israel Barak Perelman Co-Founder, CEO Stratoscale, IDF, Talpiot Mille Gandelsman Co-Founder, CTO Stratoscale, IDF, Talpiot Ido Trivizki Co-Founder, VP R&D Stratoscale, IDF, Talpiot Dana Tamir VP Marketing Trusteer, Imperva, Symantec Gaby Koren VP Americas Panaya, Radvision, NICE
4 Indegy protects against operational disruptions caused by cyber threats, malicious insiders and human error, by providing visibility and control to industrial networks.
5 Major Incidents Stuxnet (2010) Destroyed 20% of Iran's nuclear centrifuges German Steel Plant Cyber Attack (2014) Second physical damage cyber attack reported in history Dragonfly / BlackEnergy (2014) Over 250 ICS networks (Energy, Pharma, etc.) compromised New York Water Dam (2015) Iranian hackers managing to get control of the flood gates Crashoveride / Industroyer (2016) Ukraine Power Grid blackout as an act of Russian aggression Dragonfly 2.0 / APT targeting Energy and more (2017) Wide range campaign targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors
6 Threats to Industrial Control Systems Cyber Attacks (External Threats) Targeted attacks Collateral damage Malicious Insiders (Insider Threat) Disgruntled employees Compromised IT devices Human Error and Negligence Unintentional mistakes Unsecure contractor equipment on site
7 The risk to ICS Systems 50% of global industrial companies suffered 1-5 security incidents in 2016 (Infosecurity Magazine) 61% of O&G ICS network s visibility and security is inadequate (Security Magazine) #1 Asset Inventory in the priority check list of gaps in ICS environments (SANS July 2017)
8 ICS Infrastructures are Everywhere Oil & Gas Manufacturing Power & Energy Transportation Water SCADA and HMI Control Center Building Management & Automation
9 Low Impact ICS Product Examples: Non hazardous materials or products, Non-ingested consumer products Industry Examples: Plastic Injection Molding, Warehouse Applications Security Concerns: Protecting people, Capital investment, Ensuring uptime Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
10 Moderate Impact ICS Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information Industry Examples: Automotive Metal Industries, Pulp & Paper, Semiconductors Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
11 High Impact ICS Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products Industry Examples: Utilities, Petrochemical, Food & Beverage, Pharmaceutical Security Concerns: Protecting human life, Ensuring basic social services, Protecting environment Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
12 Major ICS Security Objectives Deploy security solution based on potential impact Not a one size fits all solution Continuous monitoring Security is not a once and done exercise Continuously monitor risk Continuously monitor threats Continuously monitor and mitigate vulnerabilities Continuously monitor system boundaries Continuously monitor ingress and egress traffic Continuously update security controls Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
13 NIST Cybersecurity Framework Components Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
14 Framework Core - Cybersecurity Framework Component Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
15 Cybersecurity Framework Core Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
16 Bridging the Gap How Indegy Enables NIST Adherence Function: Identify Category: Asset Management Subcategory: ID.AM-1
17 identify Identify (ID) example from Indegy White Paper
18 identify Understand what needs to be protected Automated Asset Discovery, Classification and Management Configuration Monitoring
19 Protect Protect (PR) - example
20 Protect Continuously monitor access and changes Real-time Monitoring A comprehensive audit trail Periodic integrity checks Reconnaissance detection
21 Detect Detect (DE) - example
22 Detect Assess risk to ICS assets & network segments Assess risk to ICS assets and network segments Support mitigation efforts
23 Respond Respond (RS) - example
24 Respond Enforce policies, Get real-time alerts Granular policies for detecting anomalies and unauthorized activities
25 Recover Recover (RC) - example
26 Recover - Confidential - Recover - Enabled via Aggregated Snapshots Aggregation of Snapshots into timeline of code versions in controllers
27 A Continuous Process for Securing ICS Can you effectively manage and respond to events? Understand What Needs to be Protected 4 Enforce Policies, 1 Get Real-time Alerts Indegy 2 Assess Risk to Devices and Networks Continuously Monitor Access and Changes 3 Without visibility you can t have security
28 Indegy Industrial Cyber Security Questions/Comments? Gaby Koren Matt Petrauskas Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity and reliability.
29 Appendix References and works cited: Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL
30 - Confidential -
31
Indegy. Industrial Cyber Security. Matt Petrauskas Regional Director.
Indegy Industrial Cyber Security Matt Petrauskas Regional Director mpetrauskas@indegy.com Discussion Focus Unveiling Security Gaps in Industrial Control Networks About the Presenter Matt Petrauskas 33
More informationCybersecurity Framework Manufacturing Profile
Cybersecurity Framework Manufacturing Profile Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST National Institute of Standards and Technology (NIST) NIST
More informationIndegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack
Indegy Industrial Cyber Security The Anatomy of an Industrial Cyber Attack Today s Presenter Eliminating Security Blindspots in SCADA and Control Networks Presented By: Dana Tamir, VP Marketing, Indegy
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationABB Process Automation, September 2014
ABB Process Automation, September 2014 ABB Process Automation Services Services that add life to your products, systems and processes September 26, 2014 Slide 1 1 ABB Process Automation Services A proven
More informationABB Ability Cyber Security Services Protection against cyber threats takes ability
ABB Ability Cyber Security Services Protection against cyber threats takes ability In today s business environment, cyber security is critical for ensuring reliability of automation and control systems.
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationIndustrial Control System Cyber Security
Industrial Control System Cyber Security Disaster Recovery Information Exchange Bruce Tyson June 28, 2017 Lunch and Learn Introduction Bruce Tyson is a certified engineering technologist (CET Telecommunications
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationAcalvio Deception and the NIST Cybersecurity Framework 1.1
Acalvio Deception and the NIST Cybersecurity Framework 1.1 June 2018 The Framework enables organizations regardless of size, degree of cybersecurity risk, or cybersecurity sophistication to apply the principles
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationBonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology
Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationIn the wrong hands it s an open invitation
In the wrong hands it s an open invitation If someone takes over your control system infrastructure it could prove fatal Control systems are indispensable for a number of industrial processes and are lucrative
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More informationFERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5]
FERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5] Presentation Goals Provide a clear distinction between the intent of FERC cyber security and NERC CIP cyber security Discuss opportunities
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationCyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012
Cyber Security Update Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Agenda Timeline Regulatory / Compliance Environment Smart Grid Threats
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCybersecurity Dimension of Critical Infrastructure
Cybersecurity Dimension of Critical Infrastructure Views expressed in this presentation are the authors and do not represent the official view of any institution he is affiliated with. ESReDA 52 Seminar,
More informationCyber Security What Do I Need to Do Now?
Cyber Security What Do I Need to Do Now? PA AWWA 2016 Annual Conference Thursday, May 12, 2016 2:45 3:15 PM Presented by Dick McDonnell Authored by Jeff M. Miller, PE, ENV SP WARNING! Schneider Electric
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More informationCybersecurity for Product Lifecycle Management A Research Roadmap
Cybersecurity for Product Lifecycle Management A Research Roadmap Elisa Bertino CS Department, CERIAS, and Cyber Center PLM Center Fellow Purdue University Cyber Center Why is Security Challenging in
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationIEC A cybersecurity standard approaching the Rail IoT
IEC 62443 A cybersecurity standard approaching the Rail IoT siemens.com/communications-for-transportation Today s Siemens company structure focusing on several businesses Siemens AG Power and Gas (PG)
More informationDepartment of Defense Cybersecurity Requirements: What Businesses Need to Know?
Department of Defense Cybersecurity Requirements: What Businesses Need to Know? Why is Cybersecurity important to the Department of Defense? Today, more than ever, the Department of Defense (DoD) relies
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationCybersecurity. Sarabjit Purewal Principal Specialist Inspector BSc ACGI PGDip CEng MIET. Humber Chemical Focus Group 21 July 2016
Health and and Safety Executive Cybersecurity Sarabjit Purewal Principal Specialist Inspector BSc ACGI PGDip CEng MIET Humber Chemical Focus Group 21 July 2016 Crown July 2016 What we will cover Why cybersecurity
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationCyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016
Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility
More informationThe Road to Industry 4.0
The Road to Industry 4.0 Secure remote access and active cyber protection for industrial machinery Hamburg, May 22, 2017 Fabian Bahr G+D Group Business Units and Divisions G+D Mobile Security Financial
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationContinuous Monitoring
Continuous Monitoring A New Approach To Secure Critical Infrastructure Jasvir Gill Founder & CEO, AlertEnterprise, Inc. October 20, 2011 Security Incidents Keep Growing Combination of Cyber And Physical
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationWorld Energy Perspectives 2016
World Energy Perspectives 2016 EXECUTIVE SUMMARY IN PARTNERSHIP WITH MARSH & MCLENNAN COMPANIES AND SWISS RE CORPORATE SOLUTIONS THE ROAD TO RESILIENCE MANAGING CYBER RISKS Greater resilience to cyber
More informationIntroducing the 9202-ETS MTL Tofino industrial Ethernet security appliance
Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance HAKIM- Sales Engineer 1 Cybersecurity of valuable assets and processes in a wide range of industry verticals, such as: Oil & Gas
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationMANAGING CYBER RISKS ACROSS THE SOFTWARE SUPPLY CHAIN
MANAGING CYBER RISKS ACROSS THE SOFTWARE SUPPLY CHAIN Managing Cyber Risks Across the Software Supply Chain The widespread deployment of advanced data communications technologies is a vital factor in today
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationFramework for Improving Critical Infrastructure Cybersecurity
1 Framework for Improving Critical Infrastructure Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Dean Bickerton ISA New Orleans April 5, 2016 A Brief Commercial
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationCYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE
CYBER RISK AND SHIPS :PRACTICAL ISSUES FOLLOWING BIMCO GUIDELINE Yohan Le Gonidec, head of Shipowner support department, TECNITAS (subsidiary BUREAU VERITAS) 1 AGENDA 2 Introduction 1- Cyber incidents
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationHOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands
HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands HOW SAFE IS YOUR DATA? 16 November 2017 kpmg.ky Agenda Introduction Cyber Security presentation Q&A 3 Why this presentation? 4 The CIA Triad
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationHow to Align with the NIST Cybersecurity Framework
How to Align with the NIST Cybersecurity Framework 1 Title Table of Contents Identify (ID) 4 Protect (PR) 5 Detect (DE) 6 Respond (RS) 7 Recover (RC) 8 visibility detection control 2 SilentDefense Facilitates
More informationCybersecurity Vulnerabilities and Process Frameworks for Oil and Gas
Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas Presentation to WVONGA Jack L. Shaffer, Jr. Business Transformation Director vcio/ vciso 2017 Cybersecurity in the news Ransomware Wanacry,
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationCritical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016
Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange Dennis Denham Ssempereza - CISA, CISM, CRISC August 16, 2016 About me! Involved in Risk Management and Security
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationCLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS
National Cybersecurity and Communications Integration Center (NCCIC) Hunt and Incident Response Team (HIRT) CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS Jonathan
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationNIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation
NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation Automating Cybersecurity Framework Technical Controls with Tenable SecurityCenter Continuous View February
More informationMultistage Cyber-physical Attack and SCADA Intrusion Detection
Multistage Cyber-physical Attack and SCADA Intrusion Detection Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Belfast, 26 th August, 2016 Kieran McLaughlin, BooJoong
More informationEnergy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013
+ Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013 Jeffrey R. Pillon, Director, Energy Assurance Programs National Association of State
More information