Back to the Future Cyber Security
|
|
- Marvin Kelley
- 5 years ago
- Views:
Transcription
1 Back to the Future Cyber Security A manifesto for Cyber Security and the Industrial Legacy
2 Introduction Industrial facilities and infrastructure form the core of our economy and society. These advanced facilities require significant investments which need many years to generate return on investment and are build to last for decades. Automation of these facilities and their equipment are part of the modernization since Industry 3.0 and continue to advance with Industry 4.0. Behind this automation are Industrial Control Assets, mostly deeply integrated into the equipment they control. Industrial Control Assets include Programmable Logic Controllers (PLC), micro controllers, industrial modular computer systems (IPC), robot control units, SCADA systems, and various other devices which combine software and hardware to control and automate processes. Cyber Threats are increasingly causing significant damages to companies and organization around the globe. With the increasing connectivity in industrial facilities and infrastructure, the Industrial Control Assets become more exposed to Cyber Threats than ever before, and Cyber Threats continue to become more advanced at a continuously increasing pace. The main focus on Cyber Security is on IT Infrastructure. It is however crucial that Cyber Security for the Industrial Control Assets becomes a top priority for companies and organizations to avoid damages to industrial facilities and infrastructure. This is a 10 points strategy to implement Cyber Security and Cyber Resilience for Industrial Control Assets in industrial facilities and infrastructure.
3 Own and manage Cyber Security for Industrial Control Assets (ICA) at the highest level of the organization. Embrace the principals of the Charter of Trust and implement a matching policy. Create and maintain an ICA inventory, including all devices which connect to a network, are connected to a device which connects to a network, or could be connected to a network. Implement and test a full ICA backup, recovery and Disaster Response Plan. Create appropriate depreciation plans and maintenance budgets for all ICA based on the life cycles of these systems.
4 Allocate sufficient budgets (CAPEX and OPEX) to implement ICA Cyber Security measures as top priority. Schedule (semi-) annual penetration testing of all ICA and ensure implementation of its findings. Implement a semi-annual ICA Cyber Security education plan. Develop Cyber Security standards and procurement requirements for all ICA purchases, projects and maintenance. Ensure Continuous Improvement by focusing on the weakest link in ICA Cyber Security and resolving the issues.
5 Own and manage Cyber Security for Industrial Control Assets (ICA) at the highest level of the organization. Industrial Control Assets are deeply integrated into the equipment and infrastructure controlled by these devices, and in most cases are understandably seen as part of the equipment and infrastructure. With the growing connectivity and digitization of our society, infrastructure and industrial facilities, most of these Industrial Control Assets have gradually been integrated into networked infrastructures to collect data, monitor processes or automate controls. The wind sensors at the airport which are connected to the network and provide important but harmless information, can easily become an critical pawn to attack the airport infrastructure when under the control of hackers. The PLC that controls a melting furnace and can be administered through the network connection can cause serious risks for the operators and damage to the furnace when the wrong instructions are pushed from the network. To recognize the true risk of cyber exposure of the Industrial Control Assets, it is important to change the mindset that Industrial Control Assets are part of the equipment they control. Cyber Security and Cyber Resilience for Industrial Control Assets need to be anchored with the Boards and Executive Leadership of all companies and organizations that own or manage equipment and infrastructure to ensure continuous priority on implementation of adequate protection.
6 Embrace the principals of the Charter of Trust and implement a matching policy. The Charter of Trust, an initiative of Siemens AG, was introduced during the 2018 Munich Security Conference and offers baseline standards for Cyber Security. The Charter of Trust recognizes that the digitalization of our society, factories and infrastructure must evolve hand in hand with Cyber Security. The Charter of Trust offer 10 pragmatic strategic principals and commitments to achieve Cyber Security in the digital and highly connected world. Each company and organization will benefit from embracing these principles and implementing a matching Cyber Security policy. For example, the Charter of Trust requires that companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism. A matching policy would require the selection of suppliers which fulfill this requirement. As the network of partners committing to the Charter of Trust continues to grow, companies and organizations can improve their Cyber Resilience by selecting vendors and service providers which either signed the Charter of Trust as partner, or commit to the principles of the Charter of Trust. Resource: rporate/ cybersecurity/charter-of-trust-e.pdf
7 Create and maintain an ICA inventory, including all devices which connect to a network, are connected to a device which connects to a network, or could be connected to a network. Cyber Security and Cyber Resilience start with a full understanding of the assets which could pose a risk through cyber exposure, followed by regular assessment of their Cyber Exposure and level of Cyber Resilience. In most cases, the Industrial Control Assets are not fully included into the Network Device Inventory and Cyber Security evaluation beyond an initial registration of the assigned IP addresses of the first nodes connected to the network infrastructure. Various Industrial Control Assets provide connectivity options and protocols which go far beyond the IT view of networked connectivity and Cyber Exposure. It is crucial to create and maintain complete Industrial Control Assets inventory by the subject matter experts from the perspective of the available connectivity. This inventory should include all active and inactive connection options, including those physical connections which are used to update programs and settings of the devices. Special attention needs to be paid to those devices which have physical connections without the option to monitor modifications of programs and settings. Regular evaluation of the potential Cyber Exposure and Cyber Threats based on the Industrial Control Asset inventory should lead to setting of priorities to increase Cyber Resilience and Cyber Security.
8 Implement and test a full ICA backup, recovery and Disaster Response Plan. Industrial Control Assets typically consist of hardware, operating system or firmware, software or programs, and settings or recipes. Each of these components contribute to the capabilities to control or monitor the equipment. On the other hand, without either of these components, the Industrial Control Assets cease to be able to perform their functions. Hardware components can be kept in stock or purchased on demand, provided that they are available when required. Even when kept in stock, it is important to monitor future availability to avoid issues once the stocked components are depleted. Unique or shared sets of operating systems, firmwares, software, programs, settings and recipes can by kept on backup infrastructure in the same way this is commonly done with IT Infrastructure. Special attention needs to be paid to programs and settings which are installed through physical connections which have no exposure to the IT Infrastructure. It is crucial to have a detailed Disaster Response Plan available which documents the procedures to restore Industrial Control Assets after breakdown or malicious activities to ensure a rapid return to normal operations. This Disaster Recovery Plan must include not only the technical details, like storage location of the recovery files, but also Safety Instructions for the personnel responsible for the recovery operations.
9 Create appropriate depreciation plans and maintenance budgets for all ICA based on the life cycles of these systems. Most Industrial Control Assets are managed as component of the equipment or infrastructure they are integrated with. This leads commonly to depreciation planning and maintenance budgeting of the Industrial Control Assets based on the expected life cycle of the equipment and infrastructure. The equipment and infrastructure can have life cycles which expand into decades. The life cycles of the Industrial Control Assets on the other hand are significantly shorter, especially from a Cyber Security perspective. Although most Industrial Control Assets are just as reliable as the equipment and infrastructure they control, they still need regular updates, upgrades and patches to keep up with the high pace and advancement of Cyber Threat developments. Vendors and suppliers of Industrial Control Assets set end of support timelines for their products and it is crucial to plan the depreciation and replacement of Industrial Control Assets against these timelines as ultimate maximum lifecycle, even if the devices themselves would still function flawlessly. As soon as updates, upgrades and patches are no longer available there is no opportunity to respond adequately to Cyber Threats and the risk of malicious attacks increases significantly.
10 Allocate sufficient budgets (CAPEX and OPEX) to implement ICA Cyber Security measures as top priority. Industrial Control Assets require appropriate maintenance and Cyber Security activities, which should include at least updating, training, penetration testing and evaluation, and timely replacement of devices which have reached end of life or end of support. In addition these activities could include specialized Cyber Security consultancy services. To avoid restrains in fulfilling these requirements to implement and maintain Cyber Security and Cyber Resilience for the Industrial Control Assets, it is important that these activities are budgeted separately in capital expenditure and operating expenses, or at least separated from the equipment and infrastructure maintenance budgets. When Cyber Security budgets are available for the IT infrastructure, the budgets for Industrial Asset Controls Cyber Security can be brought under the same responsibility to ensure a company or organization wide implementation of appropriate Cyber Security and Cyber Resilience. Special attention needs to be paid when budgeting initial corrective actions in those cases where Industrial Control Assets have exceeded the regular lifecycle. Additional costs can occur when for example existing programs are not compatible with newer versions of equipment, or when additional components need to be replaced for the same reason.
11 Schedule (semi-) annual penetration testing of all ICA and ensure implementation of its findings. With established awareness of Cyber Threats for Industrial Control Assets and the implementation of Cyber Security and Cyber Resilience to protect equipment and infrastructure, the risk of a false sense of safety can easily be established. New and more advanced Cyber Threats arise with increasing pace, and a sense of being fully protected will lead to lack of attention and priority on continuously increasing Cyber Resilience and Cyber Security. As demonstrated in IT, regular professional penetration testing and evaluation of response and recovery plans, are important measures to determine the effectiveness of the current Cyber Security measures and required corrective actions to further increase Cyber Resilience. The most effective method of objectively establishing the real effectiveness of defenses, response and recovery plans is the RED TEAM method. In those cases where regular professional Information Technology infrastructure penetration testing and evaluations are already established, it is recommended to add Industrial Control Asset experts to the team and scope to ensure that adequate expertise about the specific connectivity and protocols is available. Vulnerability findings of such penetration testing and evaluations should be scheduled to be resolved with the highest possible priority. Resource:
12 Implement a semi-annual ICA Cyber Security education plan. The majority of cyber crime is enabled by users of systems and applications. Unawareness and lack of understanding of one s own responsibility are the main contributors to malicious access by criminal hackers. A false understanding that the IT Department is solely responsible for Cyber Security combined with lack of understanding of the risks are the common denominator among user of digitized services and systems, including Industrial Control Assets. Without recurring Cyber Security Education, the users will continue to be the weakest link in all Cyber Security and Cyber Resilience efforts. This applies in the same extend to Industrial Control Assets as it does to Information Technology Infrastructure, especially in the process of digitalization where these segments increasingly become interconnected. Educated personnel will not only understand the do s and don ts, they will also be able to identify unwanted and potentially harmful activities by others. Especially the ability to identify unwanted activities has proven positive impact on Cyber Resilience. Since Cyber Threats continue to develop and become more advanced at a staggering high pace, it is important to regularly repeat Cyber Security Education. This Education should reflect on new developments as well as on implemented methods and standards since the last training sessions.
13 Develop Cyber Security standards and procurement requirements for all ICA purchases, projects and maintenance. The entire Supply Chain of Industrial Control Assets needs to accept the responsibility of ensuring that the minimum requirements of Cyber Security are fulfilled with each purchase, approved project and maintenance activities. This must include green field activities, repairs of existing Industrial Control Assets and retrofitting Cyber Security to the installed base. Purchase Departments validate offers and order based on the available standards and requirements in collaboration with the responsible departments. In the same manner as for example environmental requirements are documented and validated, it is essential that Cyber Security requirements and standards for Industrial Control Assets are documented and validated from offer to order. In the field of Cyber Security, there is no moment in time where standards and requirements will not require to be reviewed and updated according to the last developments of Cyber Threats. It is recommended that requirements and standards for Industrial Control Assets are reviewed at least once per year. In this context it is recommended to adopt the principals of the Charter of Trust into the requirements and standards for procurement of Industrial Control assets and all related services.
14 Ensure Continuous Improvement by focusing on the weakest link in ICA Cyber Security and resolving the issues. The majority of the Cyber Threats are executed around the basics of the digital infrastructure and focus on the weakest link to gain access before aiming at the high prize targets. By infecting the weakest link with malicious software or unauthorized access, the criminal hackers penetrate the lines of defense and work their way up to the real target. The Industrial Control Assets have multiple weaknesses in most manufacturing and infrastructure settings. First weakness most Industrial Control Assets have in common is single line of defense of the network connection which is solely controlled by a firewall for external access to the production network, and therefore becomes a single point of failure once an Industrial Control Asset gets infected or exposed. Another highly common weakness is the lack of active monitoring of modifications and access to Industrial Control Assets, especially the physical connections which allow modifications of settings and programs without network connection. Even though the less critical weakest links might appear to be of lowest priority, they are most likely the most vulnerable to malicious activities. Cyber Resilience can only be achieved by continuously improving the weakest links in the chain of Cyber Security.
15 Contributions and resources: Ludmila Morozova-Buss is an advocate of Systems Thinking and recognized as top influencer for Cyber Security. Ludmila presented the Charter of Trust and its impact on the industry during the 5th Edition of Free and Safe in Cyberspace. Ludmila has a strong background in finance, communication and educational marketing, and advices global enterprises in these fields. The Charter of Trust, an initiative of Siemens AG, was launched during the 2018 Munich Security Conference and offers baseline standards for Cyber Security. Siemens AG and the eight founding partners have been joined by several global vendors and the network continues to grow. orporate/ cybersecurity/charter-of-trust-e.pdf Micah Zenko, author or RED TEAM How to succeed by thinking like the enemy. Micah is a writer, researcher, red team consultant, and Whitehead Senior Fellow at Chatham House. In his book RED TEAM, Micah shows the importance of this very special kind of critical thinking, and the challenges companies and organizations have faced during implementation and execution of Red Team testing.
16 Back to the Future Cyber Security A manifesto for Cyber Security and the Industrial Legacy By info@johannesdrooghaag.com About the author:, promoted in Applied Information Technology, Operations Management and Manufacturing, has a strong background in Industrial Automation, Process Improvement and Cyber Security. Besides various publications on these topics and contributions to the state funded technical research project Revista, Dr. ir Johannes Drooghaag has a long track record of successful implementations, coaching and consulting in Manufacturing, Industrial Automation, Operations Management and Cyber Security.
SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationTotal Cost of Ownership: Benefits of the OpenText Cloud
Total Cost of Ownership: Benefits of the OpenText Cloud OpenText Managed Services in the Cloud delivers on the promise of a digital-first world for businesses of all sizes. This paper examines how organizations
More informationThe Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio
Prompt. Courteous. Knowledgeable. Support you deserve. The Value Of NEONet Cybersecurity Why You Need To Protect Your Private Student Data In Ohio 1 TABLE OF CONTENTS 2 2 2-3 4 5 7 Introduction The Three
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationTotal Cost of Ownership: Benefits of ECM in the OpenText Cloud
Total Cost of Ownership: Benefits of ECM in the OpenText Cloud OpenText Managed Services brings together the power of an enterprise cloud platform with the technical skills and business experience required
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationInformation Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure
Information Infrastructure and Security The value of smart manufacturing begins with a secure and reliable infrastructure The Case for Connection To be competitive, you must be connected. That is why industrial
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationYOUR WEAKEST IT SECURITY LINK?
YOUR WEAKEST IT SECURITY LINK? What are you doing about printer security? An IDC infobrief November 2016 Sponsored by Executive Summary Digital transformation (DX) brought about by 3rd Platform technologies
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationNext Generation Backup: Better ways to deal with rapid data growth and aging tape infrastructures
Next Generation Backup: Better ways to deal with rapid data growth and aging tape infrastructures Next 1 What we see happening today. The amount of data businesses must cope with on a daily basis is getting
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationCisco Secure Ops Solution
Brochure Cisco Secure Ops Solution Cisco Secure Ops Solution supports cyber-security risk management and compliance for industrial automation environments. It is a combination of on premise technology,
More informationBest Practices in ICS Security for System Operators
Best Practices in ICS Security for System Operators Introduction Industrial automation and control systems have become increasingly connected to internal and external networks. This exposure has resulted
More informationABB Process Automation, September 2014
ABB Process Automation, September 2014 ABB Process Automation Services Services that add life to your products, systems and processes September 26, 2014 Slide 1 1 ABB Process Automation Services A proven
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationG7 Bar Associations and Councils
COUNTRY PAPER UNITED STATES G7 Bar Associations and Councils SEPTEMBER 14, 2017 ROME, ITALY The American Bar Association P R E F A C E As we have witnessed, cyber terrorism is an extremely serious threat
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationBuilding cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security
Building cyber resilience into our railway s DNA Matthew Simpson Technical Director, Cyber Security Building cyber resilience into our railway s DNA As we move into the age of the digital railway, retro-fixing
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationDisaster Management and Security Solutions to Usher in the IoT Era
Disaster Management and Solutions for a Safe and Secure Way of Life Overview Disaster Management and Solutions to Usher in the IoT Era Takeshi Miyao Toshihiko Nakano, Ph.D. 1. The Bright and Dark Sides
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationEffective: 12/31/17 Last Revised: 8/28/17. Responsible University Administrator: Vice Chancellor for Information Services & CIO
Effective: 12/31/17 Last Revised: 8/28/17 Responsible University Administrator: Vice Chancellor for Information Services & CIO Responsible University Office: Information Technology Services Policy Contact:
More informationThe UNISDR Private Sector Alliance for Disaster Resilient Societies
The UNISDR Private Sector Alliance for Disaster Resilient Societies Sandra Amlang United Nations Office for Disaster Risk Reduction (UNISDR) Regional Office- the Americas. 24 August 2017 Increase in Frequency
More informationBuilding UAE s cyber security resilience through effective use of technology, processes and the local people.
WHITEPAPER Security Requirement WE HAVE THE IN-HOUSE DEPTH AND BREATH OF INFORMATION AND CYBER SECURIT About Us CyberGate Defense (CGD) is a solution provider for the full spectrum of Cyber Security Defenses
More informationLifecycle Performance Care Services. Bulletin 43D02A00-04EN
Performance Care Services Bulletin 43D02A00-04EN As your trusted partner, Yokogawa is always with you to address your concerns whether recognized or hidden. Performance Care Services offer a complete service
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationManager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre
IDENTIFICATION Department Position Title Infrastructure Manager, Infrastructure Services Position Number Community Division/Region 32-11488 Yellowknife Technology Service Centre PURPOSE OF THE POSITION
More informationDesignated Cyber Security Protection Solution for Medical Devices
Designated Cyber Security Protection Solution for Medical s The Challenge Types of Cyber Attacks Against In recent years, cyber threats have become Medical s increasingly sophisticated in terms of attack
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationCybersecurity Vulnerabilities and Process Frameworks for Oil and Gas
Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas Presentation to WVONGA Jack L. Shaffer, Jr. Business Transformation Director vcio/ vciso 2017 Cybersecurity in the news Ransomware Wanacry,
More informationCyber Security Congress 2017
Cyber Security Congress 2017 A rich agenda covering both technical and management matters with targeted presentations and hands on workshops. Day 1 Conference Morning Session 8.30 9.00 Registration & Coffee
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationAn ICS Whitepaper Choosing the Right Security Assessment
Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available
More informationFeatured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure
Hitachi Review Vol. 65 (2016), No. 8 337 Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure Toshihiko Nakano, Ph.D. Takeshi Onodera Tadashi Kamiwaki
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationTHE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK
THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step
More informationContinuous Monitoring and Incident Response
Continuous Monitoring and Incident Response Developing robust cyber continuous monitoring and incident response capabilities is mission critical to energy-related operations in today s digital age. As
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationMaking the most of DCIM. Get to know your data center inside out
Making the most of DCIM Get to know your data center inside out What is DCIM? Data Center Infrastructure Management (DCIM) is the discipline of managing the physical infrastructure of a data center and
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationM a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness
M a d Take control of your digital security Advisory & Audit Security Testing Certification Services Training & Awareness Safeguarding digital security is a profession The digitalisation of our society
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationBuild Your Zero Trust Security Strategy With Microsegmentation
Why Digital Businesses Need A Granular Network Segmentation Approach GET STARTED Overview The idea of a secure network perimeter is dead. As companies rapidly scale their digital capabilities to deliver
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationItu regional workshop
Itu regional workshop "Key Aspects of Cybersecurity in the Context of Internet of Things (IoT) Natalia SPINU 18 September, 2017 Tashkent, Uzbekistan AGENDA 1. INTRODUCTI ON 2. Moldovan public policy on
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More information3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity
3 Ways Businesses Use Network Virtualization A Faster Path to Improved Security, Automated IT, and App Continuity INTRODUCTION 2 Today s IT Environments Are Demanding Technology has made exciting leaps
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationPREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation
PREPARE & PREVENT The SD Comprehensive Cybersecurity Portfolio for Business Aviation SD CYBERSECURITY SERVICES At SD, security isn t a slogan, it is our culture. Just because you are in a business jet
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
More informationImplementation Strategy for Cybersecurity Workshop ITU 2016
Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren Intricacies and interdependencies cyber policies must address potential
More information