Approaches and Tools to Quantifying Facility Security Risk. Steve Fogarty, CSO
|
|
- Dominic Newton
- 5 years ago
- Views:
Transcription
1 Approaches and Tools to Quantifying Facility Security Risk Steve Fogarty, CSO
2 ARES Security Corporation ARES is a high-performing Technology Solutions provider with more than 20 offices around the world. Certified and accredited products that have performed by identifying over $5M in cost avoidance for multiple users Product management that supports over 200 accounts with more than 4,500 users worldwide Product development that is CMMI Level 3 certified Aggressive roadmap supported by over $1M in yearly IRAD Extensive multi-industry perspective 2
3 ARES provides technology to Protect the Worlds Most Critical Assets. DECISION SUPPORT SOFTWARE for assessing threats and vulnerabilities while optimizing security budgets INTERACTIVE TRAINING SIMULATOR without the expense, site disruption, danger, or potential security concerns of conventional training ADVANCED CYBER security analysis to identify vulnerabilities and threats earlier and provide a better response to attacks ENHANCED SITUATIONAL AWARENESS and sensor correlation to better manage response and operations. 3
4 Computer-based Modeling & Simulation for Security Security Modeling Security Simulation Facility Characterization Site Layout Infrastructure Security layers Elevation / Terrain Barrier Systems Perimeter structure Barriers Delay systems Detection Systems Sensors & cameras Command / control Communications Response Force Patrol & response Capabilities Training Analysis of Alternatives Define Scenario Threat capabilities Targets Site Conditions Sensitivity (counterfactual) Analysis Constructive Simulation Attack planning or vulnerability Overall system response to attack Determine KPIs: system effectiveness, detections, interruption, neutralization Virtual Simulation Response of real and virtual agents to scenario Compare human response to anticipated/optimal response Determine KPIs: exposure and response time, neutralization given response Decision Metrics Baseline Option A Option B Option C Effectiveness Cost 4
5 Facility Characterization: Model Building Virtual Model Expectations 3D geometric representation (i.e., solid model) of the exterior of the facility as well as interiors of critical areas such as reactor building and fuel storage. Realistic visual representation overlayed (i.e., textured ) on geometric representation 3D Solid Model Textured Model
6 Facility Characterization: Security Laydown Expectations Those entering security configuration data (both technology and personnel) into the model are typically different than those that built the model geometry/texturing. Knowledge and expertise resides within the security professionals at the site, so they are ideally suited to provide the laydown of the security Tools should provide straightforward user interface with guided steps for common activities (e.g., wizards). Easiest if quantification/simulation engine connects directly to the tools used for laydown
7 System Performance Data Tool(s) leverage performance data from NRC, DOE, and DoD to assess the system effectiveness of physical protection at their facilities Library of performance data for protective measures used at nuclear facilities Performance data includes: terrains, detection tools, vehicles/platforms, weapons, barrier systems, environmental conditions, armor, equipment, security access, etc. 7
8 Perform Evaluation Provides a more consistent and systematic approach to define an adversary s attack Attack plan analysis considers site layout (terrain, detection, delay, response), adversary starting point, target set, and strategy (detection, firepower, speed) Remove subjectivity (e.g., time to breach) Consistently identifies new vulnerabilities Simulate numerous (100s to 1000s) attacks, each simulation is equivalent to a table-top drill or force-on-force exercise Monte Carlo techniques Combat simulation uses Ph/Pk Explicit treatment of detection, interruption, and neutralization Simulations use an adaptive adversary which may alter its attack paths based on circumstances 8
9 History of AVERT In the late 1990s the Defense Threat Reduction Agency led large scale PRAs for peacetime nuclear operations. These assessments used many of the same PRA techniques known as Weapon System Safety Assessments (WSSAs) initially developed and implemented for the commercial nuclear power industry. Focused on the accident-induced risk of nuclear material dispersal. Although it was recognized at the time that radiological dispersal could be initiated by intentional acts (e.g., terrorism), the tools to quantify such risk did not exist for these events as they did for accident (i.e., safety) events. This led to the DoD initiating funding under their Small Business Innovation Research program to evaluate methods for quantifying risks of intentional acts. The AVERT tool was initially developed under the three phases of this Small Business Innovation Research funding from DoD. Tool was fully commercialized in 2007 with significant R&D since that time.
10 AVERT - What can happen (i.e., What can go wrong)? Early development of the tool was focused on a predictive method for determining adversary attack plans (i.e., vulnerabilities). These attack plans are analogous to accident sequences used in traditional commercial nuclear PRAs Key difference is that typical event sequence models for safety are static and based upon expertise needed to determine possible states. The adaptive and thinking nature of an adversary made traditional PRA approaches inappropriate for this portion of the risk assessment. The unique approach created focuses on general adversary strategies to automatically predict how the security system could be defeated. Used either individually or in combinations, the factors in these strategies include the adversaries desire to: 1. proceed to their objective(s) as quickly as possible 2. minimize probability of detection by the security system 3. avoid fire from the opposing security force. A critical element of this process is the characterization of all aspects of the security system to include both security technology and security personnel.
11 AVERT - How likely is it that, that will happen? Determining the likelihood of an attack for each of the previously determined attack plans. The biggest hurdle in this problem is finding a method to justify the frequency of attack by the adversary. Data to justify such estimates are generally scarce, and just as we begin to utilize such data, the adversary is likely to adapt so as to invalidate any estimate. Fortunately, we do find an excellent application of quantitative risk techniques toward the remainder of likelihood calculations. In addition to attack frequency, our second risk question also requires an understanding of whether the security system can successfully neutralize such an attack (Pe), thereby preventing the adversary from accomplishing their objective.
12 AVERT - How likely is it that, that will happen? (contd.) AVERT s architecture contains a simulation engine that can virtually attack the facility along each of the previously determined attack plans. In this way, the system performance can be evaluated as a whole and the system s effectiveness determined simply by dividing the number of attacks where the system succeeded at stopping the adversary, by the total number of simulated attacks. One key consideration is replicating the adversaries or security force s ability to adapt to the situation on the ground as an attack plays out. The previously algorithm used in the attack planning phase is adjusted to allow adversaries and security forces to begin the simulation with a plan, but also let them deviate or adapt as desired. The flexibility and dynamic nature of this adaptation has proven to be a primary reason why the DoD and DOE have implemented AVERT for their nuclear facilities.
13 AVERT - If it does happen, what are the consequences? Historically, nuclear reactor safety risk assessments focus on answering only the first two questions in the triplet risk definition. These Level 1 PRAs, have the risk of core damage as the focus. Regulations and guidance for security align well with these safety PRAs in that they also require prevention of core or spent fuel damage. AVERT s focus is on assisting with risk decisions for the security professional who designs, maintains, and operates the security system and therefore, the risk calculation in AVERT is geared to cover those risks that a licensee can control. If a determination of consequence is desired beyond spent fuel or core damage, the same techniques utilized in Level 2 and 3 reactor safety PRAs can be directly applied.
14 Computer-based Modeling & Simulation for Security Security Modeling Security Simulation Facility Characterization Site Layout Infrastructure Security layers Elevation / Terrain Barrier Systems Perimeter structure Barriers Delay systems Detection Systems Sensors & cameras Command / control Communications Response Force Patrol & response Capabilities Training Analysis of Alternatives Define Scenario Threat capabilities Targets Site Conditions Sensitivity (counterfactual) Analysis Constructive Simulation Attack planning or vulnerability Overall system response to attack Determine KPIs: system effectiveness, detections, interruption, neutralization Virtual Simulation Response of real and virtual agents to scenario Compare human response to anticipated/optimal response Determine KPIs: exposure and response time, neutralization given response Decision Metrics Baseline Option A Option B Option C Effectiveness Cost 14
15 Rapidly Produce Charts, Graphs & Visuals Rapidly produce powerful visualizations of pathways and points of breach, detection, neutralization and charts on detection, neutralization Graphs on Detection, Interruption, Neutralization over time and distance Compare points of neutralization 22 Nov 2013 Plot results over heat maps that show the fields of fire View shots taken during exercise 15
16 Visualization of Results: Weapon LOS Heat Maps
17 Visualization of Results (contd.) Model Visualization: New design changes Determine tower height for new camera that minimizes cable run length but ensures visibility of area Easy visual access to areas of nuclear facility where access is difficult due to safety or security reasons. Simulation Visualization Diagnostic tool for M&S validation Once scenarios of particular interest have been identified (via performance or risk assessment), they can be replayed in 3D using high-fidelity simulators Visualization is Key For Communicating The Benefits Of M&S To The Organization. 17
18 How to make tools that work for the community Vendors need feedback to ensure M&S tools are meeting the needs Operators need to select tools that have undergone verification and validation testing for their intended purpose Operators needs tools that are matched to the skills of their staff Otherwise M&S will remain only in the domain of specialized external consultants
19 Summary There has been a significant leap forward in simulation capability Accredited and proven solution for nuclear security Targeted to the needs and capabilities of the facility security user Well suited for analysis of alternatives and what-if analyses. Can create very realistic simulations that represent a facility including situations that are not practical to do live Metrics of overall performance of the security system as well as risk drivers, maximize benefit
How AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationTransportation Security Risk Assessment
Transportation Security Risk Assessment Presented to: Nuclear Waste Technical Review Board Presented by: Nancy Slater Thompson Office of National Transportation October 13, 2004 Salt Lake City, Utah Introduction
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationDepartment of Homeland Security
Department of Homeland Security Science & Technology Directorate Emergency Preparedness & Response Christopher Doyle Deputy Program Director A Roadmap for Integrated Modeling & Simulation for Emergency
More informationCritical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security
Critical Infrastructure Security Vulnerability Assessment A New Approach Norman Bird - Senior Technical Lead - Nuclear Security Critical Infrastructure Protection and Resilience Europe (CIPRE) Securing
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationSecurity in a Converging IT/OT World
Security in a Converging IT/OT World Introduction Around the winter solstice, darkness comes early to the citizens of Ukraine. On December 23, 2015, it came a little earlier than normal. In mid-afternoon,
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationIllinois Cyber Navigator Program
Illinois Cyber Navigator Program Illinois State Board of Elections PA 100-0587 (10 ILCS 5/1A-55) Sec. 1A-55. Cyber security efforts. The State Board of Elections shall provide by rule, after at least 2
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationUNCLASSIFIED. R-1 ITEM NOMENCLATURE PE D8Z: Data to Decisions Advanced Technology FY 2012 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2012 Office of Secretary Of Defense DATE: February 2011 BA 3: Advanced Development (ATD) COST ($ in Millions) FY 2010 FY 2011 Base OCO Total FY 2013 FY
More informationAn Update on Security and Emergency Preparedness Standards for Utilities
An Update on Security and Emergency Preparedness Standards for Utilities Linda P. Warren, Launch! Consulting Safety and Security in the Workplace March 28, 2013 Overview 1 Review of AWWA Standards in Water
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL
ELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL ENGINEERING SYSTEMS INTEGRATION ELECTRONIC DATA MANAGEMENT PROJECT
More informationExecutive summary. by Michel Bonnet, Maximilien Laforge, and Jean-Baptiste Samuel
998-2095-02-21-14AR0 by Michel Bonnet, Maximilien Laforge, and Jean-Baptiste Samuel Executive summary Improper integration of Intelligent Electronic Devices (IED) into medium / high voltage electrical
More informationImpact of Enterprise Security Risk Assessments on Integrators & Manufacturers. J. Kelly Stewart Steve Oplinger James Marcella
Impact of Enterprise Security Risk Assessments on Integrators & Manufacturers J. Kelly Stewart Steve Oplinger James Marcella 1 Session Description What exactly does a risk assessment mean to the integrator
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationRobert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group
Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing
More informationPATHWAYS TO INNOVATION IN DISASTER RISK MANAGEMENT. Paolo Venturoni CEO European Organisation For Security 4 th June 2018
PATHWAYS TO INNOVATION IN DISASTER RISK MANAGEMENT Paolo Venturoni CEO European Organisation For Security 4 th June 2018 1 What is EOS The European Organisation for Security (EOS) is the voice of the European
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationSecuring Data Centers: The Human Element
Securing Data Centers: The Human Element Michael Rozin Zvi Kremer April 12, 2018 Perpetrators, Threat Actors Security Personnel Targets, Enablers Securing Data Centers: The Threat Verizon London, Dec 6,
More informationCompliance with ISPS and The Maritime Transportation Security Act of 2002
Mr. Melchor Becena Security Administrator Port Everglades SecurePort Conference Miami, Florida 25-27 27 February, 2004 Compliance with ISPS and The Maritime Transportation Security Act of 2002 Overview
More informationwhitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk
whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk Assure the board your company won t be the next data breach Introduction A solid vulnerability management program is critical
More informationFuture Grid Initiative Technology Challenges in Designing the Future Grid to Enable Sustainable Energy Systems
Future Grid Initiative Technology Challenges in Designing the Future Grid to Enable Sustainable Energy Systems Vijay Vittal Director, Power Systems Engineering Research Center Ira A. Fulton Chair Professor,
More informationChapter 1. Chapter 2. Chapter 3
Contents Preface ix Chapter 1 Terrorism 1 Terrorism in General 2 Definition of Terrorism 3 Why Choose Terrorism 4 Goals of Terrorists 5 Selection of Targets and Timing of Attacks 6 Perpetrators 7 Weapons
More informationInstrumentation, Controls, and Automation - Program 68
Instrumentation, Controls, and Automation - Program 68 Program Description Program Overview Power generators need to improve their ability to detect damage to plant equipment while preserving the focus
More informationNuclear Power Plant Security
Nuclear Power Plant Security Plant Security s Primary Mission Nuclear Plant Safety and Security All plants have comprehensive measures for safety and security Comprehensive emergency and security plans
More informationA Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.
A Practical Guide to Avoiding Disasters in Mission-Critical Facilities Todd Bermont What is a Disaster? An event that can unexpectedly impact the continuity of your business Anything that injures or has
More informationCERT C++ COMPLIANCE ENFORCEMENT
CERT C++ COMPLIANCE ENFORCEMENT AUTOMATED SOURCE CODE ANALYSIS TO MAINTAIN COMPLIANCE SIMPLIFY AND STREAMLINE CERT C++ COMPLIANCE The CERT C++ compliance module reports on dataflow problems, software defects,
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationImproved Situational Awareness with OSIsoft PI for the U.S. Nuclear Regulatory Commission (NRC)
Improved Situational Awareness with OSIsoft PI for the U.S. Nuclear Regulatory Commission (NRC) Matt McDonald, Vice President April 16, 2015 Agenda About PPC Story of the project OSIsoft PI Solution for
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More informationTHE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS
THE WHITE HOUSE Office of the Press Secretary EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More informationA Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist
A Survival Guide to Continuity of Operations David B. Little Senior Principal Product Specialist Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationNRC INSPECTION MANUAL MANUAL CHAPTER 0609
NRC INSPECTION MANUAL MANUAL CHAPTER 0609 IPAB SIGNIFICANCE DETERMINATION PROCESS 0609-01 PURPOSE The Significance Determination Process (SDP) uses risk insights, where appropriate, to help NRC inspectors
More informationALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT
THOUGHT PIECE ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT Brad Stone Vice President Stone_Brad@bah.com Brian Hogbin Distinguished Technologist Hogbin_Brian@bah.com
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationIntegrated Consortium of Laboratory Networks (ICLN) Brief to the NPDN National Meeting
Integrated Consortium of Laboratory Networks (ICLN) Brief to the NPDN National Meeting January 30, 2007 1 Agenda ICLN Background Information Network Coordinating Group Accomplishments Responsible Federal
More informationSTANDARD ELECTRIC UNIVERSITY
STANDARD ELECTRIC UNIVERSITY Technical Classes Catalog 2018 Bringing YOU the training you asked for! WHAT? Standard Electric Supply Co. offers numerous training opportunities to keep our customers as up-todate
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationIf you were under cyber attack would you ever know?
If you were under cyber attack would you ever know? EY and Los Alamos National Laboratory introduce a shift in cybersecurity strategy and bring behavioral analytics inside Asking behavioral questions inside
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationHow To Reduce the IT Budget and Still Keep the Lights On
How To Reduce the IT Budget and Still Keep the Lights On By Charles Williams and John Carnegie CIOs are now more challenged than ever to demonstrate mature financial management disciplines, greater transparency,
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationChemical Facility Anti- Terrorism Standards
SATA Presentation Regarding Chemical Facility Anti- Terrorism Standards Joe Hartline, CHMM Rindt-McDuff Associates Marietta, Georgia October 6, 2007 Presentation Outline Introduction Rule Requirements
More informationReachback: A Crucial Cross-cutting Element of Nuclear Security Detection Architecture
Reachback: A Crucial Cross-cutting Element of Nuclear Security Detection Architecture Harri Toivonen HT Nuclear Ltd, Finland Magic Maggiore, Technical Reachback Workshop, EC/JRC/ERNCIP and GICNT ISPRA,
More informationBoundary Security. Innovative Planning Solutions. Analysis Planning Design. criterra Technology
Boundary Security Analysis Planning Design Innovative Planning Solutions criterra Technology Setting the new standard DEFENSOFT - A Global Leader in Boundary Security Planning Threats, illegal immigration
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($
More informationCyber Security Requirements for Supply Chain. June 17, 2015
Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think
More informationCritical Infrastructure Resilience
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationA HOLISTIC APPROACH DRIVING BETTER OUTCOMES.
Bently Nevada Condition Monitoring Product Line A HOLISTIC APPROACH DRIVING BETTER OUTCOMES. bhge.com IT S NOT JUST A SOLUTION, IT S A PARTNERSHIP Baker Hughes, a GE company, is committed to helping you
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationIP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice
IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice IP Risk Assessment & Loss Prevention Often when organizations are expanding rapidly, they do not give sufficient
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationThe contribution of ETSON to improved emergency preparedness in the light of the Fukushima NPS accident
The contribution of ETSON to improved emergency preparedness in the light of the Fukushima NPS accident F.-P. Weiss (GRS) A. Kerner (GRS), E. Scott-de-Martinville (IRSN), et al. Introduction ETSON members
More informationRisk Informed Cyber Security for Nuclear Power Plants
Risk Informed Cyber Security for Nuclear Power Plants Phillip L. Turner, Timothy A. Wheeler, Matt Gibson Sandia National Laboratories Electric Power Research Institute Albuquerque, NM USA Charlotte, NC
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationOperationalizing Cyber Security Risk Assessments for the Dams Sector
Operationalizing Cyber Security Risk Assessments for the Dams Sector Kevin Burns, Jason Dechant, Darrell Morgeson, and Reginald Meeson, Jr. The Problem To evaluate vulnerability to the postulated threat,
More informationOPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY
OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY Vadim Prostakov Vienna 02.04.2009 OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY 1.
More informationCanadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007
US Chemical Facility Anti-Terrorism Standards (CFATS) Overview Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007 Dorothy Kellogg AcuTech Consulting Group Alexandria, Virginia
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More information