Introduction to Securing Critical Infrastructure

Similar documents
Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

NCSF Foundation Certification

The Meter-ON project. Marco Baron Enel Distribuzione. Steering the implementation of smart metering solutions throughout Europe

Assessing Medical Device. Cyber Risks in a Healthcare. Environment

NCSF Foundation Certification

The NIST Cybersecurity Framework

Implementing Executive Order and Presidential Policy Directive 21

Framework for Improving Critical Infrastructure Cybersecurity

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Overview of the Cybersecurity Framework

Cyber Security and Power System Communica4ons Essen4al Parts of a Smart Grid Infrastructure. Talal El Awar

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Why you should adopt the NIST Cybersecurity Framework

The informa(on model at Banco de Portugal: innova(ve and flexible data solu(ons

NERC History, Mission and Current Issues Southern States Energy Board. October 16, 2011

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity

Using the NIST Framework for Metrics 5/14/2015

Framework for Improving Critical Infrastructure Cybersecurity

Interagency Advisory Board Meeting Agenda, Wednesday, December 5, 2012

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

From the Trenches: Lessons learned from using the NIST Cybersecurity Framework

Security Metrics. February 25, Annabelle Lee Senior Technical Executive

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Improving Cybersecurity through the use of the Cybersecurity Framework

Presented by the Internet Security Alliance

Framework for Improving Critical Infrastructure Cybersecurity

ehealth in the implementa,on of the cross border direc,ve: role of the ehealth Network 26th February 2012

Special Publication

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

Directive on security of network and information systems (NIS): State of Play

Updates to the NIST Cybersecurity Framework

VENDOR CONTRACTING : CYBERSECURITY CHECKLIST

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

Ensuring Website Accessibility in Australia. Vivienne L. Conway

BROADBAND CHALLENGES, & THE VISION AND ROLE OF THE ITU. by Mike Nxele, ITU PresentaCon at ICTP Wireless Networking Conference Trieste, Italy

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

Vendor Management: SSAE 18. Presented by Joseph Kirkpatrick CISSP, CISA, CGEIT, CRISC, QSA Managing Partner

COSC 310: So*ware Engineering. Dr. Bowen Hui University of Bri>sh Columbia Okanagan

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

Compe&&ve Telecom Sector, a cri&cal input for development

ACCESS Health Indonesia. ACCESS Global Mee.ng February 10-13, 2014 Goa, India

ACR 2 Solutions Compliance Tools

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

ISAO SO Product Outline

Cybersecurity Curricular Guidelines

Cloud Adop)on, Risks & Security & GDPR An Ac)on Guide

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

The Project on Capacity Development toward Effec*ve Disaster Risk Management Case Study: Bursa

World Bank s Approach to Facilitate Implementa7on of Energy Management Systems

General Framework for Secure IoT Systems

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

Cyber Security & Homeland Security:

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Acalvio Deception and the NIST Cybersecurity Framework 1.1

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Cyber Risk in the Marine Transportation System

National Policy and Guiding Principles

CAREER PATH FOR THE NEXT GENERATION RECORDS MANAGER

Toward All-Hazards Security and Resilience for the Power Grid

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

MEJORES PRACTICAS EN CIBERSEGURIDAD

DHS Cybersecurity: Services for State and Local Officials. February 2017

Raising Security and Trust in our Inter-Federated World

Business Case Components

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

The Water Sector Approach to Cybersecurity

Cybersecurity Risk Management:

Cyber Security in Europe

Cybersecurity for Health Care Providers

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

An Economic Perspec.ve on IPv6 Transi.on

BHConsulting. Your trusted cybersecurity partner

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Bradford J. Willke. 19 September 2007

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

EU General Data Protection Regulation (GDPR) Achieving compliance

Changing Policy Landscape Opportuni0es and Challenges for Private Sector

The Office for Outer Space Affairs bringing space- based tools and applica:ons at the heart of the 2030 Agenda for Sustainable Development

PIPELINE SECURITY An Overview of TSA Programs

Nader Mehravari Research Scientist, CERT Division

Cybersecurity & Privacy Enhancements

CLOUD SERVICES. Cloud Value Assessment.

NASPInet 2.0 The Evolu4on of Synchrophasor Networks

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Putting the Pieces Together:

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Designing and Building a Cybersecurity Program

Directive on Security of Network and Information Systems

ENISA EU Threat Landscape

Transcription:

Her kan tekst skrives Her kan tekst skrives Introduction to Securing Critical Infrastructure Her kan tekst skrives Keith Frederick CISSP, CAP, CRISC, Author securenok.com

Topics A)acks on the Oil and Gas Industry. Execu;ve Order 13636 (February 12, 2013). Presiden;al Direc;ve 21 (February 12, 2013). Cybersecurity Framework (February 12, 2014).

Evolu;on of Cyber A)acks

Why the Focus on O&G? Energy is fundamental to the na;on s economy and defence and pervasive throughout cri;cal infrastructure. Represents the poli;cal direc;on of the government and future war efforts aimed at country/corporate economics. Hacker ability to take over Control Systems.

Threats to the Energy Industry In 2013, 53% of a)acks against the cri;cal infrastructure in the United States targeted the Energy Industry. Con:nues to increase annually. Mo;va;on behind: Execu;ve Order 13636, Presiden;al Direc;ve 21 (PD- 21), and Cybersecurity Framework (CSF). 2014 Secure-NOK AS, all rights reserved.

Execu;ve Order 13636: Improving Cri;cal Infrastructure Cybersecurity Develop a technology- neutral voluntary cybersecurity framework. Promote and incen;vize adop;on of cybersecurity prac;ces. Increase the volume, ;meliness, and quality of cyber threat informa;on sharing. Explore the use of exis:ng regula:on to promote cyber security

Presiden;al Policy Direc;ve 21: Cri;cal Infrastructure Security and Resilience Develop a situa;onal awareness capability that addresses both physical and cyber aspects of how infrastructure is func;oning in near- real ;me. Understand the cascading consequences of infrastructure failures. Update the Na;onal Infrastructure Protec;on Plan. Evaluate and mature the public- private partnership.

Cybersecurity Framework (CSF) The Cybersecurity Framework (CSF) is a living document and will con:nue to be updated. The CSF uses risk management processes to enable organiza;ons to inform and priori;ze decisions regarding cybersecurity. It supports recurring risk assessments and valida;on of business drivers.

CSF Overview CSF is a risk- based approach to managing cybersecurity risk, and is composed of three parts: The CSF Core, The CSF Implementa;on Tiers, and The CSF Profiles. Each CSF component reinforces the connec;on between business drivers and cybersecurity ac;vi;es.

CSF Core The CSF Core is a set of cybersecurity ac;vi;es, desired outcomes, and applicable references that are common across cri;cal infrastructure sectors. The Core presents industry standards, guidelines, and prac;ces in a manner that allows for communica;on of cybersecurity ac;vi;es.

CSF Core Chart

CSF Implementa;on Tiers Tiers provide context on how an organiza;on views: Cybersecurity risk and The processes in place to manage that risk. Tiers describe the degree to which an organiza;on s cybersecurity risk management prac;ces exhibit.

CSF Implementa;on Tiers The Tiers characterize an organiza;on s prac;ces over a range, from Par;al (Tier 1) to Adap;ve (Tier 4). These Tiers reflect a progression from informal, reac;ve responses to approaches that are agile and risk- informed.

CSF Implementa;on Tiers (con;nue) An organiza;on should consider its: Current risk management prac;ces, Threat environment, Legal and regulatory requirements, Business/mission objec;ves, and Organiza;onal constraints.

CSF Profiles A Profile represents the outcomes based on business needs that an organiza;on has selected from the Framework: Categories and Subcategories. The Profile can be characterized as the alignment of: Standards, Guidelines, and Prac;ces

CSF Profiles (con;nue) To develop a Profile, An organiza;on reviews all of the categories and subcategories and, Based on business drivers and a risk assessment, Determine which are most important.

CSF Profiles (con;nue) Profiles can be used to iden;fy opportuni;es for improving cybersecurity posture by comparing: Current Profile (the as is state) with a Target Profile (the to be state).

Risk Management and the CSF Risk management is the ongoing process of: Iden;fying, Assessing, and Responding to risk. To manage risk, organiza;ons should understand the: Likelihood that an event will occur and The resul;ng impact.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback