Transportation Security Risk Assessment

Similar documents
Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Implementing Executive Order and Presidential Policy Directive 21

S&T Stakeholders Conference

Advanced IT Risk, Security management and Cybercrime Prevention

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

Presidential Documents

Port Facility Cyber Security

Penetration Testing and Team Overview

Statement for the Record

How AlienVault ICS SIEM Supports Compliance with CFATS

Illinois Cyber Navigator Program

NCSF Foundation Certification

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Threat and Vulnerability Assessment Tool

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

The J100 RAMCAP Method

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Security Survey Executive Summary October 2008

Vulnerability Assessments and Penetration Testing

Machine-Based Penetration Testing

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

IoT & SCADA Cyber Security Services

Antiterrorism / Force Protection (AT/FP) Assessment Tool Training. Module 1: Policy Drivers for MARMS & AT/FP Assessments

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Why you should adopt the NIST Cybersecurity Framework

Department of Homeland Security

RSA Cybersecurity Poverty Index

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

RiskSense Attack Surface Validation for IoT Systems

Approaches and Tools to Quantifying Facility Security Risk. Steve Fogarty, CSO

The Office of Infrastructure Protection

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

TEL2813/IS2621 Security Management

United States Space Weather Strategy and Action Plan. Terry Onsager Physicist, NOAA Space Weather Prediction Center

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

An ICS Whitepaper Choosing the Right Security Assessment

Cyber Security Technologies

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Machine-Based Penetration Testing

Office of Infrastructure Protection Overview

Member of the County or municipal emergency management organization

Choosing the Right Security Assessment

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

The Office of Infrastructure Protection

CyBot Suite. Machine-based Penetration Testing

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

National Policy and Guiding Principles

Sharing of Information & Intelligence on the Importation & Transportation of Food

The next generation of knowledge and expertise

Software Architectural Risk Analysis (SARA) Frédéric Painchaud Robustness and Software Analysis Group

Port Facility Cyber Security

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Cyber Risk in the Marine Transportation System

INFORMATION ASSURANCE DIRECTORATE

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Defense in Depth Security in the Enterprise

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Overview of the Federal Interagency Operational Plans

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Course No. S-3C-0001 Student Guide Lesson Topic 5.1 LESSON TOPIC 5.1. Control Measures for Classified Information

Information Security Risk Strategies. By

AGILE AND CONTINUOUS THREAT MODELS

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

Chapter 1. Chapter 2. Chapter 3

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Department of Management Services REQUEST FOR INFORMATION

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

The Office of Infrastructure Protection

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

The Perfect Storm Cyber RDT&E

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Domestic Nuclear Detection Office (DNDO) DNDO Overview

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

California Cybersecurity Integration Center (Cal-CSIC)

Cyber Security Program

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

Nebraska CERT Conference

Homeland Security and Geographic Information Systems

Railroad Infrastructure Security

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

Critical Infrastructure Resilience

The Corporate Security Review (CSR) Program September 11, 2008

IBM Internet Security Systems Proventia Management SiteProtector

Transcription:

Transportation Security Risk Assessment Presented to: Nuclear Waste Technical Review Board Presented by: Nancy Slater Thompson Office of National Transportation October 13, 2004 Salt Lake City, Utah

Introduction The Office of National Transportation (ONT) is in the early stages of developing its transportation security program The DOE has considerable successful experience in secure transportation We are actively working with States, Tribes, local governments, other Federal agencies, and the international community and monitoring output of National Academy of Sciences and Department of Homeland Security s critical infrastructure protection activities As we develop our program, we are committed to five fundamental principles: partnering, integrating, innovating, continuously improving, and communicating Today, we will focus on one aspect of our security program, risk management 2

Systems Approach to Risk Management Benchmarking 1 Assess Assets Cost/Benefits Analysis 8 7 Test and Validate Implement 2 3 Assess Threats Assess Vulnerabilities 4 5 6 Analyze Evaluate Risks Infrastructure, Operations, Countermeasure Options Cost/Benefits Analysis 9 Make RM* Decisions Continuous Improvement * Risk Management 3

1 Identify Critical Assets Determine key assets requiring protection Identify undesirable events and expected impacts of asset loss Rank assets based on consequence of loss 4

2 Identify and Characterize Threats Identify threat categories and adversaries Determine capability of the adversaries Estimate impact of threat relative to each critical asset Rank threats 5

3 Identify and Analyze Vulnerabilities Identify vulnerabilities of specific assets related to undesirable events Any weakness that can be exploited by an adversary to impact an asset For example -- poor building or equipment design, inappropriate personal behavior, no security training for employees Identify existing infrastructure, operations, and countermeasures and their level of effectiveness in reducing vulnerabilities 6

4 Analyze Risks Estimate degree of impact relative to each valued asset Estimate likelihood of attack by a potential adversary Estimate likelihood that a specific vulnerability will be exploited Determine relative degree of risk Prioritize risks based on integrated assessment 7

5 Identify Countermeasures Identify potential countermeasures to reduce vulnerability, threat, impact Existing infrastructure and operational practices may inherently reduce risk and the need for countermeasures Identify countermeasure benefits in terms of risk reduction Identify countermeasure costs Conduct countermeasure cost-benefit analyses Prioritize options and prepare a recommendation for decision maker 8

6 Make Risk Management Decisions Based on supportable, defendable, repeatable processes Structured and flexible approach that identifies comprehensive mitigation strategies The results are: A process for evaluating and enhancing the security features of infrastructure and operations plans and designs Developing effective security procedures, protocols, and countermeasures and options that consider cost and benefits as they relate to risk reduction A snap shot in time that can be updated as the security posture changes 9

7 Implement Security Program Security Plan Protocols and Procedures Training Apply Countermeasures 10

8 Test, Validate, Exercise Drills and Exercises Include appropriate Federal, State, Tribal, and local agencies and private transportation providers Continually revaluate security posture and identify appropriate enhancements 11

9 Continuous Improvement Adjust Plans Monitor Threats Enhance Security Risk Management is a dynamic, ongoing process 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback