and compliance management for dynamic eds
play

and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , - PowerPoint PPT Presentation

Apr 13, 2023 •484 likes •893 views

A RIZONA S TATE U NIVERSITY Fall 2016 Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and Gail-Joon Ahn 11/18/2016 1 A RIZONA S TATE U NIVERSITY Background

  1. A RIZONA S TATE U NIVERSITY Fall 2016 Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and Gail-Joon Ahn 11/18/2016 1

  2. A RIZONA S TATE U NIVERSITY Background • The Center for Cybersecurity and Digital Forensics at ASU: – Identity management and access control, – Formal models for computer security, – Network and distributed systems security including web, mobile, SDN and cloud computing, – Vulnerability, risk assessment and cyber crime analysis – Digital Forensics 2 11/18/2016

  3. A RIZONA S TATE U NIVERSITY ASU-CDF Team Carlos Josephine Lamp Rubio-Medrano Dr. Ziming Zhao Prof. Gail-Joon Ahn 3

  4. A RIZONA S TATE U NIVERSITY Research Challenges • Security compliance in EDS gets complicated due to: • The distributed, high-interconnected and heterogeneous nature of EDS, e.g., monitoring software, meters, etc. • Continuous reconfigurations due to on-demand changes • The existence of multiple, large, dense (and sometimes conflicting) documents on security compliance • E.g., existence of subjective interpretations, non-standard implementations, and breakdowns among stakeholders 4 11/18/2016

  5. A RIZONA S TATE U NIVERSITY Challenges for Compliance Management • Compliance as seen by CREDC participants*: • Requires considerable organizational effort • Does not necessarily advance security: seen mostly as a legal exercise • Varies significantly from state to state: adopting standards may not be straightforward • Must be addressed since design/installation time • Evidence must be collected for audits * Highlights from Session on Compliance at CREDC Annual Industry Workshop, March 2016 5 11/18/2016

  6. A RIZONA S TATE U NIVERSITY Proposed Solution • We must assess if particular EDS implementations comply with well-defined security requirements – Filling in the gap between high-level requirements and real-world practical implementations • We propose a framework for the verification, validation and attestation (VV&A) of EDS that is: – Automated, well-defined, and configurable (theoretically-justifiable) – Systematic (repeatable to validate) – Practical (deployable to organizations) – Non-intrusive (minor overhead/reconfiguration as possible) 6 11/18/2016

  7. A RIZONA S TATE U NIVERSITY A Security M&C Framework for EDS 1. We gather the most relevant documents on best practices for EDS 2. Next, we obtain a description of such best practices by leveraging ontologies 3. We then introduce software-based modules for automated monitoring and compliance analysis 4. Data from EDS infrastructure (5) is collected and forwarded for further processing 7 11/18/2016

  8. A RIZONA S TATE U NIVERSITY A Security M&C Framework for EDS (II) Creation of 7 EDS-Related Documentation 1 Data Processing and Sharing 5 Populating among dedicated processes Browsing ... P 1 P 2 P n P 3 Searching and P n-1 6 Editing the Requirements Repository Process-driven Workflow Analysis of Reports obtained 2 4 from various tools EDS Discovery Information Integration ... Data Collection from EDS Infrastructure Natural Language Requirements + Requirements Repository 3 EDS Domain Infrastructure Knowledge P: Software Process Module Information Discovery and Collection Tool 8 11/18/2016

  9. A RIZONA S TATE U NIVERSITY A Security M&C Framework for EDS (III) • Leveraging our approach involves: – Creating dedicated compliance workflows based on analyzing ontology-based requirements – Collecting evidence on security-relevant data directly from EDS infrastructure – Creating customized processing modules implementing such workflows 9 11/18/2016

  10. A RIZONA S TATE U NIVERSITY A Security M&C Framework for EDS (IV) • Our proposed framework is intended to: – Encourage the rigorous analysis of security requirements by leveraging ontologies – Continuously monitor the security of EDS infrastructure by leveraging emerging technologies, e.g., software-defined networks (SDN) – Automatically perform security compliance checks and management on EDS deployments – Promote the development of objective, traceable, justifiable and repeatable security metrics and measures for EDS 10 11/18/2016

  11. A RIZONA S TATE U NIVERSITY A Security Framework for EDS: Requirements Creation of 7 EDS-Related Documentation 1 Data Processing and Sharing 5 among dedicated processes Populating Browsing ... P 1 P 2 P n P 3 Searching and P n-1 6 Editing the Requirements Repository Process-driven Workflow Analysis of Reports obtained 2 4 from various tools EDS Discovery Information Integration ... Data Collection from EDS Infrastructure Natural Language Requirements + Requirements Repository 3 EDS Domain Infrastructure Knowledge P: Software Process Module Information Discovery and Collection Tool 11 11/18/2016

  12. A RIZONA S TATE U NIVERSITY Ontology Representation: Onto-ArcRE* 4 Document Gathering: 1 Hierarchical NIST, IEEE, etc. grouping on common characteristics Identification of Requirements, 2 Stakeholders, Security controls, etc. 5 Creation of Classification and monitoring / Categorization of 3 compliance Concepts and their tools relationships *Lee SW and Gandhi RA. Ontology-based active requirements engineering framework . APSEC’05. 2005. IEEE. 12 11/18/2016

  13. A RIZONA S TATE U NIVERSITY Ontology Representation: Example • Communication channels must be secured : – Security Principles: Integrity 1 – Security Threat: System Tampering 1 – Attack Vector: Network Communications 1,2 – Attacks: Intercept, Man in the Middle, Masquerade 3 – Security Features: Protected Channel 1 – Security Techniques: Secure Sockets Layer (SSL) 4 – EDS Infrastructure: MTU, IED, RTU 4 1) Cybersecurity Procurement Language for Energy Delivery Systems 2) NERC CIP-005 3) IEC62351 4) NIST SP 800-82 13 11/18/2016

  14. A RIZONA S TATE U NIVERSITY Ontology Representation: Example (IV) Cybersecurity Procurement Language for Energy Delivery Systems Cybersecurity Threat Attack Security Security Deliberate Principle Feature Threat Protected System Integrity Channel Tampering Protects Counteracts 14 11/18/2016

  15. A RIZONA S TATE U NIVERSITY Ontology Representation: Example (IV) Cybersecurity Procurement Language for Energy Delivery Systems Cybersecurity Threat Attack Security Security Deliberate Principle Feature Threat Protected System Unauthorized Integrity Channel Tampering Modification Protects Counteracts RealizedAs Intercept Man in the Middle Masquerade Repudiation IEC62351 15 11/18/2016

  16. A RIZONA S TATE U NIVERSITY Ontology Representation: Example (IV) Cybersecurity Procurement Language for Energy Delivery Systems Cybersecurity Threat Attack Security Security Deliberate Principle Feature Threat Protected System Unauthorized Integrity Channel Tampering Modification Protects Counteracts RealizedAs ImplementedBy Intercept Man in the Middle Security Secure Sockets Technique Layer (SSL) Masquerade Control Server Repudiation (MTU) SCADA System Component IED IEC62351 RTU NIST SP 800-82 16 11/18/2016

  17. A RIZONA S TATE U NIVERSITY Ontology Representation: Example (IV) Cybersecurity Procurement Language for Energy Delivery Systems Cybersecurity Threat Attack Security Security Deliberate Principle Feature Threat Protected System Unauthorized Integrity Channel Tampering Modification Protects Counteracts RealizedAs ImplementedBy Intercept Man in the IntendedFor Middle Security Secure Sockets Network Technique Layer (SSL) Communication Masquerade Control Server Repudiation Utilizes (MTU) SCADA System Utilizes Component IED Electronic Access Point IEC62351 RTU NIST SP 800-82 NERC CIP-005 17 11/18/2016

  18. A RIZONA S TATE U NIVERSITY SPARQL Query – Security Principle SELECT ?secTech ?prnpl | SecurityTechnique | Principle | WHERE | | | Access Control Integrity { | | | Credentials Integrity eds:protectsIntegrity rdfs:domain ?secTech ; | DMZ | Integrity | | Encryption Integrity | | rdfs:range ?prnpl. | Firewall Integrity | | } | NetworkMonitoring Integrity | | | PKI Integrity | | SSL Integrity | | | 18 11/18/2016

  19. A RIZONA S TATE U NIVERSITY SPARQL Query – Documentation SELECT ?secTech ?doc | SecurityTechnique | Principle | WHERE | | | Access Control CyberProc Lang { | | | Credentials NIST800-82 eds:specifiedBy rdfs:domain ?secTech ; | DMZ | CyberProc Lang | | Encryption NERC_CIP | | rdfs:range ?doc. | Firewall IEC62351 | | } | NetworkMonitoring IEC62351 | | | PKI NIST800-82 | | SSL NIST800-82 | | | 19 11/18/2016

  20. A RIZONA S TATE U NIVERSITY SPARQL Query – Properties SELECT ?attack ?property ?sysComp WHERE { ?property rdfs:domain+ ?attack ; rdfs:range+ ?sysComp . eds:Attack (^rdfs:domain/rdfs:range)* ?attack . ?attack (^rdfs:domain/rdfs:range)* ?sysComp . } 20 11/18/2016

  21. A RIZONA S TATE U NIVERSITY SPARQL Query - Properties | | Domain | Property | Range | | | | ControlBypass targets MTU | | | | PrivilegeEscalation targets AccessControlMech | | ManInTheMiddle | targets | RTU | | Intercept targets NetworkComm | | | | Masquerade targets IED | | | | TrafficAnalysis targets NetworkTraffic | | | | Repudiation targets Software | | | Virus targets Application | | | 21 11/18/2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Memory Management 333 Dynamic Memory Management Process Memory Layout Process Memory

Dynamic Memory Management 333 Dynamic Memory Management Process Memory Layout Process Memory

Dynamic Memory Management Dynamic Memory Management 333 Dynamic Memory Management Process Memory Layout Process Memory Layout (1) Each Linux process runs within its own virtual address space tables and the MMU (if available) security due to

1.25k views • 68 slides
Compliance Training Management Assurance that required Compliance Training is correctly

Compliance Training Management Assurance that required Compliance Training is correctly

Compliance Training Management Assurance that required Compliance Training is correctly identified, effectively delivered and tracked, along with the appropriate accountability process. Why Are We Here? Whats in this for you A new

613 views • 12 slides
Dynamic Duo Advantage TJ and Taryn have partnered up to offer: Legal analysis +

Dynamic Duo Advantage TJ and Taryn have partnered up to offer: Legal analysis +

Dynamic Duo Advantage TJ and Taryn have partnered up to offer: Legal analysis + practical HR application Social Media is about legal compliance, good HR management practices and common sense Our goal is to impart all

850 views • 54 slides
Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15,

Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15,

Managing Compliance Risk Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15, 2013 1 Compliance Risk Basel Committee defines Compliance Risk as the risk of legal or regulatory sanctions,

632 views • 13 slides
Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan Evaluation Section, Pharmacovigilance and Special Access Branch Why does RMP compliance matter? RMPs aim to ensure that the benefits of a

732 views • 22 slides
Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required for Conditions: A6 Risk management A7, B3 Event management and notification A1.3 Activity in Wales I3.1 Certificate design

340 views • 17 slides
Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk

Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk

Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk Officer, Bharti AXA Life Insurance Company Limited Stakeholder Protection IRDA-ICSI Seminar on Convergence of Company Law and Insurance Law 26

437 views • 16 slides
Training Compliance Claims Processing Health and Welfare Benefit Enrollment

Training Compliance Claims Processing Health and Welfare Benefit Enrollment

ADMINISTRATIVE PAYROLL INTERNAL SERVICES Purchasing & Payment Time & Attendance Risk Management Compliance (ADA, EEOC, FMLA) FLSA Compliance Property, Casualty & Employee Recognition IRS Payroll Reporting

821 views • 64 slides
Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP

Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP

Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP - Agents have access to the Aperia Client Management Portal Experience - Get your user credentials! - Support/Compliance Center/Help Desk/QSA

66 views • 6 slides
Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring

Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring

Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring Meeting Martin Eling, University of Ulm Thomas Parnitzke, Baloise Holding San Diego, May 23-26, 2010 Hato Schmeiser, University of St. Gallen Hato

639 views • 30 slides
4 Driver Hire Application Management System & DOT Compliance Software 4 Driver Hire

4 Driver Hire Application Management System & DOT Compliance Software 4 Driver Hire

4 Driver Hire Application Management System & DOT Compliance Software 4 Driver Hire Software DOT compliance software with applicant management tracking for motor carriers Dashboard to track items such as expiring documents,

617 views • 15 slides
Compliance and Ethics Week Conflict Management for University Connected Start- Ups and Technology

Compliance and Ethics Week Conflict Management for University Connected Start- Ups and Technology

Compliance and Ethics Week Conflict Management for University Connected Start- Ups and Technology Licensing Heather M. Hage, Esq., Senior Director, Innovation & Partnerships Joshua B. Toas, Chief Compliance Officer & Assistant Secretary

51 views • 3 slides
Compliance TODAY December 2013 A PUBLICATION OF THE HEALTH CARE COMPLIANCE ASSOCIATION WWW . HCCA

Compliance TODAY December 2013 A PUBLICATION OF THE HEALTH CARE COMPLIANCE ASSOCIATION WWW . HCCA

Compliance TODAY December 2013 A PUBLICATION OF THE HEALTH CARE COMPLIANCE ASSOCIATION WWW . HCCA - INFO . ORG Timothy Ferriss Jan Cunningham Compliance Specialist Privacy Director of Risk Management Alaska Native Tribal Health Consortium

228 views • 5 slides
6 th Change Management Conference 26-27 April 2017 Change Management Driving Corporate Compliance

6 th Change Management Conference 26-27 April 2017 Change Management Driving Corporate Compliance

6 th Change Management Conference 26-27 April 2017 Change Management Driving Corporate Compliance Robyn S. Joppy Oneaccordconsultingfirm.com INTEGRITY MATTERS CM Driving Corporate Compliance Change will not come if we wait for some other

179 views • 17 slides
Compliance Management International EPA FRP & SPCC Inspections and Exercises: How Prepared is

Compliance Management International EPA FRP & SPCC Inspections and Exercises: How Prepared is

Compliance Management International EPA FRP & SPCC Inspections and Exercises: How Prepared is Your Facility? for NISTM - Aboveground Storage Tank Conference April 3, 2014 Presented By: Donielle L. Dziedzic Manager, Emergency Management

317 views • 16 slides
Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Risk Management Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-N urnberg, Germany September 22, 2009 Overview Background 1 Why? When? Where? Towards

603 views • 34 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L.

Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L.

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L. Peterson, Robert F. Mills, and Michael W. Haas Center for

355 views • 19 slides
Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games in security Patrick Loiseau EURECOM Fall 2015 1 References J. Walrand. Economics

882 views • 70 slides
Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security & Network Research Group University of Plymouth, UK http://www.network-research-group.org/ Agenda Basic definitions. Manifestation of

1.07k views • 50 slides
CCW Workshop Technical Session on Mobile Cloud Compu<ng

CCW Workshop Technical Session on Mobile Cloud Compu<ng

CCW Workshop Technical Session on Mobile Cloud Compu<ng Panelists: Dijiang Huang (ASU, Moderator) Mario Gerla (UCLA) Huan

626 views • 30 slides
Evaluation of training Learning objectives Design a possible evaluation procedure for

Evaluation of training Learning objectives Design a possible evaluation procedure for

INF3280, 25 March 2020 Evaluation of training Learning objectives Design a possible evaluation procedure for Assignment 3 Core literature Chapter 9 Auxiliary literature Holton III (1996) The flawed four-level

212 views • 10 slides
networks research Bob Briscoe & Ben Bappu Dec 2004 networks research centre - themes

networks research Bob Briscoe & Ben Bappu Dec 2004 networks research centre - themes

networks research Bob Briscoe & Ben Bappu Dec 2004 networks research centre - themes networks of x x: computers, devices, people, physical phenomena new science framework for reasoning, proof, architecture, language,

620 views • 14 slides

More recommend