cip 101 training cip 007 3a cyber security system
play

CIP 101 Training CIP-007-3a Cyber Security System Security - PowerPoint PPT Presentation

Feb 04, 2023 •36 likes •2.02k views

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

  1. Relation to other standards • CIP-005 -- Access Point focused o TO and THROUGH the access points o Ensure adequate controls are in place to protect the Access Points o Ensure access THROUGH the Access Point is controlled (bi- directional restrictive controls) • CIP-007 – ESP cyber asset focused o TO every cyber asset within ESP o TO and THROUGH infrastructure devices (switches/routers) within the ESP (not access point) o Ensure adequate security controls are implemented on all cyber assets within the ESP to provide protections for the CCAs within the ESP o End Point security (authentication, AV, logging, etc.) 35

  2. Relation to other standards EMS Electronic Security Perimeter Workstations Printer EMS WAN File Server Router Access Control Access Switch Server Point CIP-005 Firewall CIP-007 CIP-005 Access CorpNet Router Point CCA Switch Firewall CCA Printer CCA CCA CCA EMS Servers CCA CCA CCA Workstations 36

  3. Relation to other standards EMS Electronic Security Perimeter Workstations Printer EMS WAN File Server Router Access Control Access Switch Server Point CIP-005 Firewall CIP-007 CIP-005 Access CorpNet Router Point CCA Switch Firewall CCA Printer CCA CCA CCA EMS Servers CCA CCA CCA Workstations 37

  4. Audit Approach – What are we looking for? • Performance evidence for all requirements and sub requirements o Logs o Emails o Screenshots o Configuration files o Testing evidence o CVA assessment report o Change control evidence o Anything else that demonstrates compliance 38

  5. Audit Approach– What are we looking for? • Auditors are fact finders – we want to see all pertinent facts • Entity must demonstrate compliance • We want to see documented processes and procedures • We want to see an auditable trail of evidence • Evidence should be in common application formats (.pdf, text, Word, Excel – please export Visio drawings to .pdf) 39

  6. Audit Approach – What are we looking for? • Actively manage all cyber assets in the ESPs o Testing – changes to devices requires security testing o Configurations – current baselines, ports/services, etc. o Updates – process, procedures, testing and implementation o Anti-Virus/ Anti-Malware – current and active o Manage user access – process, procedures, shared/default o Logging and Alerts – active, reviewed, response o Device inventory management – disposal and redeployment • Vulnerability Assessment – all devices, annually • Document, Document, Document – is there an audit trail 40

  7. Audit Approach – What are we looking for? • Security controls overview • Testing procedures for all cyber assets including actual testing evidence • Architectural drawings • Ports and services documentation • Log files for past 90 days from notice of audit • Alert configurations and evidence of performance and response 41

  8. Audit Approach – What are we looking for? • User access list and logging of security events • Current Anti-Virus/Anti-Malware status – demonstrate active & current • Bookend data – proof of performance for previous period (annual) –, R5.1.1, R5.1.3, R5.3.3, R8, R9 • Approvals and signatures for policy and procedures 42

  9. Audit Approach – What are we looking for? • Vulnerability Assessment evidence • Raw files • Vulnerability Assessment findings mitigation evidence • Destruction and redeployment evidence 43

  10. Audit Approach – What are we looking for? • 6.56 Auditors must obtain sufficient, appropriate evidence to provide a reasonable basis for their findings and conclusions … • 6.57 … In assessing the sufficiency of evidence, auditors should determine whether enough evidence has been obtained to persuade a knowledgeable person that the findings are reasonable. • 6.60 Appropriateness is the measure of the quality of evidence that encompasses the relevance, validity, and reliability of evidence used for addressing the audit objectives and supporting findings and conclusions … GAGAS-Government Auditing Standards -2011.pdf (2011 Revision) www.gao.gov/govaud/iv2011gagas.pdf 44

  11. Audit Approach – What are we looking for? • Clarification of evidence – RSAW, procedures, performance data, etc. • Missing evidence – performance and/or procedures • Bookend evidence (R5.1.1, R5.1.3, R5.3.3, R8, R9) • Attestations Ensuring the auditors have sufficient and appropriate evidence to determine and support the findings 45

  12. Audit Approach – What are we looking for? • Describe … .. various requirement procedures and processes (testing, production-like testing, Anti- Virus management, Vulnerability Assessment process, Alerting process, logging controls, ports and services identification, configuration management, etc.) • Describe your access management controls • Any questions that are a result of evidence analysis (explanation and clarification) Interviews often lead to additional data requests 46

  13. Additional Resources – tools, tasks, tips … • WECC outreach presentations website o https://www.wecc.biz/compliance/outreach/Pages/ default.aspx • WECC Compliance website– note country links o http://www.wecc.biz/compliance/Pages/default.aspx 47

  14. Additional Resources – tools, tasks, tips … 48

  15. Additional Resources – tools, tasks, tips … • WECC – call us with questions – prefer use of WECC CIP SME list for specific standard http://www.wecc.biz/compliance/United_States/Documents/WECC%20Subject%20Matter %20Experts%20List.pdf 49

  16. Additional Resources – tools, tasks, tips … We are here as a resource for you • CIPUG events • WECC.biz and NERC.com o Google is your friend-watch out for dis-info • Audit Notice – Appendix G • Tools o OS tools: netstat o network scanners: nmap, Nessus o vulnerability & penetration tools: Nessus, Core Impact, Metasploit o Assessments: CSET 50

  17. Additional Resources – tools, tasks, tips … • Cyber Security Evaluation Tool (CSET) o Department of Homeland Security (DHS) tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks o High-level and detailed questions related to all industrial control and IT systems o At no extra cost; paid for by our tax dollars J http://www.us-cert.gov/control_systems/csetdownload.html 51

  18. Additional Resources – tools, tasks, tips … • Mapping Document Showing Translation of CIP-002-4 to CIP-009-4 into CIP-002-5 to CIP-009-5, CIP-010-1, and CIP-011-1 o Note: CIP-003-3 thru CIP-009-3 similar to CIP-00x-4 series o http://www.nerc.com/docs/standards/sar/ Mapping_Document_for_CIP_V5_Clean_(2012-0911).pdf 52

  19. CIP-007-3a Cyber Security System Security Management • Summary of Agenda o Requirement Overview o Why do we need it? o Overview – W hat is it? o What makes it so difficult? o Relation to other standards o Audit Approach – What are we looking for? o Additional Resources – tools, tasks, tips … 53

  20. Questions? Eric Weston Compliance Auditor, Cyber Security Western Electricity Coordinating Council (WECC) Eweston@wecc.biz Phone: 801-819-7630 Wally Magda, CISSP, PSP, CISA Compliance Auditor - Cyber Security Western Electricity Coordinating Council (WECC) wmagda@wecc.biz Mobile: 385-227-0724

  21. Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security – System Security Management September 24-25, 2013 Salt Lake City, UT

  22. WECC CIP-101 Disclaimer • The WECC Cyber Security team has created a sample Registered Entity, Billiam Power Company (BILL) and fabricated evidence to illustrate key points in the CIP audit processes. • Any resemblance of BILL to any actual Registered Entity is purely coincidental. • All evidence presented, auditor comments, and findings made in regard to BILL during this presentation and the mock audit are fictitious, but are representative of audit team activities during an actual audit. 56

  23. Mock Audit Approach • Review of WECC audit approach by the auditors for each CIP-007-3 requirement • Review of ‘Billiam’ Evidence • Sample Data Requests • Sample Interview questions • Discussion and interactive audit of requirements 57

  24. Data Retention • Per Data Retention in Standard section 1.4 • “The Responsible Entity shall keep all documentation and records from the previous full calendar year …… • Does that statement give you a documentation “get out of jail card” for the full audit period? 58

  25. Data Retention • The Registered Entity will be expected to demonstrate compliance [for the entire audit period] • If a Reliability Standard specifies a document retention period that does not cover [the entire audit period] , the Registered Entity will not be found in noncompliance solely on the basis of the lack of specific information that has rightfully not been retained based on the retention period specified in the Reliability Standard 59

  26. Data Retention • However , in such cases, the Compliance Enforcement Authority will require the Registered Entity to demonstrate compliance [for the entire audit period] through other means o (NERC, 2013 June 25, Compliance Monitoring and Enforcement Program: Appendix 4C, Section 3.1.4.2 , para 2, p. 9) • 90 day logs prior to date of audit notice letter 60

  27. Terms used in NERC Reliability Standards • Cyber Assets – Programmable electronic devices and communication networks including hardware, software, and data. • Critical Cyber Assets – Cyber Assets essential to the reliable operation of Critical Assets. • Electronic Security Perimeter – The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled. 61

  28. Catch-All Requirements • CIP-005-3 R1.5 (EACMs) o Cyber Assets used in the access control and/or monitoring of the Electronic Security Perimeter(s) shall be afforded the protective measures as a specified in Standard CIP- 003-3; Standard CIP-004-3 Requirement R3; Standard CIP-005-3 Requirements R2 and R3; Standard CIP-006-3 Requirement R3; Standard CIP-007-3 Requirements R1 and R3 through R9 ; Standard CIP-008-3; and Standard CIP-009-3. 62

  29. Catch-All Requirements • CIP-006-3c R2.2 (PACS) Protection of Physical Access Control Systems — Cyber Assets that authorize and/or log access to the Physical Security Perimeter(s), exclusive of hardware at the Physical Security Perimeter access point such as electronic lock control mechanisms and badge readers, shall: • R2.2. Be afforded the protective measures specified in Standard CIP-003-3; Standard CIP- 004-3 Requirement R3; Standard CIP-005-3 Requirements R2 and R3; Standard CIP- 006-3 Requirements R4 and R5; Standard CIP-007-3 ; Standard CIP-008-3; and Standard CIP-009-3. 63

  30. CIP-002-3 R3 • Critical Cyber Asset (CCA) list(s), even if null, determined through review of all cyber assets associated with every identified Critical Asset. The review must include all criteria found in CIP-002-3 R3. 64

  31. CIP-002-3 R3 Critical Cyber Asset List 65

  32. CIP-002-3 R3 CCA list 66

  33. CIP CONFIDENTIAL Billiam EMS Architecture BUCC ASA Access CCA SW3 CCA Point FW3 RTR 3 BU1 CCA CCA CCA CCA CCA WKS3 Billiam EMS Console 5-6 EMS 5 - 6 DC2 Electronic Security EMS Net CC1 Perimeters BUCC WAN ASA HP PTR1-2 FW1 WKS1-2 HPUX 1- 2 CorpNet Access RTR CCA Point 1-2 EMS WAN EMS Console 1-4 ASA SU1 FW2 CCA CCA CCA CCA Access EMS Net RTR 4 Point CCA SUB1 SW4 CCA CCA CCA CCA CCA CCA CCA CCA CCA DMZ1 PIX FW CCA CCA CCA Access DC1 HMI1 ICCP 1- 2 EMS 1- 4 Point Relay 1- 3 HMI-2 Syslog1 LogRhythm WON 67

  34. Is Hypervisor in-scope? • Any Hypervisor running a VM determined to be a CCA brings the Host in as a CCA • In addition ALL VM Cyber Assets on the Host machine are in-scope of CIP Standards 68

  35. Mixed-Mode • Configuration where both in- scope and out-of-scope virtual Cyber Assets are running on the same hypervisor or host • Mixing VMs of different trust levels is not a recommended configuration CIP Protected (in-scope) Not CIP Protected (out-of-scope) 69

  36. CAN-0051 (in Development ????) • CCA designation of management console for virtual machine (VM) technology o With the Management Console having the capabilities for impacting the CCA VM Client, the Management Console should be considered a CCA o With the expanded usage of Virtual Machine technology it is in the best interest of the industry to have this clearly outlined to make sure the overall reliability of the BES is maintained http://www.nerc.com/files/CAN%20Status%20and%20Priority%20List %2020120608.xls 70 http://www.nerc.com/page.php?cid=3|22|354

  37. Virtual Machines & Storage • Not a new CIP concept • Cyber Assets that should be considered include, at a minimum: o Hardware platforms running virtual machines or virtual storage § Identifying Critical Cyber Assets, Version 1.0, pg. 6 § Approved by: Critical Infrastructure Protection Committee Effective Date: June 17, 2010 http://www.nerc.com/fileUploads/File/Standards/Critcal %20Cyber%20Asset_approved%20by%20CIPCl%20and %20SC%20for%20Posting%20with %20CIP-002-1,%20CIP-002-2,%20CIP-002-3.pdf 71

  38. Cyber Assets Identifying Critical Cyber Assets, Version 1.0, pg. 6 72

  39. CIP-007-3 R1 – Test Procedures • Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely affect existing cyber security controls. • significant change shall, at a minimum, o security patches o cumulative service packs o vendor releases o version upgrades -- operating systems, applications, database platforms, or other third-party software or firmware. 73

  40. [CIP-007-3 R1] Audit Approach – What are we looking for? • Technical narrative describing testing environment(s) • Documented testing procedures for each cyber asset within the ESP – must verify security controls (R1.1) • Entity definition of “significant change” • Evidence of security testing- not functional testing – before and after change evaluation • How is test environment similar/dissimilar to production environment • Are controls in place to protect production environment 74

  41. [CIP-007-3 R1] Audit Approach – what are we looking for? [continued] • Definition of testing environment for each asset or asset type • Testing and Change Control processes – integrated in CIP-003 R6? • Define asset baselines – approved and documented configurations • Documentation of testing being performed o what tests are performed and why o testing results (compared to baselines?) o approvals – clear processes and documentation trail to audit (R1.3) 75

  42. [CIP-007-3 R1] Audit Approach – what are we looking for? [continued] • Evidence that the test plans were followed • Baselines updated as part of Testing Procedures – who/ when/why/how • Approvals prior to production 76

  43. FERC NOPR • P 609. “ … the Commission understands that test systems do not need to exactly match or mirror the production system in order to provide useful test results. However, to perform active testing, the responsible entities should be required at a minimum to create a “representative system” – one that includes the essential equipment and adequately represents the functioning of the production system. … ” • P 609 states “representative system”. No mention of using production backup 77

  44. Frequently Asked Questions (FAQ’s) • Original v1 FAQs developed in 2004 o Filed with FERC in 2006 o Good to help understand original approach • Tread carefully—FAQ not the final answer • FAQ is not the CIP • Experience, lessons learned, events analysis factored into audit approach and used in addition to FAQs § http://www.nerc.com/pa/Stand/Cyber%20Security %20Permanent/Cyber_Security_FAQ.pdf 78

  45. Frequently Asked Questions (FAQ’s) • 1. Question: Is an isolated test environment required? o Answer: Electronic isolation is not required; the test environment is not required to be outside the Electronic Security Perimeter. A controlled non-production system can be used. o Audit team : Will look at controls in place, expect thorough review • 2. Question: Can a redundant system be used for testing? o Answer: The entity is responsible for determining the non- production systems in its environment. It is possible depending on the entity’s environment that a redundant system can be used for testing if it can be configured such that it does not introduce additional risk to production operations. o Audit team: Key words: “Such that it does not introduce additional risk” 79

  46. What does v5 look like? • CIP-007-3a R1 moved to CIP-010-1 R1.4 • Assess security controls following changes - Provides clarity on when testing must occur, and requires additional testing to ensure that accidental consequences of planned changes are appropriately managed. This change addresses FERC Order No. 706, Paragraphs 397, 609, 610, and 611. • CIP-007-3a R1.1 moved to CIP-010-1 R1.5 • Test procedures – This requirement provides clarity on when testing must occur and requires additional testing to ensure that accidental consequences of planned changes are appropriately managed. • This change addresses FERC Order No. 706, Paragraphs 397, 609, 610, and 611. 80

  47. What does v5 look like? • CIP-007-3a R1.2 moved to CIP-010-1 R1.5 • Testing reflects production environment - This requirement provides clarity on when testing must occur and requires additional testing to ensure that accidental consequences of planned changes are appropriately managed. This change addresses FERC Order No. 706, Paragraphs 397, 609, 610, and 611. • CIP-007-3a R1.3 moved to CIP-010-1 R1.4 & 1.5 • The Responsible Entity shall document test results. The SDT attempted to provide clarity on when testing must occur and removed requirement for specific test procedures because it is implicit in the performance of the requirement. o http://www.nerc.com/docs/standards/sar/ Mapping_Document_for_CIP_V5_Clean_(2012-0911).pdf 81

  48. CIP-007-3 R1 BPC Initial Evidence 82

  49. [CIP-007-3 R1] Typical Data Requests • Change Control log for audit period • Provide test procedures for each device type or system within the EMS networks (EMS servers, routers/switches, workstations, etc.) that are used to determine if security related changes have taken place (CIP-007-3 R1.1). • Provide complete change control documentation (forms, baseline documents, testing procedures used, testing results documentation, approvals, etc.) for the following significant changes (NERC sampling methodology) [ sample list ] • Performance of testing to obtain current configuration versus baseline. [ sample list ] 83

  50. NERC Sampling Methodology Confidence level for the Sampling Methodology is set at 95% 84

  51. 85

  52. [CIP-007-3 R1] Interview Topics • Are there specific test procedures for all cyber assets or group of assets? • Describe the test procedures – sample device types • Describe the test environment and how testing closely reflects the production environment – controls to protect production • How do you validate ports/services? 86

  53. [CIP-007-3 R1] Interview Topics • Have there been any significant changes during the audit period? • Are there baseline configuration to compare test results against? • Are there any circumstances where security testing must be performed on the production environment? How is it performed and what controls are in place? 87

  54. R1 Audit Evidence Examples • Windows Test Procedures • Security test checklist 88

  55. CIP-007-3 R1 Test Procedures 89

  56. CIP-007-3 WMI Test Procedures 90

  57. CIP-007-3 R1 BPC Security Checklist 91

  58. CIP-007-3 R2 – Ports and Services • The Responsible Entity shall establish, document and implement a process to ensure that only those ports and services required for normal and emergency operations are enabled. o Normal and Emergency operations o TFEs? – Compensating measures (R2.3) 92

  59. ERO Compliance Analysis Report Reliability Standards CIP-006 and CIP-007 -- December 2010 CIP-007 • Responsible Entities should work with all vendors of systems and applications of applicable cyber assets in their infrastructure to determine required ports and services . Most if not all vendors will have some form of documentation detailing this information. http://www.nerc.com/files/ERO%20CIP-006%20and%20CIP-007%20Compliance 93 %20Analysis%20Report%20for%20Posting.pdf

  60. [CIP-007-3 R2] Audit Approach – What are we looking for? • Documentation of procedures to identify and manage required ports/services • What service is running on what port o TCP and UDP ports (listening and established states) o Vendor documentation may assist in defining required ports and services and their operational purpose • Required ports defined and documented o Cyber Asset specific • Normal or Operational requirement? • Are high risk ports/services running? 94

  61. [CIP-007-3 R2] Audit Approach – What are we looking for? [continued] • Procedures to ensure only required ports/ services are enabled for new/changed devices (R1) • What tests are performed to validate correct configurations– who, when, how, tools (R1,R8) • TFE required? Why not feasible, vendor evidence, compensating measures in place (R2.3) 95

  62. CIP-007-3 R2 Initial Evidence C:\HMI-1>netstat Active Connections Proto Local Address Foreign Address State TCP HMI-1:2111 localhost:33333 ESTABLISHED TCP HMI-1:3616 localhost:10525 ESTABLISHED TCP HMI-1:5152 localhost:1573 CLOSE_WAIT TCP HMI-1:10525 localhost:3616 ESTABLISHED TCP HMI-1:33333 localhost:2111 ESTABLISHED TCP HMI-1:netbios-ssn 172.16.105.1:56761 TIME_WAIT TCP HMI-1:netbios-ssn 172.16.105.1:56762 TIME_WAIT TCP HMI-1:netbios-ssn 172.16.105.1:56765 TIME_WAIT TCP HMI-1:netbios-ssn 172.16.105.1:56766 TIME_WAIT 96

  63. [CIP-007-3 R2] Typical Data Requests • For the following servers and workstations (cyber assets) provide current “ netsat ” ( netstat –b –o –a - n / netstat –p –a -l ) or port scan (TCP/UDP) results. [sample list] • For the following network devices, provide current configuration files (i.e., show run all ), ports and services running (scan results if exists) • Provide a spreadsheet identifying all cyber assets, associated TFEs, and associated requirements 97

  64. [CIP-007-3 R2] Typical Interview Questions • Describe the procedures used to identify the required ports/services • Are vendors involved with the definition of required ports/services? • Are there Cyber Assets, which ports and services cannot be disabled? o If so, what are the compensating measures in place 98

  65. R2 Audit Evidence Examples • Netstat: o Netstat -b -o -a -n > netstat_boan.txt o Netstat -p -a -l > netstat_pal.txt • NMAP scan results o Nmap –sT –sV –p T:0-65535 <IP_address> >>nmap_tcp.txt o Nmap –sU –sV –p U:0-65535 <IP_address> >> nmap_udp.txt • show control-plane host open-ports • Manual review – show run config file (router or firewall) 99

  66. HMI-1 Baseline Evidence C:\Documents and Settings\HMI-1> netstat -b -o -a -n > netstat_boan.txt Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 952 C:\WINDOWS\system32\svchost.exe TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System] TCP 0.0.0.0:6002 0.0.0.0:0 LISTENING 428 [spnsrvnt.exe] TCP 0.0.0.0:7001 0.0.0.0:0 LISTENING 248 [sntlkeyssrvr.exe] TCP 0.0.0.0:7002 0.0.0.0:0 LISTENING 248 [sntlkeyssrvr.exe] TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1656 [dirmngr.exe] TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 2484 [alg.exe] TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1764 [jqs.exe] TCP 127.0.0.1:33333 0.0.0.0:0 LISTENING 1856 [PGPtray.exe] TCP 172.16.105.220:139 0.0.0.0:0 LISTENING 4 [System] TCP 127.0.0.1:2111 127.0.0.1:33333 ESTABLISHED 1616 UDP 0.0.0.0:7001 *:* 248 [sntlkeyssrvr.exe] UDP 0.0.0.0:500 *:* 700 [lsass.exe] UDP 0.0.0.0:4500 *:* 700 [lsass.exe] UDP 0.0.0.0:445 *:* 4 [System] UDP 127.0.0.1:123 *:* 1084 c:\windows\system32\WS2_32.dll UDP 172.16.105.220:6001 *:* 428 [spnsrvnt.exe] 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System Aware Cyber Security Operates at the system application-layer , For security inside of the network and perimeter protection provided for the

164 views • 3 slides
System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012 This material is based upon work

518 views • 41 slides
Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center The Global Cyber Security Center, is an International not-for-profit

615 views • 33 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October 2019 (01416) What is CYBER? A fully functional Electronic Health Record system, that is a tool for providers to make the maintenance of youth

736 views • 59 slides
U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

ISSLOB SSC CYBERSECURITY AWARENESS U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST SP 800-50 A proven, reliable solution that verifies retention of material and concepts A well

344 views • 17 slides
Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos National Laboratory LA-UR-17-27644 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA A Cyber-Physical Model

837 views • 7 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&amp;C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1 Project Goals Project Goals Interface with vehicle using phone or WWW Start / Kill engine Lock / Unlock doors Pop trunk Must provide

396 views • 20 slides
How can I have 100 0-day for just 1-day Version : Draft Speak by R3d4l3rt Outline I.

How can I have 100 0-day for just 1-day Version : Draft Speak by R3d4l3rt Outline I.

HITCON 2013 : CYBERWAR, IN HACK WE TRUST JUL. 19-20, 2013 How can I have 100 0-day for just 1-day Version : Draft Speak by R3d4l3rt Outline I. Introduction Introduction of speaker II. Project Overview I just want to find a lot

1.38k views • 18 slides
1. REVIEWMODULE 2. VISUALBASICISFEATURES 3. ALTERINGPROPERTIES AT RUNTIME 4. ADDITIONALFEATURES

1. REVIEWMODULE 2. VISUALBASICISFEATURES 3. ALTERINGPROPERTIES AT RUNTIME 4. ADDITIONALFEATURES

SAULT COLLEGE OF APPLIED ARTS &amp; TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE Course Title: System Prototvpina and Presentation I Course No.: CSD300 Program: Computer Proarammer/Analyst Semester: Five Author(s): Willem de Bruyne

432 views • 8 slides
Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management

Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management

10/13/2016 Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management Section Dr. Kobra Eghtedary, Director Michigan WIC Program Michigan Department of Health &amp; Human Services Overview Internet

677 views • 19 slides
Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik

Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik

Reykjavik University New Technology, T-611-NYTI, 2006-1 Teacher: lafur Andri Ragnarsson Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik University Gumundur Bjargmundsson T-611-NYTI, 2006-1

368 views • 15 slides
AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author:

AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author:

AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author: Filippo Tilaro Supervised by: Brice Copy Overview Scope &amp; Objectives IT &amp; Industrial Security Model Security Metrics &amp; Testing

327 views • 15 slides
Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded

Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded

Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded Software - TwinCAT on embedded Systems - HMI solutions on embedded systems Software TwinCAT TwinCAT System TwinCAT in embedded Systemen

290 views • 26 slides
Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download

Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download

Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download - Microsoft PowerPoint 2013 Microsoft PowerPoint 2013 15.0.4420.1017 PowerPoint Viewer 2010 1.0 received a PowerPoint presentation (in PPT format)

282 views • 4 slides

More recommend