SlideShare a Scribd company logo

Cybersecurity Summit AHR20 Identify Totem

Cimetrics Inc
Cimetrics Inc

NIST Cybersecurity Framework - NIST Identify Function. Steve Fey - Totem Buildings “Know What You Have”

1 of 9
Download to read offline
NIST Identify Function Steve Fey - Totem Buildings “Know What You Have”
Overall Objectives ● Know what systems you have ● Understand the risks to the organization ● Establish policies and procedures to manage risk ● Assess risks and identify business impact ● Move from assessment to risk management
Asset Management ● What are the systems? ○ Building Automation ○ Lighting Control ○ Elevators ○ Access Control ○ Video Surveillance ○ … and many other possibilities ● High level attributes for each system type ○ Manufacturer ○ Model ○ Installing contractor / service provider ○ Network ○ Software Revision
Business Environment ● How dependent is the organization on the functioning of its control systems? ● Understand what services and functions must be in place in order to respond to a cybersecurity attack / incident ● Define the organization’s role relative to the supply chain (i.e. who owns the problem and the response)
Governance ● Define and communicate the organization’s cybersecurity policy ● Establish roles and responsibilities both internally and externally ● Understand legal and regulatory requirements ● Cybersecurity processes align with the potential risks •“…80% of breaches are because of lack of basic processes, policies and procedures and employee/vendor mistakes. •www.itgovernance.co.uk
Risk Assessment ● Identify Control System Vulnerabilities ○ Out-of-date Software ○ Physical Location ○ Users improperly configured ○ Non-application software running on servers ● Identify Internal and External Threats ○ Malware ○ Hackers ○ Rogue Employees ● Identify business impacts and likelihoods ○ Downtime ○ Equipment damage ○ Compromised building access
Risk Management ● Risk Management Processes are Defined and in Place ○ Monitoring Systems (both manual and automated) ○ System and Supplier Audits ○ Life Cycle Management ○ Security Release Awareness ○ IT and OT Coordination ● Risk Tolerance and its Impact by System Type
Supply Chain Management ● Cybersecurity processes are defined and stakeholders identified ● Suppliers undergo risk assessment with criteria incorporated into contracts ● Suppliers are routinely audited to ensure compliance Cybersecurity supply chain management challenge is fundamentally more complicated with respect to the buildings controls industry ○ Highly fragmented ○ Follows the construction value chain ○ Day to day operations largely depend on contractor involvement

Recommended

Mr. Gavin Howes Curriculum Vitae
Mr. Gavin Howes Curriculum VitaeMr. Gavin Howes Curriculum Vitae
Mr. Gavin Howes Curriculum VitaeGavin Howes
 
Scope of work IT DD
Scope of work IT DDScope of work IT DD
Scope of work IT DD
Ivan Piskunov
 
Additional Skills
Additional SkillsAdditional Skills
Additional SkillsRavi Bandekar
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses Resolver
Resolver Inc.
 
ISO 27001 Lead Auditor with Net Security Training
ISO 27001 Lead Auditor with Net Security Training ISO 27001 Lead Auditor with Net Security Training
ISO 27001 Lead Auditor with Net Security Training
Drew Kahrs
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
Cimetrics Inc
 
ClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPRClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPR
Mike Peter
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 

Recommended

Mr. Gavin Howes Curriculum Vitae
Mr. Gavin Howes Curriculum VitaeMr. Gavin Howes Curriculum Vitae
Mr. Gavin Howes Curriculum VitaeGavin Howes
 
Scope of work IT DD
Scope of work IT DDScope of work IT DD
Scope of work IT DD
Ivan Piskunov
 
Additional Skills
Additional SkillsAdditional Skills
Additional SkillsRavi Bandekar
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses Resolver
Resolver Inc.
 
ISO 27001 Lead Auditor with Net Security Training
ISO 27001 Lead Auditor with Net Security Training ISO 27001 Lead Auditor with Net Security Training
ISO 27001 Lead Auditor with Net Security Training
Drew Kahrs
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
Cimetrics Inc
 
ClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPRClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPR
Mike Peter
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
Kapil Rajpurohit
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
Jim Kaplan CIA CFE
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
Intruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsIntruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in Cryptosystems
VelanSalis
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
dotco
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An Overview
Afaq Mansoor Khan
 
RA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilitiesRA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilities
LemarFrancis1
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
Vi Tính Hoàng Nam
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
dotco
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
BSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfBSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdf
StevenJoeBiago
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
dotco
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365
Montrium
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
todd331
 
BrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptxBrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptx
Cimetrics Inc
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 

More Related Content

Similar to Cybersecurity Summit AHR20 Identify Totem

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
Kapil Rajpurohit
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
Jim Kaplan CIA CFE
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
Intruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsIntruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in Cryptosystems
VelanSalis
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
dotco
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An Overview
Afaq Mansoor Khan
 
RA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilitiesRA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilities
LemarFrancis1
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
Vi Tính Hoàng Nam
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
dotco
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
BSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfBSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdf
StevenJoeBiago
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
dotco
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365
Montrium
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
todd331
 

Similar to Cybersecurity Summit AHR20 Identify Totem (20)

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
Intruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsIntruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in Cryptosystems
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An Overview
 
RA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilitiesRA Lecture 2 requirements analysis facilities
RA Lecture 2 requirements analysis facilities
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
BSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfBSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdf
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 

More from Cimetrics Inc

BrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptxBrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptx
Cimetrics Inc
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 
Cybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet InternationalCybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet International
Cimetrics Inc
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover Tridium
Cimetrics Inc
 
Cybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMC
Cimetrics Inc
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cimetrics Inc
 
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t doWhat BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
Cimetrics Inc
 
BACnet and Metering
BACnet and MeteringBACnet and Metering
BACnet and Metering
Cimetrics Inc
 
Analytika educational and research facility case study
Analytika educational and research facility case study Analytika educational and research facility case study
Analytika educational and research facility case study
Cimetrics Inc
 
Jefferson University Currents
Jefferson University CurrentsJefferson University Currents
Jefferson University Currents
Cimetrics Inc
 
BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP
Cimetrics Inc
 
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
Cimetrics Inc
 
Bringing transparency to buildings.
Bringing transparency to buildings.Bringing transparency to buildings.
Bringing transparency to buildings.
Cimetrics Inc
 
IoT Affects BACnet How?
IoT Affects BACnet How?IoT Affects BACnet How?
IoT Affects BACnet How?
Cimetrics Inc
 
5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud
Cimetrics Inc
 
BACnet/IP good field implementation practices
BACnet/IP good field implementation practicesBACnet/IP good field implementation practices
BACnet/IP good field implementation practices
Cimetrics Inc
 
BACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons LearnedBACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons Learned
Cimetrics Inc
 
New England BACnet Users Meeting
New England BACnet Users MeetingNew England BACnet Users Meeting
New England BACnet Users Meeting
Cimetrics Inc
 
Building a BACnet Product
Building a BACnet ProductBuilding a BACnet Product
Building a BACnet Product
Cimetrics Inc
 
Analytika - Research University case study
Analytika - Research University case studyAnalytika - Research University case study
Analytika - Research University case study
Cimetrics Inc
 

More from Cimetrics Inc (20)

BrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptxBrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptx
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect Cimetrics
 
Cybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet InternationalCybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet International
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover Tridium
 
Cybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMC
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t doWhat BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
 
BACnet and Metering
BACnet and MeteringBACnet and Metering
BACnet and Metering
 
Analytika educational and research facility case study
Analytika educational and research facility case study Analytika educational and research facility case study
Analytika educational and research facility case study
 
Jefferson University Currents
Jefferson University CurrentsJefferson University Currents
Jefferson University Currents
 
BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP
 
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
 
Bringing transparency to buildings.
Bringing transparency to buildings.Bringing transparency to buildings.
Bringing transparency to buildings.
 
IoT Affects BACnet How?
IoT Affects BACnet How?IoT Affects BACnet How?
IoT Affects BACnet How?
 
5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud
 
BACnet/IP good field implementation practices
BACnet/IP good field implementation practicesBACnet/IP good field implementation practices
BACnet/IP good field implementation practices
 
BACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons LearnedBACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons Learned
 
New England BACnet Users Meeting
New England BACnet Users MeetingNew England BACnet Users Meeting
New England BACnet Users Meeting
 
Building a BACnet Product
Building a BACnet ProductBuilding a BACnet Product
Building a BACnet Product
 
Analytika - Research University case study
Analytika - Research University case studyAnalytika - Research University case study
Analytika - Research University case study
 

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 

Recently uploaded (20)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 

Cybersecurity Summit AHR20 Identify Totem

  • 1.
  • 2. NIST Identify Function Steve Fey - Totem Buildings “Know What You Have”
  • 3. Overall Objectives ● Know what systems you have ● Understand the risks to the organization ● Establish policies and procedures to manage risk ● Assess risks and identify business impact ● Move from assessment to risk management
  • 4. Asset Management ● What are the systems? ○ Building Automation ○ Lighting Control ○ Elevators ○ Access Control ○ Video Surveillance ○ … and many other possibilities ● High level attributes for each system type ○ Manufacturer ○ Model ○ Installing contractor / service provider ○ Network ○ Software Revision
  • 5. Business Environment ● How dependent is the organization on the functioning of its control systems? ● Understand what services and functions must be in place in order to respond to a cybersecurity attack / incident ● Define the organization’s role relative to the supply chain (i.e. who owns the problem and the response)
  • 6. Governance ● Define and communicate the organization’s cybersecurity policy ● Establish roles and responsibilities both internally and externally ● Understand legal and regulatory requirements ● Cybersecurity processes align with the potential risks •“…80% of breaches are because of lack of basic processes, policies and procedures and employee/vendor mistakes. •www.itgovernance.co.uk
  • 7. Risk Assessment ● Identify Control System Vulnerabilities ○ Out-of-date Software ○ Physical Location ○ Users improperly configured ○ Non-application software running on servers ● Identify Internal and External Threats ○ Malware ○ Hackers ○ Rogue Employees ● Identify business impacts and likelihoods ○ Downtime ○ Equipment damage ○ Compromised building access
  • 8. Risk Management ● Risk Management Processes are Defined and in Place ○ Monitoring Systems (both manual and automated) ○ System and Supplier Audits ○ Life Cycle Management ○ Security Release Awareness ○ IT and OT Coordination ● Risk Tolerance and its Impact by System Type
  • 9. Supply Chain Management ● Cybersecurity processes are defined and stakeholders identified ● Suppliers undergo risk assessment with criteria incorporated into contracts ● Suppliers are routinely audited to ensure compliance Cybersecurity supply chain management challenge is fundamentally more complicated with respect to the buildings controls industry ○ Highly fragmented ○ Follows the construction value chain ○ Day to day operations largely depend on contractor involvement