IEC and cyber security (June 2018)

The document discusses several challenges around ensuring cybersecurity and resilience of critical infrastructure systems. As infrastructure becomes more digitally connected and complex, it faces increased cyber vulnerabilities. Regulators need to provide clear requirements and assign accountability, while utilities must accept responsibility and make necessary investments to update their infrastructure. International standards like those from the IEC provide common platforms to encourage cooperation on these issues. The goal is to implement a "defense-in-depth" architecture using standards and frameworks like ISO/IEC 27000 series and IEC 62443 for industrial control systems.

Critical challenges
• Digital risks to critical
infrastructure?
• How to enhance digital
resilience?
• Who is responsible for
what?
• How to verify proper
implementation of
regulations?

Example: energy
Complexity is increasing:
+ More interconnection
+ More information exchange
+ Higher reliability, increased
control
+ Better interoperability
- Increased cyber
vulnerabilities

Roles and challenges
Regulators:
• Raise cyber security
awareness, assign
accountability, provide clear
requirements
Utilities:
• Accept responsibility, update
infrastructure, commit
necessary investment

Protecting cyber physical systems
Virtual world
Data
Identify, correct, protect
from constant attacks
Large surface for attacks
Physical world
Ensure physical function -
reliability, time and time
again - either/or
Narrow surface for attacks
ICT OT

Global risks, global approach
Prefer common platforms that
encourage cooperation and
avoid island solutions
IEC Standards:
• Global reach – 171 countries
• Members = countries
not companies
• Built-in high consensus value
• Neutral, independent
Provide input to standardization

Three axes of cyber security
Credit: Schneider Electric

ISO/IEC 27001/2 key clauses
= Unique Domains

Build to International Standards
Credit: Schneider Electric
IEC: 235 OT and ICT security related publications
IEC CA Systems also active in cyber security – helps regulators
verify implementation

Real-time visibility of threats
Credit: Schneider Electric

• IECEE solutions for the
cyber physical world
• IEC 62443 series for
Industrial Automation and
Control Systems (IACS)
builds on established
Standards - e.g., ISO/IEC
27000 series
• “Defense-in-depth”
architecture is the goal
IEC Security Infrastructure
Solution (SIS) – Cyber security

Most successful strategies :
• Site security evaluation
• Prioritization of “crown jewels”
• Risk assessment, layer of
protection analysis, security
assurance levels
• Exercise alert/detection
systems and personnel
• Disaster recovery
• Continuously re-evaluate and
strengthen
Defense-in-depth

With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe. Topics Covered in this Seminar Include: Overview Of Cyber Threat Introduction - ISA IEC Industrial Control Security Standards An Example - Advanced Persistent Threat (APT) ISA/IEC 62443-3-2 Network Separation - An APT countermeasure The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards ISA/IEC 62443 Cybersecurity Standards Current Efforts The Future of ISA/IEC 62443 Cybersecurity Standards

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)

Byres Security Inc.

This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.

Integrating the Alphabet Soup of Standards

Presented @ 2014 ICS Cyber Security Conference October 21, 2014 It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.

A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020

Jiunn-Jer Sun

Practical Approaches to Securely Integrating Business and Production

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

Open Platform for ICS Cybersecurity Research and Education

The CybatiWorks open platform serves as an educational environment for cyber-physical systems. The living laboratory platform uses low cost I/O, embedded devices, virtual machines and authentic automation protocols for participant cybersecurity education. The platform incorporates the Raspberry PI, PiFace I/O, Elenco Snap-Circuits, Fischertechnik components and an ICS-ified Kali Linux called CybatiWorks-1 to allow participants to build, break and cybersecure small control environments. CYBATI has performed years of research to develop this platform and is making it available for early access, school sponsorship and integrated education via the Kickstarter project announced during the session.

ISA/IEC 62443: Intro and How To

Presented: September 21, 2017 At: CS2AI, Washington, DC A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.

Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...

Presented @ Emerson Exchange October 7, 2014 Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.

This document discusses network reliability monitoring as a complement to network security monitoring (NSM) and security information and event management (SIEM) for industrial control systems. It notes that while NSM works well for monitoring traffic crossing between zones in ICS networks, it is less effective in lower level zones where most traffic remains internal. Network reliability monitoring provides an alternative by developing profiles of normal network traffic and scanning for deviations that could indicate issues. While complex algorithms are not needed, it requires strong protocol knowledge and root cause analysis can be difficult. Examples are given showing network reliability metrics and how man-in-the-middle attacks did not significantly impact traffic.

Contributing to the Development and Application of Cybersecurity Standards

Yokogawa1

As security threats evolve and adapt, so too must organizations’ responses to them. The development and application of cybersecurity standards in support of current and new generation industrial automation and control systems (IACS) are of fundamental importance. This presentation will provide practical and useful information on how cybersecurity standards are progressing and how they are applied. The initial focus will be on current activities in the development of the IEC 62443 IACS cybersecurity standards, and implications to the various stakeholders. An illustration will describe how to use the standards to frame the development of secure-by-design products and services, both current and future. Thereafter, the focus will shift to how IEC 62443 standards are used by other industry standards and securing IIoT and associated cloud systems. This is of particular importance in the context of the Open Process Automation Standard (O-PAS).

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Sean R. Bouchard, P.Eng

Cybersecurity in Industrial Control Systems (ICS)

Joan Figueras Tugas

Lessons Learned for a Behavior-Based IDS in the Energy Sector

This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM

Nist 800 82 ICS Security Auditing Framework

MarcoAfzali

This document discusses an investor opportunity involving auditing industrial control systems (ICS) for security compliance based on the NIST SP 800-82 framework. It highlights the standard's 16 sections for assessing ICS security and provides brief explanations of requirements under sections like planning/policy/procedures, administrative controls, access control, and network architecture. The document promotes CyberDNA as a trusted partner that can help organizations meet the various technical and policy requirements for securely auditing and protecting their ICS environments.

Effective Network Security Against Cyber Threats - Network Segmentation Techn...

Jiunn-Jer Sun

Primary ports can access all other ports, community ports can communicate within their group and with primary ports, and isolated ports can only communicate with their primary port. Korenix's private VLAN technology separates devices within a VLAN group to achieve higher security than traditional VLANs. It establishes three types of VLANs - primary, community, and isolated - to finely separate devices and limit traffic paths according to device behavior. Configuring a private VLAN involves creating the VLAN, assigning secondaries to primaries, and assigning ports, providing easier management than traditional VLAN tables.

ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...

The presentation covers assessment, implementation methodology, and current level of success for addressing four key objectives which are protecting the controls fieldbus (networks) from untrusted networks (domain), secure and safe remote support capability from both inside and outside of the company, control supplier access to manufacturing equipment when onsite, and protect manufacturing systems from Malware and intrusion. This system isn’t theoretical, it’s in broad use and full critical production. If the time and connectivity is available a quick remote access demonstration can be given. The presentation will wrap up with a series of thoughts and ideas that occur to me regarding security in general as I listen to other organizations and groups talking about various security needs and activities.

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.

Should I Patch My ICS?

The document discusses whether patching control systems is an effective security practice given the challenges of securing industrial control systems. It makes three key points: 1. Patching insecure-by-design devices provides minimal risk reduction since attackers can achieve their goals by exploiting legitimate system features rather than vulnerabilities. 2. Most industrial control systems operate within an insecure-by-design zone, so patching may not prevent attacks since attackers do not need to exploit systems to cause damage. 3. Many control system components have low impact even if compromised, so patching provides little benefit given the effort. Prioritizing patching for systems directly accessible from untrusted networks is recommended over broadly patching everything.

S4xJapan Closing Keynote

Cybersecurity for modern industrial systems

Itex Solutions

The document discusses cybersecurity for modern industrial systems. It outlines the history of control systems from early humans to modern technology. It notes current risks and threats that exploit weaknesses in these systems. The rapid growth of internet-connected devices poses challenges to ensuring stability. While virtually all cyber assets are vulnerable, cybersecurity expertise is in short supply. Achieving reliable safety requires standards, regulations, best practices, visibility of systems and sharing knowledge across industries and nations.

Active Directory in ICS: Lessons Learned From The Field

This document provides lessons learned from implementing Active Directory domains in control system environments. It covers topics like time synchronization, DNS, Active Directory replication, domain controller maintenance, backup and restore, user and group guidelines, and ICS group policy. The key lessons are: accurate time sync is critical; DNS configuration on domain controllers must include the loopback address; Active Directory replication links need to be properly configured; flexible single master operations roles should be transferred before domain controller maintenance; individual user accounts should be used instead of shared administrator accounts; and group policy can be used to apply security settings to control systems. The presentation provides guidance on best practices, common problems encountered, and their solutions.

What to Do When You Don’t Know What to Do: Control System Patching Problems a...

Community Protection Forum

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...

promediakw

The document discusses quality assurance as it relates to 80% of industrial control systems (ICS) cybersecurity. It provides context on ICS, noting differences from IT systems in priorities, requirements, and architectures. Major challenges are the many standards, unintentional incidents, and lack of experience needed for hackers. Addressing cybersecurity requires a balanced approach considering technology, people through training, and processes like standards. Quality assurance processes from both IT and ICS standards can help manage risks and maximize value when applied to ICS security.

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions

Honeywell

Hacker Halted 2016 - How to get into ICS security

Chris Sistrunk

DHS ICS Security Presentation

guest85a34f

The document provides an overview of control systems security from the perspective of the U.S. Department of Homeland Security. It discusses critical infrastructure sectors, risk drivers like modernization and globalization, vulnerability lifecycles, findings from control system assessments, and several cyber incidents involving control systems that impacted industrial operations. The department works to improve control system security through assessments, training, partnerships with industry, and developing guidance on topics like cyber forensics and firewall deployment.

Cyber Security: Differences between Industrial Control Systems and ICT Approach

This document discusses the differences between industrial control systems (ICS) and information technology (IT) in terms of cyber security. ICS are used in industrial production to control systems like SCADA and DCS, while IT refers to general business computing. Key differences are that ICS have stricter availability requirements, longer lifecycles, proprietary protocols and specialized software. The document also notes that modern ICS now leverage more off-the-shelf IT components and standards, making them more interconnected and vulnerable to cyber threats like hacking. Finally, it presents ABB's approach to ICS cyber security which includes assessment, first aid services, monitoring with Industrial Defender, and lifelong maintenance through assessment and training.

CSO CXO Series Breakfast

CSO_Presentations

This document contains a presentation on cloud security. It discusses how security approaches need to change to adapt to virtualized and cloud environments. Traditional security methods of provisioning separate security for each server need to change to more automated and workload-aware approaches. The presentation discusses how security can be provisioned automatically during resource provisioning. It also discusses how security capabilities can be managed efficiently at scale through continuous monitoring and vulnerability mitigation techniques. The presentation argues that securing data centers and extending their security to public clouds requires optimizing security to reduce the impact on resources. It outlines shared responsibilities between cloud providers and customers to ensure security. The presentation emphasizes that incident response still requires capabilities like digital forensics to fully investigate security compromises in virtual and

weyai cybersecurity.pptx

Weyai1

Comprehensive cybersecurity course providing essential knowledge and skills to protect against evolving threats. Covers threat analysis, secure coding, network defense, cryptography, incident response, and risk management. Hands-on labs and real-world case studies enhance practical understanding. Ideal for professionals seeking to fortify digital assets and safeguard sensitive information in today's interconnected world. join with us www.weyai.org

What's hot

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

Honeywell

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM

Contributing to the Development and Application of Cybersecurity Standards

Yokogawa1

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Sean R. Bouchard, P.Eng

Cybersecurity in Industrial Control Systems (ICS)

Joan Figueras Tugas

Lessons Learned for a Behavior-Based IDS in the Energy Sector

Nist 800 82 ICS Security Auditing Framework

MarcoAfzali

Effective Network Security Against Cyber Threats - Network Segmentation Techn...

Jiunn-Jer Sun

ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

Should I Patch My ICS?

S4xJapan Closing Keynote

Cybersecurity for modern industrial systems

Itex Solutions

Active Directory in ICS: Lessons Learned From The Field

What to Do When You Don’t Know What to Do: Control System Patching Problems a...

Community Protection Forum

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...

promediakw

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions

Honeywell

Hacker Halted 2016 - How to get into ICS security

Chris Sistrunk

DHS ICS Security Presentation

guest85a34f

Cyber Security: Differences between Industrial Control Systems and ICT Approach

What's hot (20)

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM

Contributing to the Development and Application of Cybersecurity Standards

Introduction to Industrial Cybersecurity for Water and Waste Water Operators

Cybersecurity in Industrial Control Systems (ICS)

Lessons Learned for a Behavior-Based IDS in the Energy Sector

Nist 800 82 ICS Security Auditing Framework

Effective Network Security Against Cyber Threats - Network Segmentation Techn...

ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

Should I Patch My ICS?

S4xJapan Closing Keynote

Cybersecurity for modern industrial systems

Active Directory in ICS: Lessons Learned From The Field

What to Do When You Don’t Know What to Do: Control System Patching Problems a...

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions

Hacker Halted 2016 - How to get into ICS security

DHS ICS Security Presentation

Cyber Security: Differences between Industrial Control Systems and ICT Approach

Similar to IEC and cyber security (June 2018)

CSO CXO Series Breakfast

CSO_Presentations

weyai cybersecurity.pptx

Weyai1

Security metrics 2

Manish Kumar

This document discusses security metrics and how they can be used to measure an organization's security posture over time. It begins by explaining why security metrics are important for benchmarking security investments, ensuring compliance, and identifying security issues. It then defines what a security metric is and provides examples of common metrics. The document outlines best practices for deciding which metrics to collect, how to collect them, and how metrics can be used to perform effective risk analysis and demonstrate the financial impact of security. It also provides a hypothetical example of creating security metrics for a point-of-sale system and calculating a risk score. Finally, it discusses challenges with security metrics and provides references for further reading.

Power Plants Security Webinar Presentation

Certrec

Certrec’s Fas Mosleh presents some of the biggest cyber threats currently targeting utilities. This webinar includes examples of attacks on utilities that have happened in recent years and action steps to prevent future breaches. As cyber-attacks from nation-state and domestic threats increase, it is important that power plants meet these threats to avoid costly reputational and equipment damage. For more, visit: https://www.certrec.com/

ePlus Managed Security Services

ePlus

Tech 2 Tech: increasing security posture and threat intelligence sharing

Jisc

The document discusses increasing the security posture of Janet-connected organizations. It proposes updating the Janet Security Policy to block high-risk inbound traffic by default, require annual security reviews, and allow proactive vulnerability scanning. A maturity model is suggested to help with reviews. It also proposes a Jisc Cyber Threat Intelligence Sharing Group using the open-source MISP platform to enable threat information sharing between participating organizations.

Protecting Your Business - All Covered Security Services

All Covered

All Covered is a nationwide provider of IT services and security. This presentation highlights the most essential factors that businesses need to be aware of when implementing their security plan. It shows how any company, regardless of size, is at risk with external, and internal, security threats. Whether you own a small, medium, or large business, IT security should be at the forefront of any discussion. It is better to be proactive and prevent an attack from happening than having to pick up the pieces after the damage has already been done to your business.

Secure Cloud Hosting: Real Requirements to Protect your Data

Great Wide Open

The document discusses securing data in the cloud. It covers many aspects of cloud security including physical security of data centers, perimeter security, virtual server security, supporting security services, secure administrative access, business continuity, and compliance. The presentation provides an overview of challenges for cloud consumers and providers and provides recommendations for a holistic security approach when using the cloud.

Security Issues of Cloud Computing

Falgun Rathod

What is the UK Cyber Essentials scheme?

IT Governance Ltd

Managed Security Services from Symantec

Arrow ECS UK

framework-version-1.1-overview-20180427-for-web-002.pptx

AshishRanjan546644

The document discusses version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity published by NIST in April 2018. It provides an overview of key additions and changes in version 1.1, including a new supply chain risk management category and subcategories, as well as clarified language for some existing subcategories. It also outlines NIST's role in developing cybersecurity standards and describes how organizations can use the Framework to manage cybersecurity risks by customizing profiles and conducting gap analyses.

Cloud Security Standards: What to Expect and What to Negotiate V2.0

Cloud Standards Customer Council

The document summarizes key points from a presentation on cloud security standards. It discusses the benefits of standards in promoting interoperability and regulatory compliance. It analyzes the current landscape of standards, including specifications, advisory standards, and security frameworks. It also provides recommendations for 10 steps customers can take to evaluate a cloud provider's security, including ensuring governance and compliance, auditing processes, managing access controls, and assessing physical infrastructure security. The document recommends cloud security standards and certifications customers should expect providers to support.

Stop Chasing the Version: Compliance with CIPv5 through CIPv99

Tripwire

For many energy companies, readying for compliance with the latest version of NERC Critical Infrastructure Protection (CIP) standards, whether they be v5, v6, v7 or beyond is not the first priority – delivering reliable energy to the BES is. So, how does a company deal not only with the impending changes of CIP v5, but do so in a manner that best positions them for compliance with future versions and secures their cyber environment? Join our live webcast on Thursday February 5 to hear from ICF, Tripwire, and AssurX industry experts who are helping organizations already grappling with the new and upcoming CIP requirements, implementing a risk based approach, the steps they are taking to get ahead of the curve, and addressing the uncertainty. Key Takeaways - Regarding Readiness for NERC CIPv5 (and beyond): •Best approaches for achieving compliance in a changing environment. (i.e. v5, v6, v7). •How to save time, resources, and achieve automation with practical guidance on compliance efforts for current and future CIP requirements. •Practical highlights and key controls from those already working on the most pressing issues.

Latest Developments in Cloud Security Standards and Privacy

Cloud Standards Customer Council

The document summarizes key points from a presentation on latest developments in cloud security standards and privacy. It discusses the benefits of standards, outlines some current security standards and frameworks, and provides recommendations for cloud customers to evaluate a cloud service provider's security capabilities. The presentation emphasizes that customers should ensure cloud providers support relevant security standards to ensure governance, risk management and regulatory compliance.

Cyber security general perspective a

marukanda

This document discusses cyber security from past, present, and future perspectives. It notes that cyber security has evolved from an immature field to one that will become more scientific and technology-centric over time. The document outlines key cyber threats such as botnets, targeted attacks, and the underground economy that supports them. It also summarizes India's cyber security strategy, noting the importance of legal frameworks, incident response, capacity building, research and development, and international collaboration to enhance cyber security.

IM Unit 4 Security and its a control.ppt

RAJESH S

This document discusses information systems security and control. It defines key concepts like vulnerability, threats, and attacks. It explains why systems are vulnerable through hardware and software problems, disasters, and network usage. The document outlines objectives to explain why systems need protection and evaluate security elements and frameworks. It discusses establishing management frameworks for security controls, creating a secure control environment, and addressing internet security challenges. Finally, it provides guidelines for user responsibilities and discusses management opportunities and challenges in securing systems.

MIS_Session05.pptx

AfricaRealInformatic

This document discusses security and control of information systems. It begins by outlining the objectives of explaining why information systems need protection, assessing the business value of security, and evaluating elements of an organizational framework for security. It then discusses challenges to information security including confidentiality, authentication, integrity, and availability. It also evaluates the business value of security by outlining legal requirements, risks of inadequate security, and the rising costs of security incidents. Finally, it examines elements of an organizational security framework including security policies, risk assessment, access controls, auditing, and ensuring business continuity.

Cybersecurity.pptx

John Donahue

This document provides an overview of cybersecurity topics including statistics on cyberattacks, common types of attacks, vulnerabilities, recent cyberattacks in the US and New Mexico, cybersecurity controls, frameworks, and initiatives. It begins with an agenda covering the internet landscape, statistics on 75% of attacks starting with email and global cybercrime costs reaching $10.5 trillion by 2025. Recent sections discuss the Colonial Pipeline and JBS Foods ransomware attacks, controls like strong passwords and encryption, the NIST Cybersecurity Framework, and potential state initiatives like a New Mexico cybersecurity agency. The presentation aims to raise awareness of cybersecurity risks and best practices.

3 Reasons Why the Cloud is More Secure than Your Server

Clio - Cloud-Based Legal Technology

The days of VPN, desktop practice management software and ftp file sharing have given way to online applications like Google Apps, Dropbox and online practice management solutions. Fast, cost-effective, and easy-to-use, law firms of all sizes are moving to cloud-based systems to run their operations. How secure is a cloud-based system though? Learn about: - Risks of servers and why securing data in the cloud is a better option - Procedures every law firm can use to make cloud data storage highly effective - How cloud applications can help firms meet strict statutory requirements

Similar to IEC and cyber security (June 2018) (20)

CSO CXO Series Breakfast

weyai cybersecurity.pptx

Security metrics 2

Power Plants Security Webinar Presentation

ePlus Managed Security Services

Tech 2 Tech: increasing security posture and threat intelligence sharing

Protecting Your Business - All Covered Security Services

Secure Cloud Hosting: Real Requirements to Protect your Data

Security Issues of Cloud Computing

What is the UK Cyber Essentials scheme?

Managed Security Services from Symantec

framework-version-1.1-overview-20180427-for-web-002.pptx

Cloud Security Standards: What to Expect and What to Negotiate V2.0

Stop Chasing the Version: Compliance with CIPv5 through CIPv99

Latest Developments in Cloud Security Standards and Privacy

Cyber security general perspective a

IM Unit 4 Security and its a control.ppt

MIS_Session05.pptx

Cybersecurity.pptx

3 Reasons Why the Cloud is More Secure than Your Server

More from International Electrotechnical Commission (IEC)

Enabling global trade and helping to address the energy challenge - the IEC h...

The large majority of all goods traded in the world today are electronic and electrical or depend on electrotechnology. Products are no longer “made in a country”; they are “made in the world”. Before they are consumed in one market these products have traveled through many others. Countries are more interdependent than ever. Any country or company that wants to participate in these global value chains needs to work along universally accepted harmonized rules - in electrotechnology these are IEC International Standards. They are built on a global platform that brings together 165 countries and many thousand experts that represent national stakeholder needs at the global level in the IEC.

Product piracy in electronic components: IEC role in counterfeit avoidance

Enabling Smart Grids globally

Dr. Klaus Wucherer, President of the International Electrotechnical Commission (IEC), gave a keynote speech at the Smart Grid World Forum in Beijing, China on September 28, 2011. He provided an overview of the IEC, which has 163 member countries and nearly 10,000 experts globally working on standards. The IEC sets standards for electrical appliances, energy transmission, power generation including renewables, and other areas. It recognizes that the energy system needs to be redesigned using a smarter, systems-based approach with technologies like smart grids. The IEC's smart grid program coordinates standards development across multiple technical committees and provides a strategic framework. The IEC is heavily involved in major smart grid projects

The new economy and standards

The document announces that Jacques Régis, past president of the International Electrotechnical Commission (IEC), will be speaking at the World Electronics Forum at the Consumer Electronics Show in Las Vegas on January 9, 2011. It also notes that Dr. Tamotsu Nomakuchi, the former CEO of Mitsubishi Electric and chair of the Japanese Industrial Standards Committee and president of the National Institute of Advanced Industrial Science and Technology, will be attending.

Introduction to the IEC and its Smart Grid initiative

The document introduces the International Electrotechnical Commission (IEC) and its Smart Grid initiative. The IEC is an international standards organization for electrotechnology. It has formed Strategy Group 3 on Smart Grid to develop standards that achieve interoperability of smart grid devices through protocols and model standards. SG3 has developed a Smart Grid roadmap identifying relevant standards and future work. It also holds workshops bringing together technical committees to coordinate standards development and address gaps and overlaps. The IEC website provides information and resources on smart grid standards through its IEC zone on Smart Grid.

Global Markets, Global Standards

The IEC is an international standards organization with 162 member countries that develops standards for electric and electronic devices. It has developed many of the core smart grid standards to define specifications for safety, efficiency, interoperability, and more. The IEC has also published a white paper identifying areas for highest energy efficiency gains in the energy chain and actions needed like redesigning the chain and increasing electric energy use. It has launched a universally recognized Smart Grid Guide and offers a new Smart Grid Mapping Solution to help manage the portfolio of smart grid standards and provide focused answers to questions.

International standards facilitate international trade

Dr Klaus Wucherer, president of the International Electrotechnical Commission, gave a keynote address at the ABINEE TEC 2011 conference in São Paulo, Brazil on March 28, 2011. The address also recognized Dr Tamotsu Nomakuchi for his contributions as the former CEO of Mitsubishi Electric and as the Chair of the Council for the Japanese Industrial Standards Committee and President of the National Institute of Advanced Industrial Science and Technology.

Energy Efficiency: A 'new' energy source and its metrics