This presentation features the Risk Analysis Module of the Social Enterprise Learning Toolkit developed by Enterprising Non-Profits. The Toolkit offers a number of different learning modules and can be found on the enp website at www.enterprisingnonprofits.ca
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
An overview of the scale of the challenge and rational ways to cut that down to manageable and governable size. Slides compliment recent supplier security governance related posts on Infospectives.co.uk and LinkedIn.
Risk Management Plan Analysis PowerPoint Presentation Slides SlideTeam
Risk management is recognized as an integral component of good management and governance. So, use our risk management plan analysis PPT slideshow and identify potential risks related to your business organization. Our risk management plan analysis PowerPoint deck includes a set of pre-designed PPT slides which can help a business determine what their risks are in order to reduce their likelihood and provide a means for better decision-making in order to avoid future risk. When a business is aware of the potential risks that are associated with their business, it is easier to take steps to avoid them. Knowing the risks make it possible for the managers of the business to formulate a plan for lessening the negative impact of them. Apart from this, our risk management plan analysis presentation template is designed by keeping in mind the need for every organization. Just download and then share it with your audience. Encash your brilliance with our Risk Management Plan Analysis PowerPoint Presentation Slides. The coffers will continue to fill.
This presentation features the Risk Analysis Module of the Social Enterprise Learning Toolkit developed by Enterprising Non-Profits. The Toolkit offers a number of different learning modules and can be found on the enp website at www.enterprisingnonprofits.ca
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
An overview of the scale of the challenge and rational ways to cut that down to manageable and governable size. Slides compliment recent supplier security governance related posts on Infospectives.co.uk and LinkedIn.
Risk Management Plan Analysis PowerPoint Presentation Slides SlideTeam
Risk management is recognized as an integral component of good management and governance. So, use our risk management plan analysis PPT slideshow and identify potential risks related to your business organization. Our risk management plan analysis PowerPoint deck includes a set of pre-designed PPT slides which can help a business determine what their risks are in order to reduce their likelihood and provide a means for better decision-making in order to avoid future risk. When a business is aware of the potential risks that are associated with their business, it is easier to take steps to avoid them. Knowing the risks make it possible for the managers of the business to formulate a plan for lessening the negative impact of them. Apart from this, our risk management plan analysis presentation template is designed by keeping in mind the need for every organization. Just download and then share it with your audience. Encash your brilliance with our Risk Management Plan Analysis PowerPoint Presentation Slides. The coffers will continue to fill.
War in the 5th domain: Cyber Offensive CapabilityAhmed Al Enizi
Africa Security counter Terrorism organized by Oliver Kinross http://www.africasecuritycounterterrorism.com/
This presentation covers cyber offensive capabilities
BlackHat Europe 2010: SCADA and ICS for Security ExpertsJames Arlen
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories.
Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!!
And because they don't know what the hell they're talking about - 'fake it till ya make it' doesn't work - they're making all of us look stupid.
Let's sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: "I'm not an expert at everything, I can help some, may we work together on a solution?"
It's time to stop being a Cyber Idiot and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh - and make government agents have kittens. That's fun for everyone.
This presentation was given at BSides Las Vegas 2015.
The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional.
The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.
Quantitative Analysis (Language and Literature Assessment)Joy Labrador
Share the documents you have :) Learning Assessment this covers all the following:
-Criteria of A Good Test
-Validity
-Sub-classification of Validity
-Reliability
-Factors affecting Reliability
- Correlations
ENJOY READING!!!
Protecting Infrastructure from Cyber AttacksMaurice Dawson
The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don't know what the hell they're talking about -- 'fake it till ya make it' doesn't work -- they're making all of us look stupid.
Attendees will gain a practical level of knowledge sufficient to keep them from appearing foolish should they choose to opine on any of the various real issues stemming from Industrial Control or SCADA systems. Attendees will also feel embarrassed for something they've said, empowered to call out charlatans, and much less worried about cyberhackers unleashing cyberattacks which cybercause cyberpipelines and cybermanufacturing plants to cybergonuts and cybertakeovertheplanet using cybercookiesofdeath.
Presentation on findings of the annual survey of ICS Security professionals. Includes participant demographics, greatest ICS security threats, and security initiatives.
Cyber Security Threats to Industrial Control SystemsDavid Spinks
Every day we are hearing in the media of potential Cyber Security threats to Critical National Infrastructure such as power grids, airlines and nuclear power stations. David has spent over 40 years working in the ICS environments. He was invited to speak in London at the British Computer Society cyber event these are the slides.
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
Risk Vision explores the best practices and ROI of the most successful business risk-centric vulnerability management programs. Watch the full webcast here: https://youtu.be/gW_ZAFpTK20
'Determining The Ideal Security Measure' is Nugget 3 in the series 'Cyber Security Awareness Month 2017'. You must ensure that the best and cost effective measure applies...
Webinar | Risk management in asset managementStork
Slides behorende bij een webinar over de rol van risico management binnen asset management. Asset Management heeft immers als kerndoel om opbrengsten, kosten én risico’s met elkaar in balans te brengen. Kosten en opbrengsten zijn vaak duidelijke grootheden; maar hoe neem je risico’s mee in deze driehoek?
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
1.
2. Agenda
• Risk Management
• Challenges In Deploying Technical Risk
Treatment Controls For SCADA System
• Developing Incidents Response And
Remediation Plans
• Best Practice Strategies To Prevent Worm And
Virus Threats
Managing the Security Risks of Your SCADA
3/21/2012 2
System
3. Risk Management
• Risk Management in general
• Before we can do risk assessment we have to
understand Risk
• We have to know some definitions first
• What is the relation between these definitions?
• Risk management concept
• The two Risk assessment methodologies
• Basic risk management requirements
• Example from ISO27001
Managing the Security Risks of Your SCADA
3/21/2012 3
System
4. Risk Management in General
• Risk management is a proven framework that
does the following
1. Schedule risk assessments during the year
2. Defines risk assessment methodology
– Defines Risk Evaluation Criteria
– Defines Risk Acceptance criteria
3. Defines a process for closing risk assessment
findings.
Managing the Security Risks of Your SCADA
3/21/2012 4
System
5. Some Definitions Related to Risk
• What is risk? Risk is the likelihood of an action on a
weakness resulting an impact
• Threat is a potential danger
• Vulnerability is a known weakness
• Exposure is the opportunity for a threat to cause impact
• Controls are administrative, technical, or physical measures
taken to mitigate a risk
• Safeguards are controls applied before the fact (prevent,
detect, Deterrent, Directive)
• Counter Measures are controls applied after the fact
(Corrective, Recovery, Compensating)
Managing the Security Risks of Your SCADA
3/21/2012 5
System
6. What is the relation between these
definitions?
Risk
Weakness/ Counter Technical Business
Threat Source Vulnerability Safeguards Assets
Measures Impact Impact
Threat Agent
Attack / Exploit Exposure Compromised
Asset Controls
Threat Based OWSAP Model
Managing the Security Risks of Your SCADA
3/21/2012 6
System
7. Risk management concept
CC Risk Management Concept Flow
Managing the Security Risks of Your SCADA
3/21/2012 7
System
8. The two Risk assessment
Methodologies
• Two ways to calculate the Risk, Consequences
Qualitative and Quantitative risk
Catastrophic
Insignificant
analysis
Moderate
• Qualitative Risk analysis: We predict
Minor
Major
the level of risk
• We use this approach when we are Likelihood 1 2 3 4 5
unable to accurately calculate asset A (almost certain) H H E E E
value B (likely) M H H E E
• Example: we define a scenario where C (possible) L M H E E
it is possible that a hacker can gain D (unlikely) L L M H E
access from the internet to a database E (rare) L L M H H
• Asset = database E Extreme Risk, immediate action
• Likelihood = 2 High Risk, action should be taken to
H
• Impact/consequences = 5 compensate
Moderate Risk, action should be
M
taken to monitor
Managing the Security Risks of Your SCADA
3/21/2012
System L Low Risk, routine acceptance of risk8
9. The two Risk assessment
methodologies cont.
• Quantitative Risk analysis: is the calculation of ALE
Annual Loss Expectancy = Annual Rate of Occurrence X
(Asset Value X Percent of Loss)
• Example: probability = 3, asset value = 1,478,390 , 60%
• ALE = 3 x (1,478,390 x 60% ) = 3 x 887,034 = 2,661,102
• ROI = ALE – security control cost
• ROI is the return on security investment, the amount of
money that will be saves from loss
Managing the Security Risks of Your SCADA
3/21/2012 9
System
10. Basic management requirements
• The board of directors need to agree on the following
– The scope of the risks that are going to be managed
– The type of risks such as financial risks, operational risks, technical and security risks, or
business risks related to the market, but in our case we are concerned about technical
and security risks
– Risk Assessment Methodology: OCTAVE (IT Risk), AS/NZ 4360, NIST, ISO27005, each one
of these methodologies certain steps for assessing risk.
• Risk Evaluation Criteria: either we go with quantitative or qualitative risk evaluation
or mix of both.
• Risk treatment criteria: we define the conditions under which we chose one of the
treatment strategy
– We accept the risk if it under the risk acceptance level and otherwise we :
– Transfer the risk to an assurance company or outsource from a managed
service provider
– Mitigate the risk by deploying controls
– Avoid the risk by canceling the whole business
Managing the Security Risks of Your SCADA
3/21/2012 10
System
11. ISO27001 Risk Management Example
• ISO27001 provides a generic way to manage risk:
1. Identify Assets
2. Identify threats to assets
3. Identify vulnerabilities that might be exploited by the
threats
4. Identify the impacts on the assets
5. Analyze and evaluate the risks.
6. Identify the treatment of risks (accept, transfer, avoid,
mitigate)
7. Select control objectives and controls
8. Follow PDCA cycle.
Managing the Security Risks of Your SCADA
3/21/2012 11
System
12. Challenges In Deploying Technical Risk
Treatment Controls For SCADA System
• We assume that a risk assessment had been done and
security controls objectives have been selected,
• Part of the challenges we might face:
– Choosing a security control compatible with SCADA and able to
understand its traffic, a security control should protect the service
without impacting it
– The geographical distance impacts support, maintenance, and
operation
– Solve the communication bandwidth problem, because we need in
real time monitoring and control
Managing the Security Risks of Your SCADA
3/21/2012 12
System
13. Developing Incidents Response And
Remediation Plans
• Why do we need a plan for response
– Because we need to be prepared to effectively solve
different kinds of problem in the shortest time possible in
order to reduce the impact and prevent disturbance.
• The NIST Special Publication 800-61 “Computer
Security Incident Handling Guide”
• first the definitions then we are going to look into
policy, plan, and process.
• Security incident is a violation of policy. Virus infection,
password brut-force
• An event is any observable occurrence in a system or
network, example failed authentication.
Managing the Security Risks of Your SCADA
3/21/2012 13
System
14. Developing Incidents Response And
Remediation Plans
• In order to build an effective incident respond we have to
define the policy, plan, and procedure
• The policy should
– Define the scope of incidents that are going to be handled
– Define what will be considered security incident and its impact
on the company
– Define response and remediation requirements
– Defines roles and responsibilities and level of authority given to
the response team in case of each incident kind
– Defines incident severity rating
– Defines response and remediation KPI
– Defines the escalation procedure for each kind of incident
– Defines incident alerting and reporting requirements
Managing the Security Risks of Your SCADA
3/21/2012 14
System
15. Developing Incidents Response And
Remediation Plans, Cont.
• The incident response plan should :
– Define the approach for incident response
– Implement the capabilities need to provide incident response service
to the company and per its requirements defined in the policy.
– Define the resources and management support needed to enable the
capabilities
– Defines how the KPI are measured
– Implement incident reporting and alerting and escalation capability
– Define how the incident response capabilities are coordinated and
communicated inside the company
– Define an incident response and remediation procedure for each kind
of incident and the procedure should consider the severity of the
incident
Managing the Security Risks of Your SCADA
3/21/2012 15
System
16. Developing Incidents Response And
Remediation Plans, Cont.
• The incident response and remediation
procedure should:
– React based on the severity of the incident.
– Reliable and effective and efficient
– Detailed and supported with checklists
Managing the Security Risks of Your SCADA
3/21/2012 16
System
17. Developing Incidents Response And
Remediation Plans, Cont.
• Incident response lifecycle
1. Preparation
1. Preparing the team by training and drills.
2. Providing the needed tools and logistics to carryout response capabilities.
2. Detection and analysis
1. Accurate detection by filtering out false positives and false negatives
2. Incident categorization, identifying the category leads to choosing the right response procedure
3. Incident analysis, finding the root cause, related and impacted assets
4. Incident documentation involves recording of all facts in a secure system that will help us keeping
track of incident developments
5. Incident prioritization, simply prioritizing incidents based on their severity
6. Incident notification involves alerting related persons in the company to take action
3. Response action:
1. Choosing a containment strategy in order to stop it from spreading to other assets
2. Gather evidence for forensics investigations, tag them and bag them
3. solve the problem, and recover the system if needed
4. Post-incident activity
1. Lesson learned documentation and meeting
Managing the Security Risks of Your SCADA
3/21/2012 17
System
18. Best Practice Strategies To Prevent
Malicious code
• Defense in depth
– Choosing the right antivirus
– Antivirus infrastructure design and support
– Network security, firewall (risky ports) and IPS
– Email antivirus and spam protection
– Web content filtering and scan
– End point protection (new antivirus trend)
– Limiting user privileges
– Continuously patching the system and 3rd party software
– Force file integrity check
– Blocking USP, CDROM
– Hardening the system
– Dividing the network (security zones)
– Prevent user from installing software.
– NAC
Managing the Security Risks of Your SCADA
3/21/2012 18
System