SlideShare a Scribd company logo

Integration of cyber security incident response with IMS -- an approach for E.O. 13636

David Sweigert
David Sweigert

Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework. NERC FERC CIP CIP-009 IMS NFPA 1600 CYBER SECURITY CISA CISSP PMP Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework. NERC FERC CIP CIP-009 IMS NFPA 1600 CYBER SECURITY CISA CISSP PMP

1 of 3
Download to read offline
1 Integration of cyber security incident response within holistic incident management systems to strengthen resiliency of the nation’s critical infrastructure Part two of a series June 2013 Author: Dave Sweigert, M.Sci., CISSP, CISA, PMP ABSTRACT Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework. Background In September 2010, a 30-inch diameter natural gas pipeline exploded near a residential neighborhood of San Bruno, California. A fire followed which quickly engulfed nearby homes. As the site was two miles West of San Francisco Airport initial responders believed a jetliner had crashed in the area. It took the private operator, PG&E, 90 minutes to shut off the gas after the explosion. Preventing severe incidents caused by technology is one of the goals of the White House as expressed in Executive Order 136361 . E.O. 13636 seeks to strengthen the protection of Critical Infrastructure and Key Resources 1 Executive Order -- Improving Critical Infrastructure Cybersecurity, 2/12/2013. See: Sec. 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure (CIKR)2 , albeit via voluntary compliance with a new Cybersecurity Framework (CSF)). E.O. 13636 seeks to “explore the use of existing regulation to promote cyber security” while “understanding the cascading consequences of infrastructure failures..3 ”. This paper intends to meld both goals to better explore ways in which existing policy frameworks can be leveraged to further particularize the CSF with practical solutions. 2 Critical Infrastructure: Assets, systems and networks, whether physical or virtual, so vital to the United States that the incapacity or destruction of such assets, systems or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those matters. Key resources: Publicly or privately controlled resources essential to the minimal operations of the economy and the government. 3 Presidential Policy Directive (PPD) 21
2 Industry check-box attitudes about cyber-security compliance Although CSF is voluntary in nature, some private sector operators of CIKR have voiced their concern that severe incidents may require cohesive and coordinated rapid response and recovery, which is not addressed by technology-based standards (see responses to the U.S. National Institute of Standards and Technology (NIST), Request for Information (RFI)4 ). Real CIKR resiliency may require examination of how an organization’s response capabilities align with public or private partners and understanding those functional interdependencies. In contrast, the Critical Infrastructure Protection (CIP)5 Reliability Standards program (a Bulk Electric System (BES) industry6 framework) has imposed a fine- based compliance scheme on the BES industry. CIP critics complain it is an administrative-based set of disjointed standards which foster a “check the box mentality” and has failed in achieving tangible “comprehensive and effective cybersecurity.”7 4 Docket No. 130208119-3119-01, Industry responses to NIST Request for Information. 5 North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Standards for Cyber Security 6 http://www.nerc.net/standardsreports/standardssu mmary.aspx 7 “Utilities are focusing on regulatory compliance instead of comprehensive security. The existing federal and state regulatory environment creates a culture within the utility industry of focusing on compliance with cybersecurity requirements, instead of a culture focused on achieving To illustrate, the static CIP standard 009, “Recovery Plans for Critical Cyber Assets8 ”, requires the creation of a “recovery plan” for “cyber assets”. CIP- 009 does not require integration of such a stand-alone recovery plan within the organization’s overall severe incident response. So, cyber-incident escalation triggers that activate other response plans may or may not be addressed. To be CIP-009 compliant, an entity only needs a cyber-incident response9 plan to react to cyber hygiene focused events; e.g. sabotage reporting, privilege escalation, security perimeter breaches, etc. However, a response team may need visibility into the cascading consequences caused by network or system outages on critical infrastructure and may need to understand when and how to trigger a larger response to the unfolding event. comprehensive and effective cybersecurity. Specifically, experts told us that utilities focusing on achieving minimum regulatory requirements rather than designing a comprehensive approach to systems security. In addition, one expert stated that security requirements are inherently incomplete, and having a culture that views the security problem as being solved once those requirements are met will leave an organization vulnerable to cyber attack. Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk.” United States Government Accountability Office, Electricity Grid Modernization Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed (Report to Congressional Requesters), GAO-11- 117 (Washington, DC: U.S. Government Accountability Office, January 2011), 23, http://www.gao.gov/products/GAO-11-117. 8 http://www.nerc.com/files/CIP-009-3.pdf 9 Computer Security Incident Response Capability (CSIRC) or team (as defined within NIST Special Publication 800- 61)
3 Alignment of the CIP-009 plan with other planning documents may be a prudent objective; e.g. integration with the Emergency Operations Plan (governed by yet another BES standard, the EOP- 001 Emergency Operations Planning10 standard). Incident management system (IMS) a more fully integrated approach The National Infrastructure Protection Plan (NIPP) Energy Sector Specific Plan (2010) states as a goal the need to achieve “comprehensive emergency, disaster, and continuity of business planning”11 . Severe incident response can be managed with an incident management system (IMS) to “direct, control, and coordinate response and recovery operations.”12 An approach endorsed by Congress13 and the U.S. Department of Homeland Security14 is contained in the National Fire Prevention Association (NFPA) Standard 1600 (Disaster/Emergency Management and Business Continuity Programs); quoted in relevant part: 10 http://www.nerc.com/files/EOP-001-0_1b.pdf 11 2010 Energy Sector-Specific Plan, Page 8 12 National Fire Protection Standard 1600, Standard on Disaster/Emergency Management and Business Continuity Programs. 13 Intelligence Reform and Terrorism Prevention Act of 2004 14 June 2010, DHS Secretary Napolitano formally adopts NFPA 1600 as a standard. “..An IMS is designed to enable effective and efficient domestic incident management by integrating a combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure…” An IMS creates a response structure that can respond to dynamic conditions associated with severe incidents. It represents a doctrine and set of principles to organize response activities and capabilities. Summary Cyber-centric response activities can be integrated within an IMS approach to guide the creation of a holistic capability that can respond to severe incidents. NFPA 1600 may provide private and public operators with the guidance they need to integrate cyber-response plans into a holistic response framework. About the author: Dave Sweigert is a Certified Information Systems Security Professional, Certified Information Systems Auditor, Project Management Professional and holds Master’s degrees in Information Security and Project Management. He is a practitioner of IMS principles in his role as a volunteer Emergency Medical Technician and has attended more than 500 hours in IMS related training. He specializes in assisting organizations in institutionalizing NFPA 1600 into their cyber response plans.

Recommended

Cybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command SystemCybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
David Sweigert
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
David Sweigert
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:
CoreTrace Corporation
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
CoreTrace Corporation
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookJAMES E. McDONALD, PSNA
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636
David Sweigert
 
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
James McDonald
 

Recommended

Cybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command SystemCybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
David Sweigert
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
David Sweigert
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:
CoreTrace Corporation
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
CoreTrace Corporation
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookJAMES E. McDONALD, PSNA
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636
David Sweigert
 
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
Whitepaper Best Practices For Integrated Physical Security Supporting Ma It...
James McDonald
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
GridCyberSec
 
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Andrew Storms
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiLindsey Landolfi
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
James McDonald
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
Nexon Asia Pacific
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
Motorola Solutions
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
Eoin Keary
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling Guide
Muhammad FAHAD
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
Paul Di Gangi
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
G Prachi
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
Ken M. Shaurette
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Audit fieldwork
Audit fieldworkAudit fieldwork
Audit fieldwork
Shaswat Khatiwada
 
Nanomedicina8
Nanomedicina8Nanomedicina8
Nanomedicina8
joanamatux
 
Auditoria ii
Auditoria iiAuditoria ii
Auditoria iisimuladocontabil
 

More Related Content

What's hot

2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
GridCyberSec
 
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Andrew Storms
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiLindsey Landolfi
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
James McDonald
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
Nexon Asia Pacific
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
Motorola Solutions
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
Eoin Keary
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling Guide
Muhammad FAHAD
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
Paul Di Gangi
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
G Prachi
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
Ken M. Shaurette
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Audit fieldwork
Audit fieldworkAudit fieldwork
Audit fieldwork
Shaswat Khatiwada
 

What's hot (20)

2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
 
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
Utility Networks Agile Response Capabilities - New Context at EnergySec 2019
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security Initiativesi
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling Guide
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best Practices
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program Assessments
 
Audit fieldwork
Audit fieldworkAudit fieldwork
Audit fieldwork
 

Viewers also liked

Nanomedicina8
Nanomedicina8Nanomedicina8
Nanomedicina8
joanamatux
 
Pixel Envy
Pixel EnvyPixel Envy
Pixel Envy
SimoReid
 
Nanomedicina6
Nanomedicina6Nanomedicina6
Nanomedicina6
joanamatux
 
Nanomedicina10
Nanomedicina10Nanomedicina10
Nanomedicina10
joanamatux
 
EEOOII Informe Final PEL
EEOOII Informe Final PELEEOOII Informe Final PEL
EEOOII Informe Final PELmluisao
 
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
PUGNATORIUS Ltd.
 
La "modernización" de la responsabilidad civil
La "modernización" de la responsabilidad civilLa "modernización" de la responsabilidad civil
La "modernización" de la responsabilidad civilMiquel Martin-Casals
 
Spoken Word - BBC Presentation
Spoken Word - BBC PresentationSpoken Word - BBC Presentation
Spoken Word - BBC Presentation
Spoken Word
 

Viewers also liked (9)

Nanomedicina8
Nanomedicina8Nanomedicina8
Nanomedicina8
 
Auditoria ii
Auditoria iiAuditoria ii
Auditoria ii
 
Pixel Envy
Pixel EnvyPixel Envy
Pixel Envy
 
Nanomedicina6
Nanomedicina6Nanomedicina6
Nanomedicina6
 
Nanomedicina10
Nanomedicina10Nanomedicina10
Nanomedicina10
 
EEOOII Informe Final PEL
EEOOII Informe Final PELEEOOII Informe Final PEL
EEOOII Informe Final PEL
 
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
Transfer Pricing Thailand - von Rechtsanwalt und Steuerberater in Bangkok, Th...
 
La "modernización" de la responsabilidad civil
La "modernización" de la responsabilidad civilLa "modernización" de la responsabilidad civil
La "modernización" de la responsabilidad civil
 
Spoken Word - BBC Presentation
Spoken Word - BBC PresentationSpoken Word - BBC Presentation
Spoken Word - BBC Presentation
 

Similar to Integration of cyber security incident response with IMS -- an approach for E.O. 13636

Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docxINITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
maoanderton
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
David Sweigert
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
IEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciIEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciFabio Massacci
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Government Technology and Services Coalition
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
LynellBull52
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
Rama Reddy
 
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
Power System Operation
 
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdfWHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
Fas (Feisal) Mosleh
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...
run_frictionless
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyScott Dickson
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
Ciente
 
July CLE Webinar material: Best Practices for Victim Response and Reporting o...
July CLE Webinar material: Best Practices for Victim Response and Reporting o...July CLE Webinar material: Best Practices for Victim Response and Reporting o...
July CLE Webinar material: Best Practices for Victim Response and Reporting o...
LexisNexis
 

Similar to Integration of cyber security incident response with IMS -- an approach for E.O. 13636 (20)

Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docxINITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
IEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciIEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-Massacci
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
 
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdfWHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
WHITE PAPER - The Importance of CIP in the Energy Sector v2.0.pdf
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
 
July CLE Webinar material: Best Practices for Victim Response and Reporting o...
July CLE Webinar material: Best Practices for Victim Response and Reporting o...July CLE Webinar material: Best Practices for Victim Response and Reporting o...
July CLE Webinar material: Best Practices for Victim Response and Reporting o...
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
David Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
David Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
David Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
David Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
David Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
David Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
David Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
David Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
David Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
David Sweigert
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
David Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 

Integration of cyber security incident response with IMS -- an approach for E.O. 13636

  • 1. 1 Integration of cyber security incident response within holistic incident management systems to strengthen resiliency of the nation’s critical infrastructure Part two of a series June 2013 Author: Dave Sweigert, M.Sci., CISSP, CISA, PMP ABSTRACT Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework. Background In September 2010, a 30-inch diameter natural gas pipeline exploded near a residential neighborhood of San Bruno, California. A fire followed which quickly engulfed nearby homes. As the site was two miles West of San Francisco Airport initial responders believed a jetliner had crashed in the area. It took the private operator, PG&E, 90 minutes to shut off the gas after the explosion. Preventing severe incidents caused by technology is one of the goals of the White House as expressed in Executive Order 136361 . E.O. 13636 seeks to strengthen the protection of Critical Infrastructure and Key Resources 1 Executive Order -- Improving Critical Infrastructure Cybersecurity, 2/12/2013. See: Sec. 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure (CIKR)2 , albeit via voluntary compliance with a new Cybersecurity Framework (CSF)). E.O. 13636 seeks to “explore the use of existing regulation to promote cyber security” while “understanding the cascading consequences of infrastructure failures..3 ”. This paper intends to meld both goals to better explore ways in which existing policy frameworks can be leveraged to further particularize the CSF with practical solutions. 2 Critical Infrastructure: Assets, systems and networks, whether physical or virtual, so vital to the United States that the incapacity or destruction of such assets, systems or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those matters. Key resources: Publicly or privately controlled resources essential to the minimal operations of the economy and the government. 3 Presidential Policy Directive (PPD) 21
  • 2. 2 Industry check-box attitudes about cyber-security compliance Although CSF is voluntary in nature, some private sector operators of CIKR have voiced their concern that severe incidents may require cohesive and coordinated rapid response and recovery, which is not addressed by technology-based standards (see responses to the U.S. National Institute of Standards and Technology (NIST), Request for Information (RFI)4 ). Real CIKR resiliency may require examination of how an organization’s response capabilities align with public or private partners and understanding those functional interdependencies. In contrast, the Critical Infrastructure Protection (CIP)5 Reliability Standards program (a Bulk Electric System (BES) industry6 framework) has imposed a fine- based compliance scheme on the BES industry. CIP critics complain it is an administrative-based set of disjointed standards which foster a “check the box mentality” and has failed in achieving tangible “comprehensive and effective cybersecurity.”7 4 Docket No. 130208119-3119-01, Industry responses to NIST Request for Information. 5 North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Standards for Cyber Security 6 http://www.nerc.net/standardsreports/standardssu mmary.aspx 7 “Utilities are focusing on regulatory compliance instead of comprehensive security. The existing federal and state regulatory environment creates a culture within the utility industry of focusing on compliance with cybersecurity requirements, instead of a culture focused on achieving To illustrate, the static CIP standard 009, “Recovery Plans for Critical Cyber Assets8 ”, requires the creation of a “recovery plan” for “cyber assets”. CIP- 009 does not require integration of such a stand-alone recovery plan within the organization’s overall severe incident response. So, cyber-incident escalation triggers that activate other response plans may or may not be addressed. To be CIP-009 compliant, an entity only needs a cyber-incident response9 plan to react to cyber hygiene focused events; e.g. sabotage reporting, privilege escalation, security perimeter breaches, etc. However, a response team may need visibility into the cascading consequences caused by network or system outages on critical infrastructure and may need to understand when and how to trigger a larger response to the unfolding event. comprehensive and effective cybersecurity. Specifically, experts told us that utilities focusing on achieving minimum regulatory requirements rather than designing a comprehensive approach to systems security. In addition, one expert stated that security requirements are inherently incomplete, and having a culture that views the security problem as being solved once those requirements are met will leave an organization vulnerable to cyber attack. Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk.” United States Government Accountability Office, Electricity Grid Modernization Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed (Report to Congressional Requesters), GAO-11- 117 (Washington, DC: U.S. Government Accountability Office, January 2011), 23, http://www.gao.gov/products/GAO-11-117. 8 http://www.nerc.com/files/CIP-009-3.pdf 9 Computer Security Incident Response Capability (CSIRC) or team (as defined within NIST Special Publication 800- 61)
  • 3. 3 Alignment of the CIP-009 plan with other planning documents may be a prudent objective; e.g. integration with the Emergency Operations Plan (governed by yet another BES standard, the EOP- 001 Emergency Operations Planning10 standard). Incident management system (IMS) a more fully integrated approach The National Infrastructure Protection Plan (NIPP) Energy Sector Specific Plan (2010) states as a goal the need to achieve “comprehensive emergency, disaster, and continuity of business planning”11 . Severe incident response can be managed with an incident management system (IMS) to “direct, control, and coordinate response and recovery operations.”12 An approach endorsed by Congress13 and the U.S. Department of Homeland Security14 is contained in the National Fire Prevention Association (NFPA) Standard 1600 (Disaster/Emergency Management and Business Continuity Programs); quoted in relevant part: 10 http://www.nerc.com/files/EOP-001-0_1b.pdf 11 2010 Energy Sector-Specific Plan, Page 8 12 National Fire Protection Standard 1600, Standard on Disaster/Emergency Management and Business Continuity Programs. 13 Intelligence Reform and Terrorism Prevention Act of 2004 14 June 2010, DHS Secretary Napolitano formally adopts NFPA 1600 as a standard. “..An IMS is designed to enable effective and efficient domestic incident management by integrating a combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure…” An IMS creates a response structure that can respond to dynamic conditions associated with severe incidents. It represents a doctrine and set of principles to organize response activities and capabilities. Summary Cyber-centric response activities can be integrated within an IMS approach to guide the creation of a holistic capability that can respond to severe incidents. NFPA 1600 may provide private and public operators with the guidance they need to integrate cyber-response plans into a holistic response framework. About the author: Dave Sweigert is a Certified Information Systems Security Professional, Certified Information Systems Auditor, Project Management Professional and holds Master’s degrees in Information Security and Project Management. He is a practitioner of IMS principles in his role as a volunteer Emergency Medical Technician and has attended more than 500 hours in IMS related training. He specializes in assisting organizations in institutionalizing NFPA 1600 into their cyber response plans.