The document summarizes a presentation about helping utilities prepare for cybersecurity. It discusses the Cybersecurity Capability Maturity Model (C2M2) developed by the Department of Energy (DOE) to help organizations assess their cybersecurity practices. The C2M2 uses a maturity model approach with 10 domains and 4 maturity levels to evaluate an organization's cybersecurity capabilities. It also discusses how the C2M2 can be used to support implementation of the National Institute of Standards and Technology's Cybersecurity Framework.
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
To help organizations charged with providing the nation's financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack, the Commerce Department's National Institute of Standards and Technology (NIST) today released a Framework for Improving Critical Infrastructure Cybersecurity. The framework provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
To help organizations charged with providing the nation's financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack, the Commerce Department's National Institute of Standards and Technology (NIST) today released a Framework for Improving Critical Infrastructure Cybersecurity. The framework provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Here are some small steps to achieve ISO 27001 implementation.
I believe ISO 27001/2 is a key to establish security in the organizations and help the companies to keep the whole ISMS program running aligned with continues improvement.
As ISO 27001 has been identified by ICO and recognized by GCHQ/NCSC in the past as the key standard to support GDPR.
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Here are some small steps to achieve ISO 27001 implementation.
I believe ISO 27001/2 is a key to establish security in the organizations and help the companies to keep the whole ISMS program running aligned with continues improvement.
As ISO 27001 has been identified by ICO and recognized by GCHQ/NCSC in the past as the key standard to support GDPR.
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Cloud Security y en donde esta el pilotoCSA Argentina
E-GISART 2015 3er Edición - 18 de Junio de 2015
Nuestro destino estaba en nuestras manos, Éramos dueños de los firewalls, de la estructura de LAN/switching, etc.
Respondíamos por nuestro staff Y era nuestra cabeza la que definitivamente rodaba si las cosas salían mal.
Garantizar la seguridad ha sido una tarea dura y complicada. Entonces lo hicimos donde era tácticamente necesario para el negocio
Pero hoy por hoy lo necesario se amplio a la nube. La seguridad en la nube, en muchos casos es mejor que la que disponíamos en los sistemas tradicionales, porque los proveedores son capaces de proporcionar recursos, que resuelvan problemas de seguridad que los clientes no pueden afrontar. Sin embargo, la seguridad todavía sigue siendo un asunto importante. Pero se están revisando y trabajando en varios aspectos para estandarizar la misma a nivel global.
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCloudIDSummit
Jennifer Darwin, Senior Manager, Sallie Mae
Jennifer Darwin will discuss how Sallie Mae used identity management to address its compliance and security challenges. This identity governance case study will discuss how Sallie Mae was able to address more than 3,000 security controls (including FISMA and FFIEC regulations), while simultaneously eliminating critical security vulnerabilities associated with user access privileges, including SoD policy violations, entitlement creep and orphan accounts. She will also provide best practices to help companies achieve the same results.
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
Businesses are finding great benefits from the Cloud, and are moving towards the next step: Providing a unified way of consuming Cloud resources for their different business lines, branches and departments to use Cloud resources in a simplified way. This session will describe how the creation of a Cloud Catalogue will provide better control and visibility for the use of Cloud within an enterprise and how, once Cloud is within the fabrics of many products and services from providers, Cloud Catalogue is being seen as the next frontier.
Workshop on Identity & Access Management.cisoplatform
Workshop on Identity & Access Management.
(Introduction & Scope,Functional Modules,Taxonomy,Global Trends for Roadmap,Capability Maturity Models,Vendor Selection Criteria, Guide to Vendors in the Landscape, CPI Findings).
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
In 2009, the HITECH Act introduced an added level of complexity and opportunity. Specifically, increased regulations and requirements with associated penalties (cost and risk avoidance factor) as well as the opportunity for government reimbursement is driving many Healthcare provider organizations with consider IAM as a strategic initiative.
Audit and Compliance – External auditors wanted to know:
• ‘Who has access to what?’
• ‘Who approved the request?’
• ‘Is the access correct?’
An Easy question but, with thousands of staff members and hundreds of applications, it as an overwhelming burden and one that’s nearly impossible is Healthcare Providers don’t take a strategic long-term approach, and consume the properly aligned technology.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
At the EDIST 2017 the OEB outlined the upcoming Cyber Security Framework for all LDCs in Ontario. The official announcement is to be published sometime early March this year.
The Importance of Cybersecurity for Digital TransformationNUS-ISS
In the rapidly evolving landscape of digital transformation, the importance of cybersecurity cannot be overstated. As organizations embrace digital technologies to enhance their operations, innovate, and connect with customers in new and dynamic ways, they simultaneously become more vulnerable to cyber threats.
This talk will discuss the importance of having a well thought through approach in dealing with cybersecurity in the form of a strategy that lays out the various programmes and initiatives that will underpin a secure and resilient digital transformation journey. Not surprisingly, having a pool of well-trained cybersecurity personnel is one of the key ingredient in a cyber strategy as exemplified in Singapore's own national cybersecurity strategy.
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
This Cybersecurity webinar, the second in a series, addresses issues of importance to executive, technical, and academic professionals involved with managing and protecting Electric Utilities and Smart Grids worldwide. Technology and market challenges will be addressed, followed by cybersecurity approaches (including those used in Europe and US) and best practices. Three case studies, and legal and regulatory constraints, for architecting smart grids in a secure way also will be presented.
Certrec’s Fas Mosleh presents some of the biggest cyber threats currently targeting utilities. This webinar includes examples of attacks on utilities that have happened in recent years and action steps to prevent future breaches.
As cyber-attacks from nation-state and domestic threats increase, it is important that power plants meet these threats to avoid costly reputational and equipment damage.
For more, visit: https://www.certrec.com/
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
EnergyTech2015.com
Track 4 Session 3
RESILIENT APPLICATIONS
Moderator: Mike Delamare
Josh Long: Paper 1 - Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field
Brian Patterson: Paper 2 - The role of Direct Current micro-grids and data centers for efficiency and resilience
Irv Badr: Paper 3 - Managing Risk Factors in Critical Infrastructure
Cybersecurity Application Installation with no Shutdown Required webinar SlidesYokogawa1
These are the slide from the Yokogawa Cybersecurity Application Installation with no Shutdown Required webinar.
Yokogawa’s cybersecurity engineers can provide enhanced network architecture that is securely designed to limit traffic to machines running operating systems that are past end of life. Firewall installation and configuration, along with application whitelisting tools are two ways to reduce risk until such time as a migration to a supported OS is possible:
Transactive Energy (TE) can play a defining role in adapting and stabilizing today's grid for tomorrow. A follow-up to the Cross-DEWG Discussion on Transactive Energy session held in May at the SGIP Spring 2014 Members Meeting, this webinar continues the dialogue regarding this important game changer. SGIP is making this webinar event open and free to the public.
Understanding what it takes to achieve the goal of interoperable products is the starting point for utility engineers and program managers. This webinar is an introduction to the importance of testing and certification to minimize the cost and time needed to deploy power grid solutions.
Webinar Agenda:
Case study of Sacramento Municipal Utility District’s (SMUD) early experience with Home Area Network (HAN) device deployments, the extraordinary steps taken to achieve required product interoperability, and lessons learned.
Discussion of what it takes to achieve true interoperability, what resources are currently available, and how the SGTCC is contributing to these efforts.
Attendees will gain specific insight into the challenges of achieving interoperability and what standards and tools are available to help them be a more sophisticated buyers and or users of products that meet the interoperability criteria.
Decision-making is always a risky business for a Utility Executive. Every decision is open to being second-guessed, not only by your stockholders, but by regulatory commissions and consumer advocates. Technology decisions, particularly those that affect your electricity rate base are even more prone to this second-guessing process. The challenge is to make a decision that is based on facts that are known now, and anticipates future technology changes. This keynote describes how the Smart Grid Interoperabilty Panel helps utilities reduce risk and cost on their path to implementing and interoperable Smart Grid.
State and local regulators came together on this Smart Grid Interoperability Panel (SGIP) webinar to discuss key important issue to them. SGIP Member regulators discussed how they apply their SGIP experiences to improve on-the-job performance by saving valuable real-time Commission resources and better serve their constituents.
Participating Member State Commission representatives highlighted specific work of SGIP committees and sub-committees where involvement by state commissioners and their staff have yielded high impact results including the Business & Policy Domain Expert Working Group; Smart Grid Implementation Methods Committee; Smart Grid Cybersecurity Committee Privacy Subgroup; and the Priority Action Plan (PAP-20) for Green Button Energy Services Provider Interface Evolution.
Panelists were Commissioner Haque, Ohio Public Utilities Commission, Amanda Stallings, Staffer Ohio Public Utilities Commission, Chris Villarreal, Senior Regulatory Analyst, California Public Utilities Commission and Patrick Hudson, Smart Grid Section Manager, Michigan Public Service Commission. The session was moderated by Commissioner Nick Wagner, Iowa Utilities Board and SGIP Board Director representing the Stakeholders Group for State and Local Regulators (Category 19).
In addition, learn how the activities SGIP members pursue have important state and federal policy implications, such as:
Preparing guidance for the protection of consumer privacy and consumer access to electricity usage data;
Developing cybersecurity guidelines for standards that may be incorporated in power system reliability rules and critical infrastructure guidance;
Highlighting the utilities’ experiences, benefits and issues in implementation of interoperable Smart Grid systems; and
Identifying performance and reliability requirements for Smart Grid communications.
“How the Smart Grid Interoperability Panel (SGIP) Supports Electric Utilities, Regulators, Manufacturers and Integrators in 2014 to Ensure Electric Grid Reliability”. Also includes a look at 2014 SGIP activities and plans and an announcement of the 2014 Board of Directors.
SGIP hosted an eMeeting focused on Stakeholder Category 14: R&D and Academia.
Leading experts presented on the impact of Smart Grid research on future products and services and how research contributes to new solutions for interoperability for the Smart Grid ecosystem. The panel was moderated by Steve Widergren, Pacific Northwest National Laboratory. Joining Steve as panelists were Don Von Dollen, Electrical Power Research Institute; Michael Cohen, MITRE; Jason Veneman, MITRE; and Dennis Ray, Power Systems Engineering Research Center.
An appraisal on the various SGIP technical activities was presented, including updates on transactive energy, cybersecurity and Smart Grid Testing and Certification Committee and Smart Grid Implementation Methods Committee activities. An update was also given on a new Catalog of Standards entry to be voted on by SGIP Participating member organizations.
- See more at: http://www.sgip.org/sgip-presents-how-todays-power-grid-integration-choices-impact-figure-smart-grid-deployments-emeeting-on-september-26-2013/#sthash.8fzknMkc.dpuf
On August 15th, SGIP presented a state of the association address to member and non-member stakeholders. An overview of the NIST Smart Grid Program was provided as well as highlights of the many past quarter’s technical accomplishments were including the approval of the Priority Action Plan 22 and Electric Vehicle (EV) Fueling Submetering Requirements. In addition, the Project Management Office will have numerous ballots beginning in August and continuing through the end of year for Catalog of Standard entries. - See more at: http://www.sgip.org/sgip-updates-members-8152013/#sthash.SzFHOhau.dpuf
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Neuro-symbolic is not enough, we need neuro-*semantic*
Helping Utilities with Cybersecurity Preparedness: The C2M2
1. Accelerating Grid Modernization
More information available on SGIP.org
Helping Utilities with Cybersecurity Preparedness:
The C2M2
April 23, 2015
2. Accelerating Grid Modernization
More information available on SGIP.org
WELCOME
Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST)
Smart Grid Cybersecurity Committee Chair
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
3. Accelerating Grid Modernization
More information available on SGIP.org
Advancing grid modernization through standards innovation, gap
filling, interface definitions, and the creation of test frameworks.
Multi-stakeholder community with tight coupling to Standards
Setting Organizations (SSOs).
Disciplined, time-tested processes.
Accelerating Smart Grid Interoperability
The Smart Grid Interoperability Panel (SGIP) is a consortium
that securely accelerates and advances Grid Modernization
through interoperability and the leadership talents of its
members. SGIP prioritizes topics and issues set by the utilities,
independent power producers and industry members to
solution and drives innovation of Grid Modernization.
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
4. Accelerating Grid Modernization
More information available on SGIP.org
Agenda
• Welcome – Vicky Pillitteri, SGIP
• Main Presentation – Jason D. Christopher, DOE
• Questions & Answers
• SGIP Cybersecurity Update – Vicky Pillitteri
• Closing Reminders – Vicky Pillitteri
This meeting, and all SGIP activities, are governed by SGIP By-laws and policies - Intellectual Property Rights Policy and Antitrust Policy.
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
5. Accelerating Grid Modernization
More information available on SGIP.org
CYBERSECURITY CAPABILITY
MATURITY MODEL UPDATE
Jason D. Christopher
US Department of Energy
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
6. Accelerating Grid Modernization
More information available on SGIP.org
Defining Security
6
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
7. Accelerating Grid Modernization
More information available on SGIP.org
Aligning DOE Activities
7
Build a Culture of
Security
Training
Education
Improved
communication
within industry
Assess and Monitor
Risk
Electricity
Subsector
Cybersecurity
Capability
Maturity Model
Situational
Awareness Tools
Common
Vulnerability
Analysis
Threat
Assessments
Consequence
Assessments
Develop and
Implement New
Protective Measures
to Reduce Risk
Support
Cybersecurity
Standards
Development
Near-term
Industry-led
R&D projects
Mid-term
Laboratory
Academia
R&D projects
Long-term
Laboratory
Academia
R&D projects
Manage Incidents
NSTB (National
SCADA Test Bed)
Outreach
Cyber Exercises
Sustain Security
Improvements
Product upgrades
to address
evolving threats
Collaboration
among all
stakeholders to
identify needs and
implement
solutions
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
8. Accelerating Grid Modernization
More information available on SGIP.org
Introduction to the C2M2 Program
• Since June 2012,
hundreds of organizations
have used the C2M2.
• DOE has facilitated self-
evaluations for utilities
servicing an estimated 39
million US consumers.
• Recently expanded to
include oil & natural gas
organizations, as well as
stakeholders beyond the
energy sector
8
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
9. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 Program
9
ES-C2M2
Public-private collaborative
effort
Sector specific subject
matter expertise
Pilot evaluations
ONG-C2M2
Tested and refined for
ONG through ONG pilot
evaluations across
upstream, midstream, and
downstream ONG
companies.
C2M2
Without sector-specific
references or terms of art
Refined through the ONG
pilots, and also via cross-
sector outreach
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
10. Accelerating Grid Modernization
More information available on SGIP.org
The Approach: Maturity Model
10
Maturity Model Definition:
• An organized way to convey a path of
experience, wisdom, perfection, or
acculturation.
• The subject of a maturity model can be
an object or things, ways of doing
something, characteristics of
something, practices, or
processes.
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
11. Accelerating Grid Modernization
More information available on SGIP.org
Progression Model Examples
11
Progression for
Counting
Computer
Calculator
Adding machine
Slide rule
Abacus
Pencil and paper
Fingers
Progression for Authentication
Three-factor authentication
Two-factor authentication
Passwords change every 60 days
Strong passwords
Passwords
Progression
for Human
Mobility
Fly
Sprint
Run
Jog
Walk
Crawl
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
12. Accelerating Grid Modernization
More information available on SGIP.org
Capability Model Examples
12
Example 1
Practices are optimized
Practices are quantitatively managed
Practices are defined
Practices are managed
Practices are ad hoc
Example 3
Practices are shared
Practices are defined
Practices are measured
Practices are managed
Practices are planned
Practices are performed but ad hoc
Practices are incomplete
Example 2
Practices are externally integrated
Practices are internally integrated
Practices are managed
Practices are performed
Practices are initiated
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
13. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 Domain Descriptions
RM: Risk Management Establish, operate, and maintain an enterprise cybersecurity risk management program to identify,
analyze, and mitigate cybersecurity risk
ACM: Asset, Change, and
Configuration Management
Inventory, manage changes to, and manage configuration of technology assets, including OT
(operations technology), IT (information technology), hardware, and software
IAM: Identity and Access
Management
Create and manage identities for entities that may be granted logical or physical access to assets and
control such access
TVM: Threat and Vulnerability
Management
Establish and maintain plans, procedures, and technologies to detect, identify, analyze, manage, and
respond to cybersecurity threats and vulnerabilities
SA: Situational Awareness Establish and maintain activities and technologies to collect, analyze, alarm, present, and use
operational and cybersecurity information to form a common operating picture (COP)
ISC: Information Sharing and
Communications
Establish and maintain relationships with internal and external entities to collect and provide
cybersecurity information, including threats and vulnerabilities, to reduce risks and to increase
operational resilience
IR: Event and Incident Response,
Continuity of Operations
Establish and maintain plans, procedures, and technologies to detect, analyze, and respond to
cybersecurity events and to sustain operations throughout such events
EDM: Supply Chain and External
Dependencies Management
Establish and maintain controls to manage the cybersecurity risks associated with services and assets
that are dependent on external entities
WM: Workforce
Management
Establish and maintain plans, procedures, technologies, and controls to create a culture of
cybersecurity and to ensure the ongoing suitability and competence of personnel
CPM: Cybersecurity Program
Management
Establish and maintain an enterprise cybersecurity program that provides governance, strategic
planning, and sponsorship for cybersecurity activities
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
14. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 Model Architecture
CPM
CybersecurityProgram
Management
WM
WorkforceManagement
EDM
SupplyChainandExternal
DependenciesManagement
IR
EventandIncidentResponse,
ContinuityofOperations
ISC
InformationSharingand
Communications
SA
SituationalAwareness
TVM
ThreatandVulnerability
Management
IAM
IdentityandAccess
Management
ACM
Asset,Change,and
ConfigurationManagement
RM
RiskManagement
10 Model Domains: logical groupings of cyber security practices
— activities that protect operations from cyber-related disruptions
MIL 3
(advanced)
MIL 2
(intermediate)
MIL 1
(beginning)
MIL 0
4MaturityIndicatorLevels
MIL 1
practices
MIL 2
practices
MIL 3
practices
No
practices
Each domain
includes a
progression
of practices
from MIL 1
to MIL 3
MIL 2 & 3 practices are progressively more complete,
advanced, and ingrained; target levels should be set for each
domain based on risk tolerance and threat environment
MIL 1 practices are basic activities that any organization
may perform; these are the starting blocks
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
15. Accelerating Grid Modernization
More information available on SGIP.org
Organization of a Domain
15
Model
One or more per domain, unique to each domain
Approach objectives are supported
by a progression of practices that
are unique to the domain
Practices at MIL1
Practices at MIL2
Practices at MIL3
Approach Objectives
Domain
One per domain, similar in each domain
Each management objective is supported
by a progression of practices that are
similar in each domain and describe
institutionalization activities
Management Objective
Practices at MIL2
Practices at MIL3
Model contains 10 domains
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
16. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 Evaluation Tool & Method
• Since the program’s inception, DOE has maintained a free
tool for organizations to perform a C2M2 self-evaluation
• C2M2 self-evaluation workshops can be completed in a
single day with appropriately limited scope
• Output graphically summarizes implementation status for
each of the 312 practices in the model
16
Summary Results — exampleDonut chart key
Number of Largely
Implemented practices
Total number of practices
represented by the donut
Number of Partially
Implemented practices
Number of Not-
Implemented practices
Number of Fully
Implemented practices
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
17. Accelerating Grid Modernization
More information available on SGIP.org
NIST Cybersecurity Framework & C2M2
17
Executive Order 13636
Improving Critical Infrastructure Cybersecurity
Section 8(b)
“Sector-Specific Agencies, in consultation with the Secretary and other
interested agencies, shall coordinate with the Sector Coordinating Councils
to review the Cybersecurity Framework and, if necessary, develop
implementation guidance or supplemental materials to address sector-
specific risks and operating environments.”
• Working stakeholders from the sector, DOE collaborated to develop an
implementation guidance document addressing how C2M2 supports framework
implementation.
• Available for download at: http://energy.gov/oe/downloads/energy-sector-
cybersecurity-framework-implementation-guidance
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
18. Accelerating Grid Modernization
More information available on SGIP.org
NIST Cybersecurity Framework
Core Tiers Profile
Functions
Categories
Subcategories
Informative
References
IDENTIFY
PROTECT
DETECT
RESPOND
RECOVER
Tier 1: Partial
Ad hoc risk management
Limited cybersecurity risk awareness
Low external participation
Tier 2: Risk Informed
Some risk management practices
Increased awareness, no program
Informal external participation
Tier 3: Repeatable
Formalized risk management
Organization-wide program
Receives external partner info
Tier 4: Adaptive
Adaptive risk management practices
Cultural, risk-informed program
Actively shares information
Current Profile
Current state of alignment between
Core elements and organizational
requirements, risk tolerance, &
resources.
Where am I today relative to the
Framework?
Target Profile
Desired state of alignment between
Core elements and organizational
requirements, risk tolerance, &
resources.
Where do I aspire to be relative to
the Framework?
Roadmap
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
19. Accelerating Grid Modernization
More information available on SGIP.org
Framework Process
19
Step 1: Prioritize
and Scope
Step 2: Orient
Step 3: Create a
Current Profile
Step 4: Conduct a
Risk Assessment
Step 5: Create a
Target Profile
Step 6: Determine,
Analyze, and
Prioritize Gaps
Step 7: Implement
Action Plan
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
20. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 as a Framework Enabler
C2M2 Output
Step 1: Prioritize
and Scope
Step 2: Orient
Step 3: Create a
Current Profile
Step 4: Conduct a
Risk Assessment
Step 5: Create a
Target Profile
Step 6: Determine,
Analyze, and
Prioritize Gaps
Step 7: Implement
Action Plan
Select in-scope
assets and
requirements
Perform C2M2
self-evaluation
using C2M2 tool
Evaluate risk based
on C2M2 output
Create target profile
based on C2M2
Prioritize action
plan to achieve
target profile
Implement the
plan, use CSF &
C2M2 guidance
Source: Axio Global
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
20
21. Accelerating Grid Modernization
More information available on SGIP.org
C2M2 Mapping to CSF
CSF Core CSF Tiers
Functions
Categories
Subcategories
Informative
References
IDENTIFY
PROTECT
DETECT
RESPOND
RECOVER
CSF Tiers
Tier 1: Partial
Tier 2: Risk Informed
Tier 3: Repeatable
Tier 4: Adaptive
C2M2
Practices
MIL1
MIL2
MIL3
C2M2 C2M2
C2M2
Practices
MIL1
MIL2
MIL3
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
21
22. Accelerating Grid Modernization
More information available on SGIP.org
Defining Security
22
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
23. Accelerating Grid Modernization
More information available on SGIP.org
Resources
• Cybersecurity Framework and supporting
materials:
http://www.nist.gov/itl/cyberframework.cfm
• NIST Computer Security Resource Center:
http://csrc.nist.gov/
• C3 Voluntary Program: www.dhs.gov/ccubedvp
• C2M2 Program:
http://energy.gov/oe/cybersecurity-capability-
maturity-model-c2m2-program
23
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
24. Accelerating Grid Modernization
More information available on SGIP.org
QUESTIONS?
Jason D. Christopher, jason.christopher@doe.gov
Resource emails: C2M2@doe.gov; cyber.framework@doe.gov
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
25. Accelerating Grid Modernization
More information available on SGIP.org
SGCC UPDATE
Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST)
Smart Grid Cybersecurity Committee Chair
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
26. Accelerating Grid Modernization
More information available on SGIP.org
Cybersecurity Committee
The SGIP Cybersecurity Committee is collaborative forum that
develops resources that smart grid stakeholders can leverage to
help understand and manage cybersecurity risk.
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Cybersecurity
is a critical,
cross-cutting
issue for the
Smart Grid
27. Accelerating Grid Modernization
More information available on SGIP.org
2015 Progress
• Cybersecurity Frameworks Case Study
• Privacy Awareness Self-Assessment
• Published:
– Risk Management Process Case Study
• Continue:
– Collaboration with other smart grid and energy sector
communities/groups
– Cybersecurity reviews for SGIP Catalog of Standards
To learn more contact: victoria.pillitteri@nist.gov
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
28. Accelerating Grid Modernization
More information available on SGIP.org
SGIP Reminders
• May 12: Engaged in Conversation: Grid 3.0
– Register at SGIP.org/Webinars
• Past webinars and publications available on
SGIP.org under “Information Knowledge Base”
• Stay in Touch
– Twitter: @SGIPNews
– Join our LinkedIn Group
– Sign up for SGIP Newsletter, The Conductor
April 23, 2015 Helping Utilities with Cybersecurity Preparedness
29. Accelerating Grid Modernization
More information available on SGIP.org
THANK YOU FOR YOUR PARTICIPATION
A FOLLOW-UP EMAIL WILL BE SENT WITH LINK TO
RECORDING AND SUPPORTING MATERIALS
April 23, 2015 Helping Utilities with Cybersecurity Preparedness