Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.

Slides:



Advertisements
Similar presentations
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
Advertisements

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber and Maritime Infrastructure
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
GSC: Standardization Advancing Global Communications 1 The New US-CCU Cyber-Security Check List SOURCE:U.S. Cyber Consequences Unit (Submitted by TIA)
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Lessons Learned in Smart Grid Cyber Security
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Dell Connected Security Solutions Simplify & unify.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Focus points 1.What major ICT changes and transformations are coming 2. What opportunities will these give to agriculture 3. What issues do we need to.
Insider Threat Nation States Cyber Crime Hactivist Cyber Terrorist IndustrializedHackers Dynamic Cyber Security Landscape Cyber Actors ThreatsThreats.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Keynote 9: Cyber Security in Emerging C4I Systems: Deployment and Implementation Perspectives By Eric J. Eifert, Sr. VP of DarkMatter’s Managed Security.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.
Surveillance and Security Systems Cyber Security Integration.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Risk management.
Presentation to the COIT Architecture Sub-Committee
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Capabilities Matrix Access and Authentication
Cyber Resilient Energy Delivery Consortium
Detection and Analysis of Threats to the Energy Sector (DATES)
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cyber Threat Intelligence Sharing Standards-based Repository
I have many checklists: how do I get started with cyber security?
Attacks on The Manufacturing Industry
Cybersecurity at PJM Jonathon Monken
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Four Generations of Security Devices Putting IDS in Context
Securing the Threats of Tomorrow, Today.
Cybersecurity compliance for attorneys
CRITICAL INFRASTRUCTURE CYBERSECURITY
Coordinated Security Response
Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018.
Cybersecurity Framework For Energy Sector
Managing IT Risk in a digital Transformation AGE
Cyber Security in a Risk Management Framework
New Challenges in Systems Safety - Themes
Cybersecurity at PJM Jonathon Monken
Capabilities Briefing
Security intelligence: solving the puzzle for actionable insight
UDTSecure TM.
NDIA DoD CIO Vision.
Presentation transcript:

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018

Exelon by the Numbers

Exelon - Real Time Systems Security Team Real Time Systems Security Engineering Real Time Systems Security & Compliance RTSS MISSION Industrial Control Systems Security Operations Center

Threats – ICS perspective Actors Nation States Insider Threat Our own good intentions Vectors/Vulnerabilities Supply Chain Direct Connection to the ICS Competing Priorities and Limited Resources

Common themes that create emerging threats Slow(er) upgrades to existing deployed technologies Increase in published vulnerabilities and exploit toolkits Common themes that create emerging threats Faster adoption of new technology into production environments Limited understanding of threat implications and mitigations

Impact to the Cyber Security Landscape Convergence of IT/OT Increasing Complexity Contributing drivers that either reduce or introduce threats

Innovative Practices – Defense and Response Trust, but Test Incident Response capabilities Доверяй, но проверяй Confidential Information

Trust, but TEST… Security Testing Facility Network Intrusion Detection Malicious Code Detection Forensics Security Event Monitoring Access Control Change Management Patch Management Penetration Testing Vulnerability Assessments

Incident Response Capability Before After Broad network monitoring Specialized network monitoring Multiple incident response plans 1 cyber security incident response plan Siloed functions dividing physical & cyber  Integrated physical & cyber responses Siloed response between IT & OT Integrated IT & OT incident response Corporate policy disconnected from practical procedures Corporate policies connected to department and hands-on IT responders Inclusion of OT responders

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.