Markus Braendle, ABB Power Systems

Slides:

Advertisements

Similar presentations

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

Advertisements

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Introducing the Global Standard for Packaging and Packaging Materials Issue 4 Joanna Griffiths Packaging Technical Manager.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

SEMINAR on the EEA Financial Mechanism THE EUROPEAN COMMISSION DIRECTORATE- GENERAL REGIONAL POLICY Brussels 13 June 2005 Control and Audit Nicholas Martyn.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

Secretary of State Voting System Security Standards Juanita Woods Secretary of State Elections Division HAVA Information Security.

Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.

Chapter 4 of the Executive Guide manual

Michael Cagle and Holly Langer-Evans | Nov U.S. Department of Education 2012 Fall Conference FSA Assessments: Find It, Fix It, and Enhance Compliance.

Visit us at E mail: Tele:

© The McGraw-Hill Companies, Inc., 2003 McGraw-Hill/Irwin Slide 1-1 ACCOUNTING: Information for Decision Making Chapter 1.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

SEN 460 Software Quality Assurance. Bahria University Karachi Campus Waseem Akhtar Mufti B.E(C.S.E) UIT, M.S(S.E) AAU Denmark Assistant Professor Department.

Information day on EUROCONTROL Guidance Material on the application of Common Requirements for Service Provision SAFETY ASPECTS SAFETY ASPECTS  Juan Vázquez,

ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.

ISO 37001: Anti-Bribery Management System Standard

Dr. Ir. Yeffry Handoko Putra

Security and resilience for Smart Hospitals Key findings

Internal Audit White Paper

Government Internal Audit Career

ISO 37001: Anti-Bribery Management System Standard

Performing Risk Analysis and Testing: Outsource or In-house

CA 101 Certification and Registration

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

The Demand for Audit and Other Assurance Services

CSAE 3416 Views from a Service Provider FMI PD Day – May 19, 2016

EITAC Cybersecurity program and IT Security updates

Significance of ISO to the Food Industry

THE APPLICATION OF THE ISO 9001 AT THE SUPPORT FOUNDATION EUROPEAN SOCIAL FUND AGENCY IN LITHUANIA: ADVANTAGES AND ISSUES ARISING Jurgita Sakalyte SF ESFA.

Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.

GDPR Awareness and Training Workshop

Service Organization Control (SOC)

MODULE 2 INTRODUCTION TO GOVERNANCE AUDIT

HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

9/16/2018 The ACT Government’s commitment to Performance and Accountability – the role of Evaluation Presentation to the Canberra Evaluation Forum Thursday,

EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference

ISO 37001: Anti-Bribery Management System Standard

Transforming IT Management

BU IS GIG Chemical, Oil & Gas

ISO 37001: Anti-Bribery Management System Standard

What information is in the auditor and management letters in The J. M

Lockheed Martin Canada’s SMB Mentoring Program

Chapter 2 par Overview.

IS4680 Security Auditing for Compliance

ACCJC Standards Adopted june 2014.

Cyber security Policy development and implementation

ISO 9000 Dr. S. Thomas Foster, Jr..

ISO 37001: Anti-Bribery Management System Standard

Presentation to Project Certification Committee, DoIT August 24, 2008

An Update of COSO’s Internal Control–Integrated Framework

ISO 37001: Anti-Bribery Management System Standard

ACCREDITATION PROCESS

Software Project Management

ESS Management System SSM visit 24th October

Adoption of IPv6 Implementing the IPv6 protocol standard is essential for the Internet’s long-term growth. Introduction: The Internet operates by moving.

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security

Costanza Schivi - 9 April 2019

KEY INITIATIVE Internal Control and Technical Accounting

Process and Procedure Documentation

Awareness and Auditor training kit

ECA Quality Control Arrangements

Presentation transcript:

Markus Braendle, ABB Power Systems Certifying Control Systems Vendors' Security 2010 European Community SCADA and Process Control Summit © ABB Group November 21, 2018 | Slide 1

Compliance / Certification – The fundamentals Compliance or certification should never be the main goal of any security activity Compliance or certification should be natural step or a side effect of any sound security program (assuming the regulation / standard / certification program is reasonable) © ABB Group November 21, 2018 | Slide 2

Challenges with Certification Defining a true benchmark “The FSA (Functional Security Assessment) examines the device from the point of view of required security capability and correct implementation. Security capabilities may be supported directly by the device itself or may be explicitly allocated to higher level components that support the device in its intended system environment.” Source: ISASecure Embedded Device Security Assurance Certification If there is no true benchmark certification becomes useless for both vendors and end users © ABB Group November 21, 2018 | Slide 3

Challenges with Certification Consistent, invariable audits Results of audits should not never depend on auditor and his interpretation  requirements need to be unambiguous Results of audits should not depend on technical limitations of audit procedures Example: Device Robustness Testing does not always bring consistent results  Certify vendor’s process and policies on regularly performing robustness tests © ABB Group November 21, 2018 | Slide 4

Challenges with Certification Development costs and release schedules Certification must be economically reasonable ABB performs more than 120 robustness tests every year in its dedicated device security assurance (Re)Certification would be needed after (almost) every test run  Certify vendor’s process and policies © ABB Group November 21, 2018 | Slide 5

Challenges with Certification Gaining global acceptance Investing in certification is a significant effort for everyone, certification programs therefore need to have widespread, global acceptance  Certification programs must involve all stakeholders © ABB Group November 21, 2018 | Slide 6

Contact information Dr. Markus Braendle Division Cyber Security Manager Power Systems ABB Inc 940 Main Campus Drive Raleigh, NC 27606 Phone 919 856 2418 Mobile 919 780 8513 E-Mail: markus.braendle@us.abb.com © ABB Group November 21, 2018 | Slide 7 7