Frameworks, Standards, Guidelines, and Best Practices

Slides:

Advertisements

Similar presentations

Cloud computing security related works in ITU-T SG17

Advertisements

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Dr. Julian Lo Consulting Director ITIL v3 Expert

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

Security Controls – What Works

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Project Management Methodology More about Quality Control.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Evolving IT Framework Standards (Compliance and IT)

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Water Security Updates & Initiatives Asset Management Workshop May 5, 2005 Presented by: Jim Wheeler Office of Wastewater Management U.S. Environmental.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.

Chapter 1: Security Governance Through Principles and Policies

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Business Continuity and Disaster Recovery

Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017

Dr. Yeffry Handoko Putra, M.T

Presenter: Mohammed Jalaluddin

The Cybersecurity Framework

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

EITS Planning & Decision Support

Information Technology Sector

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity Framework (NIST CSF) A Business Case.

Cybersecurity Policies & Procedures ICA

ATD session 2: compliancy versus mission assurance

San Francisco IIA Fall Seminar

I have many checklists: how do I get started with cyber security?

Information governance and information security

Understanding Existing Standards:

Deloitte Internal Audit

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

An Urgent National Imperative

Cyber System-Centric Approach To Cyber Security and CIP

Secretary for Information Security

Cyber Risk & Cyber Insurance - Overview

Nero Blanco Service Offering – Disaster Recovery as a Service

Panelists ASIS International – Dr. Marc Siegel, Security Management System Consultant, ASIS International Disaster Recovery Institute International (DRII)

How To Identify and Reduce Business Risk

GRC - A Strategic Approach

A Risk Management Approach to Business Continuity

Data Governance & Management Skills and Experience

IT Management Services Infrastructure Services

Cybersecurity: Audit Considerations

CYBER RISKS IN SECURITIES SERVICES

The state of digital supplier risk management: In partners we trust

Presentation transcript:

Frameworks, Standards, Guidelines, and Best Practices Dan Wagner, B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber Security WECC Reliability & Security Workshop San Diego, CA – October 23–24, 2018 who wants to make more money, promote, improve your job/role group effectiveness Western Electricity Coordinating Council

What frameworks teach us √ Compliance to standards and best practices Defining, enhancing and managing enterprise identity and access management Definitions of threat and vulnerability management Identifying, defining, enhancing and managing application security controls How to Assess threats – vulnerabilities and associated tools Identify cyber and legal regulatory requirements to support compliance assessments How to build and deploy authorization processes Identify and address weaknesses in cloud strategies How to define and execute all stages of cybersecurity governance Identify the benefits and risks of virtualization How to distinguish technologies, e.g. Firewalls verses Network Security tools Perform cybersecurity, third & forth party risk assessments Defining and enhancing asset, configuration, change and patch management practices And more! Western Electricity Coordinating Council

Western Electricity Coordinating Council Early Stages Western Electricity Coordinating Council

NIST, DRII, BCI, CSA, ISO, COBIT, VRMMM, SCRM, DAMA, ITIL, SDLC Each of the above voluntary Frameworks present standards, guidelines, and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Western Electricity Coordinating Council

Western Electricity Coordinating Council

Western Electricity Coordinating Council

Western Electricity Coordinating Council Constantly learning? Western Electricity Coordinating Council

Industry Advice 8

NIST, DRII, BCI, CSA, ISO, COBIT, VRMMM, SCRM, DAMA, ITIL, SDLC Each of the above voluntary Frameworks integrate standards, guidelines, maturity models and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Western Electricity Coordinating Council

Frameworks, Standards, Guidelines, and Best Practice - Examples Disaster Recovery Institute International (DRII) https://drii.org/ The Business Continuity Institute (BCI) https://www.thebci.org/ The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK) https://dama.org/content/body-knowledge VENDOR RISK MANAGEMENT MATURITY MODEL (VRMMM) https://sharedassessments.org/vrmmm/ Supply-Chain Risk Management (SCRM) http://www.scrlc.com/ Western Electricity Coordinating Council

Frameworks, Standards, Guidelines, and Best Practice - Examples Framework for Improving Critical Infrastructure Cybersecurity and related news, information: www.nist.gov/cyberframework Additional cybersecurity resources: http://csrc.nist.gov/ Questions, comments, ideas: cyberframework@nist.gov COBIT (Control Objectives for Information and Related Technologies) http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx Capability Maturity Model Integration (CMMI) https://cmmiinstitute.com/ Western Electricity Coordinating Council

Disaster Recovery Institute Intl (DRII) 12

The Business Continuity Institute (BCI) 13

The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK) 14

Vendor Risk Management Maturity Model (VRMMM) 15

Supply Chain Risk Management (SRCM) Maturity Model 16

Framework for Analyzing the Pace of Technology Substitution ADD radio comment to this slide content… 17

Professional Advice Cannot Predict 18

What is significant to your role PLAY VIDEO - Los-Alamos NL-EMP-1MIN.mp4 Western Electricity Coordinating Council

The Business Continuity Institute (BCI) 20

The Business Continuity Institute (BCI) 21

BCI – PP1 22

BCI – PP1 (Policy and Program Management) 23

BCI – PP2 24

BCI – PP2 (Embedding Business Continuity) 25

BCI – PP3 26

BCI – PP3 (Analysis) Maximum tolerable period of disruption (MTPD), maximum acceptable outage (MAO), and recovery time objectives (RTOs) 27

BCI – PP4 28

BCI – PP4 (Design) 29

BCI – PP5 30

BCI – PP5 (Implementation) 31

BCI – PP6 32

BCI – PP6 (Validation) 33

Western Electricity Coordinating Council Questions? Dan Wagner B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber Security Audits Western Electricity Coordinating Council 155 N 400 West Suite 200, Salt Lake City, UT 84103 dwagner@wecc.biz Western Electricity Coordinating Council