Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber and Maritime Infrastructure
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
GSC: Standardization Advancing Global Communications 1 The New US-CCU Cyber-Security Check List SOURCE:U.S. Cyber Consequences Unit (Submitted by TIA)
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Lessons Learned in Smart Grid Cyber Security
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
Information Systems Security Operations Security Domain #9.
Matt Bancroft Tutis Industrial Monday, 19 October 2015 © Tutis Fructis Ltd 2012.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Ali Alhamdan, PhD National Information Center Ministry of Interior
CARVER+Shock Vulnerability Assessment Tool “As Agile As the Enemy” The Foundation for Institutional Development.
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
UNCLASSIFIED The Open Group 01/07/10 Page-1 Kick-off Meeting for The Open Group Acquisition Cyber Security Initiative Ms. Kristen Baldwin Director, Systems.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.
Surveillance and Security Systems Cyber Security Integration.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Risk management.
Presentation to the COIT Architecture Sub-Committee
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Capabilities Matrix Access and Authentication
Cyber Resilient Energy Delivery Consortium
Detection and Analysis of Threats to the Energy Sector (DATES)
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cyber Threat Intelligence Sharing Standards-based Repository
I have many checklists: how do I get started with cyber security?
Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.
Cybersecurity at PJM Jonathon Monken
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Four Generations of Security Devices Putting IDS in Context
Securing the Threats of Tomorrow, Today.
CRITICAL INFRASTRUCTURE CYBERSECURITY
Coordinated Security Response
Cybersecurity Framework For Energy Sector
Managing IT Risk in a digital Transformation AGE
Cyber Security in a Risk Management Framework
New Challenges in Systems Safety - Themes
Cybersecurity at PJM Jonathon Monken
Capabilities Briefing
Security intelligence: solving the puzzle for actionable insight
UDTSecure TM.
Presentation transcript:

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018

Exelon by the Numbers

Exelon - Real Time Systems Security Team Real Time Systems Security Engineering Industrial Control Systems Security Operations Center Real Time Systems Security & Compliance RTSS MISSION

Threats – ICS perspective Actors Nation States Insider Threat Our own good intentions Vectors/Vulnerabilities Supply Chain Direct Connection to the ICS Competing Priorities and Limited Resources

Threats and Drivers Convergence of IT/OT Increasing Complexity Contributing drivers that either reduce or introduce threats

Common themes that create emerging threats Threat Evolution Slow(er) upgrades to existing deployed technologies Increase in published vulnerabilities and exploit toolkits Common themes that create emerging threats Faster adoption of new technology into production environments Limited understanding of threat implications and mitigations

Innovative Practices – Defense and Response Trust, but Test Incident Response capabilities Доверяй, но проверяй Confidential Information

Trust, but TEST… Security Testing Facility Network Intrusion Detection Malicious Code Detection Forensics Security Event Monitoring Access Control Change Management Patch Management Penetration Testing Vulnerability Assessments

Incident Response Capability Before After Broad network monitoring Specialized network monitoring Multiple incident response plans 1 cyber security incident response plan Siloed functions dividing physical & cyber  Integrated physical & cyber responses Siloed response between IT & OT Integrated IT & OT incident response Corporate policy disconnected from practical procedures Corporate policies connected to department and hands-on IT responders Inclusion of OT responders

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.