Albeado - Enabling Smart Energy

Slides:



Advertisements
Similar presentations
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
By: Ashwin Vignesh Madhu
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.
SEC835 Database and Web application security Information Security Architecture.
EOSC Generic Application Security Framework
Information Security Update CTC 18 March 2015 Julianne Tolson.
Lessons Learned in Smart Grid Cyber Security
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Security Development Life Cycle Baking Security into Development September 2010.
Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities  Advanced Algorithms  Cyber Attack Detection and Machine.
Risk Assessment What is good about the Microsoft approach to threat modeling? What is bad about it? OCTAVE…  Advantage: ___________  Disadvantage: ___________.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
IS3220 Information Technology Infrastructure Security
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
Security and resilience for Smart Hospitals Key findings
Information Security, Theory and Practice.
Design for Security Pepper.
Patch Management Patch Management Best Practices
Compliance with hardening standards
Module 8: Securing Network Traffic by Using IPSec and Certificates
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Security Engineering.
Moving from “Bolt-on” to “Build-in” Security Controls
Specification of Countermeasures for CYRAIL
Enhanced alerting and collaborative incident management
Module 8: Securing Network Traffic by Using IPSec and Certificates
IS4680 Security Auditing for Compliance
The MobileIron® Threat Detection difference:
CS 575 – Drexel University – Fall 2007
Presentation transcript:

Albeado - Enabling Smart Energy SG Security Lifecycle Security needs to be architected early – not a later addition - Ad-hoc countermeasures are not scalable, robust or resilient Security Goals - Requirement Phase - Threat profile and Asset identification complete - Specification Phase - Security requirements complete, Compliance with Regulatory Requirements and Best Practices - Design Phase - Vulnerabilities identified and sufficient risk mitigation in design - Verification and Testing Phase - Vulnerabilities revealed and sufficient assurance achieved - Deployment Phase - Compliance/Certification complete, Risk mitigation sufficient - Operation Phase - Threats tracked, Acceptable Risk level maintained and policy compliance assured Albeado - Enabling Smart Energy

Example SG Security Practice Guideline Software Engineering. for secure code - development process models - vulnerability scanning tools (e.g., Ounce lab) for open sourced/lib components - penetration simulation and formal analysis Systems Engineering for secure systems - Improve product quality – reduction of defects (hence vulnerability) Development of Security Specific Functional Components - e.g., Encryption, Authentication and Identification Enterprise server and storage - Prevent Loss and corruption (integrity) - Access Control (confidentiality, privacy) - Sustainability and recoverability (availability) Critical Information Exchange among SG devices/systems/boundaries - CLIENT-CERT authentication needed (through x.509 certificate) OR - Server CERT with Client username/password authentication is enough Albeado - Enabling Smart Energy

Risk Management Methodologies 1. Identify Critical Assets and Functions At Organizational, Product and Service levels 2. Assess - Threats to assets – threat modeling - System Vulnerabilities – attack tree and path modeling 3. Assess Security Risk - Threat agent and attack goal, vulnerability in the system and consequential damage - Confidentiality, Integrity, Availability and Privacy 4. Establish acceptable levels for such risks 5. Mitigate (known) risks and maintain levels 6. Maintain “situational awareness” to detect emerging risks (anomalous behavior/pattern?) Albeado - Enabling Smart Energy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.