Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Slides:

Advertisements

Similar presentations

Course: e-Governance Project Lifecycle Day 1

Advertisements

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

Bill Newhouse Two Government Cybersecurity Initiatives NIST.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

ISS IT Assessment Framework

Session 301 Factors in Assessing Risk Mitigation Actions Impact reducing the identified risks and vulnerabilities in the community Probability that each.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

The NIST Framework for Cybersecurity

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Enterprise Architecture

NCHRP 20-59(48): Effective Practices for The Protection of Transportation Infrastructure From Cyber Incidents Ron Frazier, David Fletcher Co-Principal.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

National Infrastructure Protection Plan (NIPP) Sector Specific Plan (SSP) AFDO Annual Meeting June 7, 2005 LeeAnne Jackson, Ph.D. Center for Food Safety.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

A National approach to Cyber security/CIIP: Raising awareness.

Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

CYBER SECURITY in UKRAINE NATO LIAISON OFFICE, KYIV

Key Leader Orientation 3- Key Leader Orientation 3-1.

CSI - Introduction ITIL v3.

How do organizations identify critical talent and capability gaps?

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Engaging Minds, Exchanging Ideas ENGAGING MINDS, EXCHANGING IDEAS An Analytic Framework to Support Open Collaboration Needs Assessment Dr Justin Lee Research.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

National Cybersecurity Strategies: Global Trends in Cyberspace Online Paper Presentation 2016 AU Graduate Student Conference September 17 Regner Sabillon,

Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.

Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017

BruinTech Vendor Meet & Greet December 3, 2015

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

EITS Planning & Decision Support

United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.

Enterprise Architecture Guide Project at MIT CSG Presentation 9/23/04 Jerry Grochow MIT’s ITAG team sponsored a six week initiative to document the.

USA Final Project Report

NIST Cybersecurity Framework

Cybersecurity EXERCISE (CE) ATD Scenario intro

ATD session 2: compliancy versus mission assurance

Cyber defense management

I have many checklists: how do I get started with cyber security?

8 Building Blocks of National Cyber Strategies

IT RISK MANAGEMENT ITS All Staff Meeting Jason Pufahl, CISO

The MITRE Corporation Team

Cyber Risk & Cyber Insurance - Overview

Cybersecurity ATD technical

Final Conference 18 Set 2018.

Cyber Security in a Risk Management Framework

Effective Risk Management in Decision Making Process

THE ROLE OF CYBERSECURITY IN THE ROMANIAN DEFENCE EDUCATIONAL SYSTEM

CYBERSECURITY IS A Business Issue

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Data Security and Privacy Techniques for Modern Databases

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

IT Management Services Infrastructure Services

Presentation transcript:

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY

Current TENACE framework

Block IDENTIFY Traceability matrix between NIST and TENACE deliverables Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

These can be identified in the case study – not directly included in the current framework (Deliverable 3) Amongst asset, focus (from case study) is cyber- physical system (SCADA, sensors, access control systems, …)

To be decided if we want to introduce the “Business Environment” in the framework (this is the organizational level) Not only ICT but also business related aspects: should we expand TENACE scope?

Security awareness/training is currently not part of the framework (best practises, regulatory aspects, etc. To be decided if we want to introduce the “Governance” in the framework See Deliverable 1.1 for some generic discussion on governance in protection of critical infrastructure

See Deliverable 1 (mainly section 2) others? Can be applied to the case study See Deliverable 1 section 2 See deliverable 2 Section 2 others? Can be applied to the case study ? ? NIST considers this as “static”: should it operate at runtime (in a dynamic fashion) within the TENACE framework? See Deliverable 2

See Deliverable 5 section 2 others? ? See Deliverable 3 (mitigation) Others?