Presentation is loading. Please wait.

Presentation is loading. Please wait.

Frameworks, Standards, Guidelines, and Best Practices

Published byGisela Glöckner Modified over 6 years ago

Similar presentations

Presentation on theme: "Frameworks, Standards, Guidelines, and Best Practices"— Presentation transcript:

1 Frameworks, Standards, Guidelines, and Best Practices
Dan Wagner, B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber Security WECC Reliability & Security Workshop San Diego, CA – October 23–24, 2018 who wants to make more money, promote, improve your job/role group effectiveness Western Electricity Coordinating Council

2 What frameworks teach us
Compliance to standards and best practices Defining, enhancing and managing enterprise identity and access management Definitions of threat and vulnerability management Identifying, defining, enhancing and managing application security controls How to Assess threats – vulnerabilities and associated tools Identify cyber and legal regulatory requirements to support compliance assessments How to build and deploy authorization processes Identify and address weaknesses in cloud strategies How to define and execute all stages of cybersecurity governance Identify the benefits and risks of virtualization How to distinguish technologies, e.g. Firewalls verses Network Security tools Perform cybersecurity, third & forth party risk assessments Defining and enhancing asset, configuration, change and patch management practices And more! Western Electricity Coordinating Council

3 Western Electricity Coordinating Council
Early Stages Western Electricity Coordinating Council

4 NIST, DRII, BCI, CSA, ISO, COBIT, VRMMM, SCRM, DAMA, ITIL, SDLC
Each of the above voluntary Frameworks present standards, guidelines, and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Western Electricity Coordinating Council

5 Western Electricity Coordinating Council

6 Western Electricity Coordinating Council

7 Western Electricity Coordinating Council
Constantly learning? Western Electricity Coordinating Council

8 Industry Advice 8

9 NIST, DRII, BCI, CSA, ISO, COBIT, VRMMM, SCRM, DAMA, ITIL, SDLC
Each of the above voluntary Frameworks integrate standards, guidelines, maturity models and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Western Electricity Coordinating Council

10 Frameworks, Standards, Guidelines, and Best Practice - Examples
Disaster Recovery Institute International (DRII) The Business Continuity Institute (BCI) The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK) VENDOR RISK MANAGEMENT MATURITY MODEL (VRMMM) Supply-Chain Risk Management (SCRM) Western Electricity Coordinating Council

11 Frameworks, Standards, Guidelines, and Best Practice - Examples
Framework for Improving Critical Infrastructure Cybersecurity and related news, information: Additional cybersecurity resources: Questions, comments, ideas: COBIT (Control Objectives for Information and Related Technologies) Capability Maturity Model Integration (CMMI) Western Electricity Coordinating Council

12 Disaster Recovery Institute Intl (DRII)
12

13 The Business Continuity Institute (BCI)
13

14 The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK)
14

15 Vendor Risk Management Maturity Model (VRMMM)
15

16 Supply Chain Risk Management (SRCM) Maturity Model
16

17 Framework for Analyzing the Pace of Technology Substitution
ADD radio comment to this slide content… 17

18 Professional Advice Cannot Predict 18

19 What is significant to your role
PLAY VIDEO - Los-Alamos NL-EMP-1MIN.mp4 Western Electricity Coordinating Council

20 The Business Continuity Institute (BCI)
20

21 The Business Continuity Institute (BCI)
21

22 BCI – PP1 22

23 BCI – PP1 (Policy and Program Management)
23

24 BCI – PP2 24

25 BCI – PP2 (Embedding Business Continuity)
25

26 BCI – PP3 26

27 BCI – PP3 (Analysis) Maximum tolerable period of disruption (MTPD), maximum acceptable outage (MAO), and recovery time objectives (RTOs) 27

28 BCI – PP4 28

29 BCI – PP4 (Design) 29

30 BCI – PP5 30

31 BCI – PP5 (Implementation)
31

32 BCI – PP6 32

33 BCI – PP6 (Validation) 33

34 Western Electricity Coordinating Council
Questions? Dan Wagner B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber Security Audits Western Electricity Coordinating Council 155 N 400 West Suite 200, Salt Lake City, UT 84103 Western Electricity Coordinating Council

Download ppt "Frameworks, Standards, Guidelines, and Best Practices"

Similar presentations

Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Project Management Methodology More about Quality Control.

Project Management Methodology More about Quality Control.
Consultancy.

Consultancy.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google