Presentation is loading. Please wait.

Presentation is loading. Please wait.

Albeado - Enabling Smart Energy

Similar presentations


Presentation on theme: "Albeado - Enabling Smart Energy"— Presentation transcript:

1 Albeado - Enabling Smart Energy
SG Security Lifecycle Security needs to be architected early – not a later addition - Ad-hoc countermeasures are not scalable, robust or resilient Security Goals - Requirement Phase - Threat profile and Asset identification complete - Specification Phase - Security requirements complete, Compliance with Regulatory Requirements and Best Practices - Design Phase - Vulnerabilities identified and sufficient risk mitigation in design - Verification and Testing Phase - Vulnerabilities revealed and sufficient assurance achieved - Deployment Phase - Compliance/Certification complete, Risk mitigation sufficient - Operation Phase - Threats tracked, Acceptable Risk level maintained and policy compliance assured Albeado - Enabling Smart Energy

2 Example SG Security Practice Guideline
Software Engineering. for secure code - development process models - vulnerability scanning tools (e.g., Ounce lab) for open sourced/lib components - penetration simulation and formal analysis Systems Engineering for secure systems - Improve product quality – reduction of defects (hence vulnerability) Development of Security Specific Functional Components - e.g., Encryption, Authentication and Identification Enterprise server and storage - Prevent Loss and corruption (integrity) - Access Control (confidentiality, privacy) - Sustainability and recoverability (availability) Critical Information Exchange among SG devices/systems/boundaries - CLIENT-CERT authentication needed (through x.509 certificate) OR - Server CERT with Client username/password authentication is enough Albeado - Enabling Smart Energy

3 Risk Management Methodologies
1. Identify Critical Assets and Functions At Organizational, Product and Service levels 2. Assess - Threats to assets – threat modeling - System Vulnerabilities – attack tree and path modeling 3. Assess Security Risk - Threat agent and attack goal, vulnerability in the system and consequential damage - Confidentiality, Integrity, Availability and Privacy 4. Establish acceptable levels for such risks 5. Mitigate (known) risks and maintain levels 6. Maintain “situational awareness” to detect emerging risks (anomalous behavior/pattern?) Albeado - Enabling Smart Energy


Download ppt "Albeado - Enabling Smart Energy"

Similar presentations


Ads by Google