Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Published bySherilyn Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011."— Presentation transcript:

1 Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011

2 © 2011 IBM Corporation2

3 3 What is Security? Is Security achievable? Where to begin? IBM has a long history in IT Security in the Banking, Financial Industry and Public Sector. What can one benefit from this expertise for Smart Metering? Only a in depth concept can reduce Security risks to an acceptable level. Manage Licensing Processes with Regulators Corporate Compliance Rate Case Processes Compliance Information Collection Common Compliance Practices Cyber Security Compliance Management The answer is an End2End Security Process

4 © 2011 IBM Corporation4 Requirement: Sabotage Reporting Sabotage Reporting provides directives and procedures for detection, recognition and reporting of sabotage events. It specifies procedures for communications to appropriate parties and local authorities. It expects security monitoring tools to provide near real- time notifications for reporting. IBM can help an utility to continuously monitor security violations during operations, as well as detect out-of- compliance conditions. Such products can even help to track user activity for privileged users, including physical location, deterring insider attacks.

5 © 2011 IBM Corporation5 Requirement: Critical Asset Identification Critical Asset Identification has recognized the need for identification and documentation of critical assets. Identifying these assets and their relationship will provide the basis for applying security principles within each asset’s function as well as communication between the asset and other assets in the grid value chain. IBM can assist in building an integrated asset management solution.

6 © 2011 IBM Corporation6 Requirement: Security Management This requirement calls to document and implement a security policy to represent the company’s commitment to security and their ability to secure critical assets. IBM can provide: 1.policy management, 2.authentication and authorization of grid systems commands, 3.protection and inspection of all XML traffic across network boundaries, 4.management of keys used in encryption of data stored, 5.enablement of change management processes for configuration changes to cyber assets, 6.comparison of activity logs against security policies, and provision of centralized identity, access, attestation and audit services.

7 © 2011 IBM Corporation7 Requirement: Personnel & Training This requirement defines the obligations of utility management to conduct thorough personnel risk assessments in accordance with federal, state, provincial, and local laws. All personnel having authorized cyber access or authorized unescorted physical access to critical cyber assets as well as field assets must get access on a “need-to-know” basis. IBM can help oversee the entire process of managing personnel risk assessments, including enrollment, proofing, and background checks as part of the identity vetting process.

8 © 2011 IBM Corporation8 Requirement: Electronic Security Perimeter The utility is responsible for ensuring that every critical asset resides within an electronic security perimeter. This perimeter needs to be identified and all its access points need to be identified, documented, and controlled. IBM solutions for intrusion and anomaly detection can not only protect IT networks from worms, malware and viruses, but also monitor traffic between intelligent field devices for signs of suspicious activity.

9 © 2011 IBM Corporation9 Requirement: Physical Security of Critical Assets This requirement defines the physical security of a critical asset as being comprised of five distinct elements: deterrence, detection, assessment, communications, and response. This step provides for command and control center solution advanced physical security integration, enabling organizations to control, monitor and maintain disparate security systems and assets through its interfaces. IBM can help in process definition an security analysis.

10 © 2011 IBM Corporation10 Requirement: Systems Security Management This requirement directs security management and testing procedures, patch management, account management, and vulnerability analysis. Organizations need to ensure that new assets and significant changes to existing cyber assets within the electronic security perimeter do not adversely affect existing cyber security controls. IBM has a worldwide team called xForce to support customers. A periodically report is free accessible via Web. www.ibm.com/services/us/iss/xforce/trendreports/

11 © 2011 IBM Corporation11 Requirement: Incident Reporting and Response Planning This requirement calls for the IT and process-control operations to develop and maintain a cyber security incident response plan, documenting procedures to classify and escalate events and report security incidents to authorities. IBM’s service, incident, and problem management capabilities help manage processes for security incidents with a well-documented, repeatable workflow.

12 © 2011 IBM Corporation12 Requirement: Recovery Plans for Critical Cyber Assets This requirement ensures that recovery plans are put in place for critical assets and that these plans follow established business continuity and disaster recovery techniques and practices. IBM can help to enable services delivery and support processes for the most dynamic IT infrastructures, ensuring business resilience and promoting faster recovery during failures.

13 © 2011 IBM Corporation13 To Meet the requirements we need Security by Architectural Thinking Security design should be an integral part of the first phase of developing smart metering architecture to maximize its benefits and minimize future risks

14 © 2011 IBM Corporation14 Thank you Christian Leichtfried BDE Smart Energy IBM Österreich Obere Donaustraße 95 A-1020 Wien Tel: +43 664 618 6082 mailto: Christian_Leichtfried@at.ibm.com Christian_Leichtfried@at.ibm.com

Download ppt "Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011."

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Control and Accounting Information Systems

Control and Accounting Information Systems
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Israel Securities Authority MAGNA – Electronic filing Natan Herscovitz, CIO December 2004.

Israel Securities Authority MAGNA – Electronic filing Natan Herscovitz, CIO December 2004.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google