ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

2 3 Global Foundation Services Security Global Delivery Sustainability Infrastructure.

Program Management Office (PMO) Design

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

<<Date>><<SDLC Phase>>

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

S&I Framework Laboratory Initiatives Update June 6, 2013.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

ISO 9001:2015 Just around the corner ASQ Ottawa Chapter – June 30, 2015.

COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.

NESCC Meeting March 28, Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.

EOSC Generic Application Security Framework

Service Organization Control (SOC) Reporting Options and Information

COMPANY CONFIDENTIAL Page 1 Final Findings Briefing Client ABC Ltd CMMI (SW) – Ver 1.2 Staged Representation Conducted by: QAI India SM - CMMI is a service.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Test Organization and Management

(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.

Copyright © 2009 NDIA PMSC Robert Loop August 2009 NDIA PMSC Guides Working Group Status.

Thirteenth Lecture Hour 8:30 – 9:20 am, Sunday, September 16 Software Management Disciplines Process Automation (from Part III, Chapter 12 of Royce’ book)

Framework for Compliance, Verification, and Non-Conformance George Angeli LSST All-Hands Meeting Bremerton August 17, 2015.

RUP Implementation and Testing

Unit 8 Syllabus Quality Management : Quality concepts, Software quality assurance, Software Reviews, Formal technical reviews, Statistical Software quality.

NIST Special Publication Revision 1

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Independent User Acceptance Test Process (IUAT)

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.

1 NG9-1-1 Initiative Action Team Conference Call #4 Sept 20,

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.

OPUS Publishing PROPRIETARY WiseOwl ™ ISA “Security Zones and Conduits” The challenge to map ISA to ISA Presented to ISA 99.

SACS-CASI Southern Association of Colleges and Schools Council on Accreditation and School Improvement FAMU DRS – QAR Quality Assurance Review April 27-28,

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

P1516.4: VV&A Overlay to the FEDEP 20 September 2007 Briefing for the VV&A Summit Simone Youngblood Simone Youngblood M&S CO VV&A Proponency Leader

S&I Standards Organization Engagement & Communication Plan DRAFT Standards Support Team 1 September 2011.

Project Management Learning Program 7-18 May 2012, Mekong Institute, Khon Kaen, Thailand Writing Project Report Multi-Purpose Reporting.

Copyright 2003 – Cedar Enterprise Solutions, Inc. All rights reserved. Business Process Redesign & Innovation University of Maryland, University College.

Today’s Agenda Agree on recurring meeting secretary

SC7 - IEEE CS Activity Status Report – T. Doran 6 November 2007 To: J. Walz IEEE CS SAB

Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

ISPE Cyber Security S99 Update December 08, 2009.

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

Welcome to today’s Webinar: Tier III Schools in Improvement We will begin at 9:00 AM.

ISA99 - Industrial Automation and Controls Systems Security

The Power of Recommendations Dainius Jakimavičius National Audit Office of Lithuania Vilnius, April 23, 2013.

Doc.: IEEE /430r0 Submission José A. Gutierrez November 02 Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)

Software Engineering Lecture 10: System Engineering.

Representing nursing in SNOMED CT Proposal for TR or Guideline.

Doc.: IEEE /1515r0 AgendaStephen McCann, BlackBerrySlide 1 TGaq Agenda Date: Authors: January 2016.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

Extended Reserve Technical Requirements Schedule (TRS) Presenters: Justin Blass, Project Manager Gillian Rodger, Power System Analysis Kevin Wronski, Compliance.

Introduction for the Implementation of Software Configuration Management I thought I knew it all !

ISA-SP99: Security for Industrial Automation and Control Systems

ISO/IEC JTC 1/SC 7 Working Group 42 - Architecture Johan Bendz

Data Architecture World Class Operations - Impact Workshop.

Software and Systems Integration

Sept 2002 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Task Group 4 Low Rate WPANS Closing Report]

IS4680 Security Auditing for Compliance

Submission Title: [Task Group 4 Low Rate WPANS Closing Report]

Submission Title: [Task Group 4 Low Rate WPANS Closing Report]

Submission Title: [Task Group 4 Low Rate WPANS Closing Report]

API RP 17A - Discussion Points

HART Technologies Process Overview

QA Reviews Lecture # 6.

ESHAC #8 Safety Readiness Review Thomas Hansson, ESH

Security Policies and Implementation Issues

Presentation transcript:

ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04

Situation today (Nov 2008) ISA 99 is a multipart standard to be aligned with IEC parts : Terminology, Concepts and Models: Published : Framework for a Security Program: In ballot : Guideline for Operating a Security Program: Not started : Target System Security Levels: Work-in-progress : System Security Compliance Metrics: Work-in-progress : Protection of Data at Rest: Work-in-progress Derived requirements ( x) are prescriptive, requiring Traceability to the 7 foundational requirements in Supporting rationale with use cases Security assurance metrics Technical Requirements work-in-progress task teams Foundational requirements Zones, conduits and security levels Derived requirements 13 November 20082ISA99WG04

Maturity assessment Foundational Requirements Zones, Conduits and Security Levels Derived Requirements Team LeaderFreemon JohnsonRahul BhojaniKevin Staggs (Interim) Status of team composition Team in place Very weak participation Team in place Barely acceptable participation Very weak participation Status of work-in- progress Mapping to NIST 800 complete Need to document as an ISA TR Active discussion via weekly LiveMeetings/TELECONs Focus on Protection of Data at Rest Structure of release series in debate Prognosis for publication Ready for community review by end of 2008 Probably ready for by the end of ready by the end of 2009 Crystal ball projection for the rest at best Long pole in the tentNone Security Metrics Use Cases Security Assurance Levels Security Metrics Allocation to subsystems & components Use Cases Security Metrics 13 November 20083ISA99WG04

Timely publication best serves our community Part TitleScope and Purpose Primary UsersExpected Publication Date Technical Requirements: Target Security Levels Use NIST mapping to establish target security levels Includes high-level description of domains including their zones and conduits Asset owner Security system architect System integrator System providers including 3 rd party outsources Mid Nov 2008: ready for ballot? Technical Requirements: System Security Compliance Metrics Defines measurable compliance metrics that are context specific Asset owner Security system architect System integrator ISA Compliance Institute System providers including 3 rd party outsources Late 2009 Technical Requirements: Allocation to Subsystems and Components Normative specification of security requirements including rationale and supporting use cases based on example reference models Includes detailed description of domains including their zones and conduits Asset owner Security system architect System integrator ISA Compliance Institute System, subsystem and component providers including 3 rd party outsources : Late x: ???? 13 November 20084ISA99WG04

In summary Accelerate publication of technical requirements ISA-DS “Target Security Levels” With editorial changes, is it ready to ballot? Use formal review processes and procedures of ISA and IEC in parallel Use agreed-to ISA/IEC document template Ballot resolution team address comments received from both balloting bodies Charlie Robinson will coordinate ISA & IEC (via Tom Phinney) balloting Lessons learned feed-forward to next publication in the series 13 November 20085ISA99WG04