Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ABB | Slide 1 NERC CIP Version 5 webinar series “Access management and malicious software controls” 10/29/2014 October 29, 2014.

Published byLeona Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "© ABB | Slide 1 NERC CIP Version 5 webinar series “Access management and malicious software controls” 10/29/2014 October 29, 2014."— Presentation transcript:

1 © ABB | Slide 1 NERC CIP Version 5 webinar series “Access management and malicious software controls” 10/29/2014 October 29, 2014

2 © ABB | Slide 2 Joseph Baxter CISSP/CISA/CISM/CGEIT/MCDBA/MCSE:S NERC CIP Lead – HVDC / FACTS joseph.baxter@us.abb.com (919) 807-5077 About the presenter(s) October 29, 2014 Before coming to ABB, Joseph Baxter completed several years as a NERC CIP Auditor for the SERC region, with special emphasis on the technical side of cyber security. He has both audited and been audited in the realm of CIP, and brings over fifteen years of Information Security experience gleaned from the Financial Sector to bear on the problems facing Grid Security today.

3 © ABB | Slide 3 Security programs October 29, 2014 Program, Plan, Policy, Process, Procedure, Practice  Don’t let NERC do this for you  This is your Cyber Security Program, not theirs - take control!  Separation of Duties and Reporting Structure legitimize this effort Risk Analysis Document Program Implement Controls Audit Controls Remediate Findings http://internalaudit.biz/webresources/rbiaintroduction.html

4 © ABB | Slide 4 Quality evidence  Record (get it down)  Retrieve (find it fast)  Reference (do it once)  Report (show it well)  Repeat (keep it up) October 29, 2014 Documentation is king

5 © ABB | Slide 5 Audience question #1 October 29, 2014 Malicious Software Prevention

6 © ABB | Slide 6 Malicious code prevention October 29, 2014 A choice in strategy  Traditional antivirus  Requires processing power  Can corrupt databases  Requires constant update  Often falls into the category of “Cure more painful than the disease”

7 © ABB | Slide 7 Hardening vs Antivirus October 29, 2014 A 2x2 matrix choice  Answers are pretty obvious  However the question isn’t binary  A hybrid approach might work Antivirus Partial Coverage Antivirus Full Coverage Hardening Partial Coverage Hardening Full Coverage

8 © ABB | Slide 8 Hardening controls October 29, 2014 Out of the box  AppLocker in Active Directory + Group Policy Object lockdowns  AppArmor in Linux  Not comprehensive, but does it have to be?  Policy plays a role  What is really required? http://resources.infosecinstitute.com/top-10-common-misconceptions-application-whitelisting/

9 © ABB | Slide 9 Audience question #2 October 29, 2014 Technical Feasibility Exceptions

10 © ABB | Slide 10 Access management October 29, 2014 A few changes for good  Nothing to see here…  Widely applicable to Highs and Mediums  Interactive User Access  Where Technically Feasible

11 © ABB | Slide 11 Remote access October 29, 2014 Line in the sand  Lots of confusion here  Keep the hot side hot  Keep the cold side cold  Multifactor requirements

12 © ABB | Slide 12 Cyber vulnerability assessments October 29, 2014 Had little to do with vulnerabilities  But now things are different  The word ‘vulnerability’ actually matters again  But that doesn’t have to be all it does  Check up on your Security Hardening Controls

13 © ABB | Slide 13 Questions? This is the point to review and answer any questions in the panel. If you have a question, please type your question in now. October 29, 2014

14 © ABB | Slide 14  Change management Wednesday, October 15, 2014 at 2:00 p.m. Learn about change management and the fact that this will be the largest area of recurring effort. You will gain understanding of why Patch Management is not a solution to meet your NERC CIP updates and why Version 3 no longer applies. Register now: https://www1.gotomeeting.com/register/567897657https://www1.gotomeeting.com/register/567897657  Baseline management Wednesday, October 22, 2014 at 2:00 p.m. Learn what a baseline and testing are, why automation is key and what is required to meet Version 5 compliance. Register now: https://www1.gotomeeting.com/register/937111497https://www1.gotomeeting.com/register/937111497  Cyber asset grouping Thursday, October 23, 2014 at 12:00 p.m. (Power generation specific) Learn process approaches to CIP-002-5.1 R1 as it pertains to BES cyber asset categorization. Register now: https://www1.gotomeeting.com/register/774616816https://www1.gotomeeting.com/register/774616816 Additional NERC CIP educational webinars October 29, 2014 (All webinars are Eastern Time)

15 © ABB | Slide 15  Access management and malicious software controls Wednesday, October 29, 2014 at 2:00 p.m. Learn how to access control fits with CIP-004-5 and why account management is not effortless. Register now: https://www1.gotomeeting.com/register/448008129https://www1.gotomeeting.com/register/448008129  Low assets and future CIP versions Wednesday, November 5, 2014 at 2:00 p.m. (Power generation specific) Learn the compliance requirements for entities with low assets and audit worksheets as well as future standard activities. Register now: https://www1.gotomeeting.com/register/872327665https://www1.gotomeeting.com/register/872327665  Identification and review of critical transmission assets Wednesday, November 12, 2014 at 2:00 p.m. Learn how to approach the guidelines and criteria highlighted by NERC to fulfill the risk assessment goal. Register now: https://www1.gotomeeting.com/register/639963169https://www1.gotomeeting.com/register/639963169 Additional NERC CIP educational webinars October 29, 2014 (All webinars are Eastern Time)

16 © ABB | Slide 16  Theme: Preparing for the power evolution  Date: November 6, 2014 – 11 a.m. – 6 p.m. EST  Why should you attend? 25 educational webinars, dozens of scheduled chats and interviews and more than 100 white papers available for download from knowledgeable subject matter experts.  Earn Professional Development Hours (PDH) Download an official attendance certificate for every live webinar session you attend to get credit for your learning time  No travel or registration costs!  Can’t attend the day of? That’s fine. All webinars will be recorded and will be available for on-demand viewing after the live event.  Register now: http://bit.ly/SmartStreamPowerhttp://bit.ly/SmartStreamPower Automation & Power World (APW) October 29, 2014 Power SmartStream Digital Conference

17 © ABB | Slide 17  Theme: Harnessing the power of change  Date: March 2-5, 2015 in Houston, Texas  Location: George R. Brown Convention Center  Why should you attend?  Listen to interesting and topical keynote presentations  Chose from over 300 industry and solution-focused educational sessions and panel discussions  Network with ABB experts and your peers  Earn Professional Development Hours (PDH)  Completely free!  Check the website for updates: http://new.abb.com/apwhttp://new.abb.com/apw Automation & Power World (APW) October 29, 2014 LIVE conference – APW 2015

18 © ABB | Slide 18 Survey Please take a few moments to answer the survey questions. Thank you. October 29, 2014

19

Download ppt "© ABB | Slide 1 NERC CIP Version 5 webinar series “Access management and malicious software controls” 10/29/2014 October 29, 2014."

Similar presentations

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
©EverFi, Inc. All rights reserved. Please Contact: Sarah Pratt Ponder 713.553.1852 EverFi provides FREE online platforms High School:

©EverFi, Inc. All rights reserved. Please Contact: Sarah Pratt Ponder EverFi provides FREE online platforms High School:
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.

CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.
Automation & Power World 2015 Harnessing the power of change March 2-5, 2015 | Houston, Texas.

Automation & Power World 2015 Harnessing the power of change March 2-5, 2015 | Houston, Texas.
PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.

PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.
Internal Audit Awareness

Internal Audit Awareness
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
Standards Certification Education & Training Publishing Conferences & Exhibits 2014 ISA Process Safety Control Symposium.

Standards Certification Education & Training Publishing Conferences & Exhibits 2014 ISA Process Safety Control Symposium.
PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.

PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.
PROJECT MANAGEMENT PRODUCT FOCUS 2/17/14 – 2/28/14.

PROJECT MANAGEMENT PRODUCT FOCUS 2/17/14 – 2/28/14.
CIP Version 5 Update OC Meeting November 7, 2013.

CIP Version 5 Update OC Meeting November 7, 2013.
World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act.

World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. How IT is affected by Sarbanes-Oxley Act.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
NERC CIP Version 5 webinar series “Baseline management”

NERC CIP Version 5 webinar series “Baseline management”
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Welcome to the Learning Community 2015 Roll out webinar Hosted by the Family Institute for Education, Practice & Research The webinar will begin shortly.

Welcome to the Learning Community 2015 Roll out webinar Hosted by the Family Institute for Education, Practice & Research The webinar will begin shortly.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Similar presentations

Ads by Google