Shedding Light on Smart Grid & Cyber Security

•Download as PPTX, PDF•

2 likes•1,098 views

If the bulk electric system (BES) in North America suffered a cyber attack, the consequences could be serious-cities and entire states could suffer blackouts, commerce could come to a standstill, and the door could be opened for looting and even terrorist attacks. Realizing these consequences, the energy industry pressured the North American Electricity Reliability Corporation (NERC) to take a long, hard look at why the Critical Infrastructure Protection (CIP) standards have not been protecting the BES as intended. To address these shortcomings and today's changing IT environment and threats, NERC proposed additional CIP standards, NERC CIP 10 and 11.

Technology Business

Shedding Light on
Smart Grid
& Cyber Security

James Stanton Paul Reymann Cindy Valladares
Senior Energy Consultant CEO Compliance Solutions Manager
ReymannGroup, Inc. ReymannGroup, Inc. Tripwire, Inc.

We will cover…

Energy Industry Inverted Security Model

Round 1 & 2 of CIP Audits

Next Practices for Security & Compliance

Visibility, Intelligence, and Automation are Key

The Game is Changing

FERC Policy Statement on Compliance (Docket PL09-1000
at paragraph 10)

Protect
Protect Critical
Electronic Cyber
Access to Assets
Control
Systems

Self
Certifications
& Audits

New CIP Standards

Round Round
1 Initial Self- 2
CIP Version 4
Assessments
in 4Q10
& Audits

Consider
Requests for potential effect
Clarifications on reliability, if
compromised

Applies to all
Focused on
users of the
Critical Cyber
Bulk Electric
Assets Only
System

Examples
ID account types, e.g., individual, group, shared, guest, system, and admin.
ID use restrictions for wireless technologies
Document all communication paths that transmit or receive digital information external
to each BES Cyber System.
Deny access by default and allow explicitly authorized communication.
Develop an inventory of (its) physical or virtual BES Cyber System Components
(excluding software running on the component), including its physical location.
Authorize and document changes to the BES Cyber System that deviate from the
existing inventory within 30 days of the change being completed.
Document:
• A process for classifying events as Cyber Security Incidents
• Roles and responsibilities of Cyber Security Incident response teams, Cyber
Security Incident handling procedures, and communication plans.
• A Process for reporting Cyber Security Incidents to the Electricity Sector Information
Sharing and Analysis Center (ES-ISAC) either directly or through an intermediary.
Review the incident response plan at least once every 12 months

Next Practices for Security & Compliance
Perform a risk-based assessment – This will change!

Identify systems, services, devices, data, people of critical assets.

Categorize all assets (i.e., High, Medium, or Low Impact).

Control limited need to know access.

Validate security controls.

Document all steps & corrective actions.

Continuously manage and monitor.

Collect and retain data to identify & respond to security incidents

Visibility Intelligence Automation

•
•
•
•

change auditing, configuration control log
management

SCADA and other mission critical systems

monitor and review logs

on a number of different platforms:
 AIX PowerPC 5.3 systems  Windows 2003 servers
 HP-UX (PA-RSIC) v11 systems  Win XP Desktops
 Red Hat Linux  Windows 2003 and Active
 Solaris SPARC Directory domain controllers
 SuSE Linux systems  Windows Server 2000

Critical Cyber Asset Identification

Security Management Controls

Electronic Security Perimeters

Systems Security Management

No Visibility
Drifting
Desired State

High-risk
Temporary
Success

Time

Maintain
Desired State

Non-stop monitoring & collection
Dynamic analysis to find suspicious activities
Assess &
Achieve Alert on impact to policy
Remediate options to speed remedy

Time

Correlate to Correlate to
Bad Changes Suspicious Events

• Summarizes key points
• Describes the affect of CIP
compliance vs. noncompliance
• Offers a Due Diligence Checklist
• Complimentary copy

Questions

Paul Reymann James Stanton
(410) 956-7336 (410) 956 7334
paul@reymanngroup.com jim@reymanngroup.com

www.verticalenabler.com

Cindy Valladares
cvalladares@tripwire.com

www.tripwire.com

Cindy Valladares
cvalladares@tripwire.com

What's hot

Better security through IT operations

slighltyanon

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Dominique Dessy

Symantec Brightmail Gateway 9

Symantec

This presentation on Continuous Monitoring was created by Bryce Schroeder, who leads Tripwire's global presales engineering team at Tripwire. He has over 29 years of IT architectural and security expertise solving Enterprise challenges. Bryce joined Tripwire from NetApp where he led a team of Architects and Systems Engineering in enterprise Cloud infrastructure solutions. Numerous articles on Continuous Monitoring can be found here: http://www.tripwire.com/state-of-security/tag/continuous-diagnostics-and-mitigation/

Continuous Monitoring: Getting Past Complexity & Reducing Risk

Tripwire

SPS Enterprise Family

Symantec

Network Security Offering by GSS America

Gss America

The complexities of NERC CIP-007-5 Requirement 1 (R1) make this one of the most violated requirements in all the NERC standards. NERC CIP-007-5 is the standard focused on Systems Security Management. R1 is intended to minimize the attack surface of critical systems by disabling or limiting access to unnecessary network accessible logical ports and services. For most electric utilities, meeting the mandatory controls of this requirement is an incredibly tedious and labor-intensive effort. Tripwire has a unique whitelisting profiler extension that can automate monitoring ports, services, user accounts, software, and other requirements within NERC CIP-007-05-R1. Join Robert Held, Senior Systems Engineer, as he live-demos how customer sites are saving man-years of effort in preparing and automating for their audits. Also joining to share their customer experience will be Marc Child, CISSP , Information Security Program Manager at Great River Energy. Key Takeaways: -Understand what CIP-007-5-R1 means to your organization -Learn how to automate the processes required for assessing High and Medium Impact Cyber Assets -Get audit-ready “Evidence of Compliance” reporting to provide auditors with what they need -Hear how Marc Child at Great River Energy uses the whitelisting profiler for security and compliance

Automating for NERC CIP-007-5-R1

Tripwire

Layered Approach - Information Security Recommendations

Michael Kaishar, MSIA | CISSP

DojoSec FISMA Presentation

danphilpott

Managed desktop and infrastructure

Blink Communications

Security operations center 5 security controls

AlienVault

NIST Risk Management Framework (RMF)

James W. De Rienzo

Security Monitoring using SIEM null bangalore meet april 2015

n|u - The Open Security Community

At the direction of OMB and NIST, security and IT pros in federal government must develop plans to implement "continuous monitoring," the practice of using IT security controls to constantly monitor and manage the security status of their information systems and networks. The transition from static security to continuous monitoring requires a new approach to IT security, and IT teams must devise a strategy and roadmap to be successful. In this editorial Webcast, cybersecurity experts will help discuss the tools and processes involved in moving from a traditional security environment to one designed around continuous monitoring. This Webcast will help government IT pros: Understand the objectives of continuous monitoring, such as reduced threat exposure through real time risk assessment and response. Identify the steps involved, including determining the security impact of changes to IT systems and producing assessment reports. Assess system requirements in areas such as malware detection and event and incident management. Determine the need for upgrades and investment in new technologies.

Developing a Continuous Monitoring Action Plan

Tripwire

TA security

kesavars

Redefining Endpoint Security

Burak DAYIOGLU

Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization. AlienVault PCI DSS Compliance: https://www.alienvault.com/solutions/pci-dss-compliance Have a question? Ask it in our forum: http://forums.alienvault.com More videos: http://www.youtube.com/user/alienvaulttv AlienVault Blogs: http://www.alienvault.com/blogs AlienVault: http://www.alienvault.com

PCI DSS Implementation: A Five Step Guide

AlienVault

Windows Service Hardening

Digital Bond

The Firewall Policy Hangover: Alleviating Security Management Migraines provides a brief history of the evolution of firewalls, examines how complexity leads to misconfiguration risk and concludes with a discussion on firewall policy management best practices and real-life lessons learned. Additionally, this presentation shares research from “The State of Network Security 2012” that examines: • the challenges of managing network security policies • the impact of changing business requirements • the benefits and limitations of emerging firewall technology

The Firewall Policy Hangover: Alleviating Security Management Migraines

AlgoSec

What's hot (19)

Better security through IT operations

Ebook: Splunk SANS - CIS Top 20 Critical Security Controls

Symantec Brightmail Gateway 9

Continuous Monitoring: Getting Past Complexity & Reducing Risk

SPS Enterprise Family

Network Security Offering by GSS America

Automating for NERC CIP-007-5-R1

Layered Approach - Information Security Recommendations

DojoSec FISMA Presentation

Managed desktop and infrastructure

Security operations center 5 security controls

NIST Risk Management Framework (RMF)

Security Monitoring using SIEM null bangalore meet april 2015

Developing a Continuous Monitoring Action Plan

TA security

Redefining Endpoint Security

PCI DSS Implementation: A Five Step Guide

Windows Service Hardening

The Firewall Policy Hangover: Alleviating Security Management Migraines

Viewers also liked

project presentation on mouse simulation using finger tip detection

Sumit Varshney

Building a Business Case for Credentialed Vulnerability Scanning

Tripwire

When Heartbleed hit, many thought that it was a one of a kind. As new high-impact vulnerabilities such as Shellshock, POODLE and, to a lesser degree, GHOST have continued to appear, many IT organizations are realizing that this is the new normal. High impact vulnerabilities will continue to be discovered, and businesses must be able to quickly detect, patch and remediate vulnerabilities that affect an enormous number of systems. These massive vulnerabilities raise a number of challenges for IT organizations. Tripwire Security Analyst, Ken Westin, discusses: - Steps you can take today to minimize risk and exposure before the next high impact vulnerability is announced - How to develop a rapid response plan that will reduce the time required to identify new vulnerabilities on traditional operating systems as well as network and security devices - Key steps required to quickly identify potentially exploited systems so you can contain and remediate specific threats

Are You Prepared For More High-Impact Vulnerabilties?

Tripwire

What’s New in PCI DSS v2

Tripwire

Today, organizations simply use file integrity monitoring (FIM) to meet one of the many regulations, like PCI, that require it. But for most, the term “FIM” has become synonymous with “noise” due to the volume of change data it indiscriminately produces. Learn what true FIM is, and why it’s still critical for security and compliance. Whitepaper here: http://www.tripwire.com/register/meeting-the-true-intent-of-file-integrity-monitoring/

Meeting the True Intent of File Integrity Monitoring

Tripwire

Join Steve Sletten, senior field systems engineer for Tripwire, for a short, information packed webinar that will focus on how to leverage basic security controls to protect and detect ransomware attacks before significant damage is done. Steve will cover: • The evolutions of ransomware and how the most common vectors for the “ransomware on steroids” now attacking organizations. • How to layer three basic security controls to make your organization harder to target, regardless of the infection vector. • The top three ransomware mistakes most organizations make and what to do about them.

How to Protect Your Organization from the Ransomware Epidemic

Tripwire

The headlines are full of dazzling breaches that took long-term planning, persistence and hacking genius to execute. But the reality is that most breaches required only average knowledge and an under-protected target to pull off. It’s the cyber equivalent of a smash-and-grab burglary – a purse is left on a seat, a window is smashed, the burglar runs off with the purse – that exploits weak defenses and “targets of opportunity.” Learn how Tripwire’s easily-implemented Cybercrime Controls reduce attack surface, harden systems, and immediately detect many common cyber-attacks.

Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls

Tripwire

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...

University of Southern California

Howe Brand, smart security grid risks

Gavan Howe

Tripwire University: Cyberwar Boot Camp – Introduction and Overview

Tripwire

hand gestures

Rekha Ganesh

Global Maritime Cyber Strategy

Ian Kelly

Cyber Security of Power grids

Jishnu Pradeep

Final cyber crime and security

nikunjandy

Virtual mouse

Nikhil Mane

Hand gesture recognition

Muhammed M. Mekki

Virtual Mouse

Vivek Khutale

Gesture recognition adi

aditya verma

Gesture recognition

PrachiWadekar

Cyber crime and security ppt

Lipsita Behera

Viewers also liked (20)

project presentation on mouse simulation using finger tip detection

Building a Business Case for Credentialed Vulnerability Scanning

Are You Prepared For More High-Impact Vulnerabilties?

What’s New in PCI DSS v2

Meeting the True Intent of File Integrity Monitoring

How to Protect Your Organization from the Ransomware Epidemic

Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...

Howe Brand, smart security grid risks

Tripwire University: Cyberwar Boot Camp – Introduction and Overview

hand gestures

Global Maritime Cyber Strategy

Cyber Security of Power grids

Final cyber crime and security

Virtual mouse

Hand gesture recognition

Virtual Mouse

Gesture recognition adi

Gesture recognition

Cyber crime and security ppt

Similar to Shedding Light on Smart Grid & Cyber Security

Extending the 20 critical security controls to gap assessments and security m...

John M. Willis

DTS Solution - Building a SOC (Security Operations Center)

Shah Sheikh

Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay. In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.

Building a Cyber Security Operations Center for SCADA/ICS Environments

Shah Sheikh

USPS CISO Academy - Vulnerability Management

Jim Piechocki

Wipro's Compliance as a Service [CAAS]

Symantec

For many energy companies, readying for compliance with the latest version of NERC Critical Infrastructure Protection (CIP) standards, whether they be v5, v6, v7 or beyond is not the first priority – delivering reliable energy to the BES is. So, how does a company deal not only with the impending changes of CIP v5, but do so in a manner that best positions them for compliance with future versions and secures their cyber environment? Join our live webcast on Thursday February 5 to hear from ICF, Tripwire, and AssurX industry experts who are helping organizations already grappling with the new and upcoming CIP requirements, implementing a risk based approach, the steps they are taking to get ahead of the curve, and addressing the uncertainty. Key Takeaways - Regarding Readiness for NERC CIPv5 (and beyond): •Best approaches for achieving compliance in a changing environment. (i.e. v5, v6, v7). •How to save time, resources, and achieve automation with practical guidance on compliance efforts for current and future CIP requirements. •Practical highlights and key controls from those already working on the most pressing issues.

Stop Chasing the Version: Compliance with CIPv5 through CIPv99

Tripwire

In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.

2012-12-12 Seminar McAfee Risk Management

Pinewood

CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)

TI Safe

Internal Controls Over Information Systems

Jeffrey Paulette

Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar

How to Solve Your Top IT Security Reporting Challenges with AlienVault

AlienVault

Join CloudPassage CEO, Carson Sweet and Sumo Logic Founding VP of Product & Strategy, Bruno Kurtic, for a webinar on “45 minutes to PCI Compliance in the Cloud”. What You Will Learn: -Understand the typical challenges faced by enterprises for achieving PCI on cloud infrastructure -Learn how purpose-built SaaS-based cloud security solutions can save you tens of thousands in audit costs by speeding your time to compliance -Get a quick demo of the CloudPassage Halo and Sumo Logic solutions that provide the telemetry and query/reporting engines respectively for cloud PCI

45 Minutes to PCI Compliance in the Cloud

CloudPassage

Federal Cybersecurity: The latest challenges, initiatives and best practices

John Gilligan

Using Event Processing to Enable Enterprise Security

Tim Bass

Institute of Internal Auditors Presentation 2014

Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

Securing control systems v0.4

CrispnCrunch

Skybox security

Alejandro Cadarso

Using a Network Model to Address SANS Critical Controls 10 and 11

Skybox Security

Solving the CIO’s Cybersecurity Dilemma

John Gilligan

Isf 2015 continuous diagnostics monitoring may 2015

abhi75

Similar to Shedding Light on Smart Grid & Cyber Security (20)

Extending the 20 critical security controls to gap assessments and security m...

DTS Solution - Building a SOC (Security Operations Center)

Building a Cyber Security Operations Center for SCADA/ICS Environments

USPS CISO Academy - Vulnerability Management

Wipro's Compliance as a Service [CAAS]

Stop Chasing the Version: Compliance with CIPv5 through CIPv99

2012-12-12 Seminar McAfee Risk Management

CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)

Internal Controls Over Information Systems

How to Solve Your Top IT Security Reporting Challenges with AlienVault

45 Minutes to PCI Compliance in the Cloud

Federal Cybersecurity: The latest challenges, initiatives and best practices

Using Event Processing to Enable Enterprise Security

Institute of Internal Auditors Presentation 2014

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Securing control systems v0.4

Skybox security

Using a Network Model to Address SANS Critical Controls 10 and 11

Solving the CIO’s Cybersecurity Dilemma

Isf 2015 continuous diagnostics monitoring may 2015

More from Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough

Tripwire

Data Privacy Day 2022: Tips to Ensure Data Privacy

Tripwire

When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning. However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire

Tripwire Energy Working Group: TIV Demo

Tripwire

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through

Tripwire

Tripwire Energy Working Group: Customer Session with Chase Cole

Tripwire

Tripwire Energy Working Group: Keynote w/Patrick Miller

Tripwire

World Book Day: Cybersecurity’s Quietest Celebration

Tripwire

As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season. Download the full report here: https://www.tripwire.com/solutions/solutions-by-industry/retail-and-hospitality/retail-holiday-cybersecurity-survey-report

Tripwire Retail Security 2020 Survey: Key Findings

Tripwire

Key Findings: Tripwire COVID-19 Cybersecurity Impact Report

Tripwire

The Adventures of Captain Tripwire: Coloring Book!

Tripwire

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

Tripwire

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...

Tripwire

Tripwire 2019 Skills Gap Survey: Key Findings

Tripwire

A Look Back at 2018: The Most Memorable Cyber Moments

Tripwire

Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more. Mercy Health and Tripwire show you how to: -Implement effective change management -Strengthen security in Epic records systems -Streamline the audit process

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits

Tripwire

Tripwire State of Cyber Hygiene 2018 Report: Key Findings

Tripwire

MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.” This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface. Takeaways include how to: -Make the most out of their threat intelligence feeds -Report on progress and compliance -Negotiate trust relationships in the intelligence sharing cycle -Improve their organization’s overall security posture

Defend Your Data Now with the MITRE ATT&CK Framework

Tripwire

In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered. Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats. Topics covered include: -Examples of some of the most recent cyber-attacks to critical infrastructure -Why traditional IT security approaches won't work -Recommended approaches for securing critical infrastructure

Defending Critical Infrastructure Against Cyber Attacks

Tripwire

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough

Data Privacy Day 2022: Tips to Ensure Data Privacy

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire Energy Working Group: TIV Demo

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through

Tripwire Energy Working Group: Customer Session with Chase Cole

Tripwire Energy Working Group: Keynote w/Patrick Miller

World Book Day: Cybersecurity’s Quietest Celebration

Tripwire Retail Security 2020 Survey: Key Findings

Key Findings: Tripwire COVID-19 Cybersecurity Impact Report

The Adventures of Captain Tripwire: Coloring Book!

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...

Tripwire 2019 Skills Gap Survey: Key Findings

A Look Back at 2018: The Most Memorable Cyber Moments

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits

Tripwire State of Cyber Hygiene 2018 Report: Key Findings

Defend Your Data Now with the MITRE ATT&CK Framework

Defending Critical Infrastructure Against Cyber Attacks

Recently uploaded

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Real Time Object Detection Using Open CV

Khem

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

DBX First Quarter 2024 Investor Presentation

Dropbox

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

ICT role in 21st century education and its challenges

rafiqahmad00786416

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Recently uploaded (20)

Corporate and higher education May webinar.pptx

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Real Time Object Detection Using Open CV

Strategies for Landing an Oracle DBA Job as a Fresher

Artificial Intelligence Chap.5 : Uncertainty

presentation ICT roal in 21st century education

Apidays New York 2024 - The value of a flexible API Management solution for O...

GenAI Risks & Security Meetup 01052024.pdf

Powerful Google developer tools for immediate impact! (2023-24 C)

Ransomware_Q4_2023. The report. [EN].pdf

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

DBX First Quarter 2024 Investor Presentation

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

ICT role in 21st century education and its challenges

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Data Cloud, More than a CDP by Matt Robison

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Shedding Light on Smart Grid & Cyber Security

1. Shedding Light on Smart Grid & Cyber Security

3. James Stanton Paul Reymann Cindy Valladares Senior Energy Consultant CEO Compliance Solutions Manager ReymannGroup, Inc. ReymannGroup, Inc. Tripwire, Inc.

4. We will cover… Energy Industry Inverted Security Model Round 1 & 2 of CIP Audits Next Practices for Security & Compliance Visibility, Intelligence, and Automation are Key

7. Congress Acted

8. The Game is Changing FERC Policy Statement on Compliance (Docket PL09-1000 at paragraph 10)

9. Open to Cyber-Threats

10. Protect Protect Critical Electronic Cyber Access to Assets Control Systems Self Certifications & Audits New CIP Standards

11. Round Round 1 Initial Self- 2 CIP Version 4 Assessments in 4Q10 & Audits Consider Requests for potential effect Clarifications on reliability, if compromised Applies to all Focused on users of the Critical Cyber Bulk Electric Assets Only System

12. Examples ID account types, e.g., individual, group, shared, guest, system, and admin. ID use restrictions for wireless technologies Document all communication paths that transmit or receive digital information external to each BES Cyber System. Deny access by default and allow explicitly authorized communication. Develop an inventory of (its) physical or virtual BES Cyber System Components (excluding software running on the component), including its physical location. Authorize and document changes to the BES Cyber System that deviate from the existing inventory within 30 days of the change being completed. Document: • A process for classifying events as Cyber Security Incidents • Roles and responsibilities of Cyber Security Incident response teams, Cyber Security Incident handling procedures, and communication plans. • A Process for reporting Cyber Security Incidents to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) either directly or through an intermediary. Review the incident response plan at least once every 12 months

13. Next Practices for Security & Compliance Perform a risk-based assessment – This will change! Identify systems, services, devices, data, people of critical assets. Categorize all assets (i.e., High, Medium, or Low Impact). Control limited need to know access. Validate security controls. Document all steps & corrective actions. Continuously manage and monitor. Collect and retain data to identify & respond to security incidents

14. Visibility Intelligence Automation • • • •

15. Tripwire Solutions

16. change auditing, configuration control log management SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers  SuSE Linux systems  Windows Server 2000

17. Critical Cyber Asset Identification Security Management Controls Electronic Security Perimeters Systems Security Management

18. Critical Cyber Asset Identification • Security Management Controls • • Electronic Security Perimeters • • • Systems Security Management • • • • •

19. No Visibility Drifting Desired State High-risk Temporary Success Time

20. Maintain Desired State Non-stop monitoring & collection Dynamic analysis to find suspicious activities Assess & Achieve Alert on impact to policy Remediate options to speed remedy Time

21. Correlate to Suspicious Events

22. Correlate to Correlate to Bad Changes Suspicious Events

23.

24. • Summarizes key points • Describes the affect of CIP compliance vs. noncompliance • Offers a Due Diligence Checklist • Complimentary copy

25. Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 paul@reymanngroup.com jim@reymanngroup.com www.verticalenabler.com Cindy Valladares cvalladares@tripwire.com

26. www.tripwire.com Cindy Valladares cvalladares@tripwire.com

Editor's Notes

Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.

Shedding Light on Smart Grid & Cyber Security

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (20)

Similar to Shedding Light on Smart Grid & Cyber Security

Similar to Shedding Light on Smart Grid & Cyber Security (20)

More from Tripwire

More from Tripwire (20)

Recently uploaded

Recently uploaded (20)

Shedding Light on Smart Grid & Cyber Security

Editor's Notes