Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
•Als PPTX, PDF herunterladen•
3 gefällt mir•1,401 views
Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
Ähnlich wie Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification (20)
Mehr von AVEVA
Mehr von AVEVA (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Cybersecurity Critical Infrastructure Framework Course Textbook and the class/curriculum for Security Certification
- 2. Topics Covered • E-Book Purpose • Key Objectives • Outline Of Content • Training Plans – Cybersecurity Programs – Boot Camp • About ENMU-Ruidoso • Q & A? 2 CAE-2Y Accredited
- 3. Purpose • Provide a quick reference guide to the framework • Promote awareness of – Cybersecurity Critical Infrastructure Framework – SCADA Cybersecurity threats and vulnerabilities – The importance of risk assessments – How to use the framework – Look into applying security to Indusoft Web Studio 3 CAE-2Y Accredited
- 4. Key Objectives • Knowledge of SCADA and cybersecurity environment – Types of SCADA systems – Threats and risks • Understanding of framework • Knowledge of tools and processes for risk analysis • Ability to apply risk management processes to obtain the right framework tier for an organization. 4 CAE-2Y Accredited
- 5. Outline Of Content • Chapter 1 - SCADA Cybersecurity Introduction and Review – What is SCADA – Overview of Cybersecurity Vulnerabilities – Understanding Control System Cyber Vulnerabilities • Chapter 2 – Cybersecurity Framework Introduction – Framework Introduction – Risk Management and – the Cybersecurity Framework 5 CAE-2Y Accredited
- 6. Outline Of Content • Chapter 3 – Cybersecurity Framework Basics – Basic framework overview – Framework core • Chapter 4 – How to Use the Framework – Basic Review of Cybersecurity Practices – Establishing or Improving a Cybersecurity Program – Communicating Cybersecurity Requirements with Stakeholders • Chapter 5 – Indusoft Security Guide – Embedded in this chapter. 6 CAE-2Y Accredited
- 7. Outline Of Content • Appendix (Framework Core, CSET Tool, References, and Glossary) 7 CAE-2Y Accredited
- 9. Training Plans: Cybersecurity Programs • Computer and Network Security Certification Program (Online) Credited or Self-paced • This program is specifically designed to prepare students as Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011and CNSSI No. 4016 Entry Level Risk Analysts and is CAE-2Y Accredited. – IS 131: Network Security Fundamentals-3 – IS 136: Guide to Disaster Recovery- 3 – IS 153/L: Introduction to Information System- 4 – IS 253: Firewalls and How They Work- 3 – IS 257: Network Defense and Counter Measures- 3 – IS 258: Cyber Ethics, Professionalism, and Career Development- 3 9 CAE-2Y Accredited
- 10. Training Plans: Cybersecurity Programs • Associates of Applied Science Degree - Information Systems Cybersecurity (Online) Credited (CAE-2Y,4011 & 4016-E, DOD 8570) Career pathway to 4-yr degrees • The focus of this program will be on the key components of information systems assurance and cybersecurity: – People – Software – Hardware – Data – Security – Communication technologies – How these components can be integrated and managed to create competitive advantage. 10 CAE-2Y Accredited
- 11. Training Plans: Boot Camp • 4 day Boot Camp covering: – Course Orientation and Introduction to Cybersecurity and SCADA • CompTIA-Security+ Key Topics • SCADA Cybersecurity Recommended Practice/ Infrastructure Guiding Principles/National Infrastructure Protection Plan – IS-821 Critical Infrastructure and Key Resources Support Annex – IS-860.a National Infrastructure Protection Plan (NIPP) • Cybersecurity Critical Infrastructure Framework / CAP Process/Intro to a SCADA Product (IDUSOFT) • CSET Department of Homeland Security Risk Assessment Process and Tools Using the Cybersecurity Critical Infrastructure Framework 11 CAE-2Y Accredited
- 12. About ENMU-Ruidoso The National Security Agency and the Department of Homeland Security have designated Eastern New Mexico University - Ruidoso National Center of Academic Excellence in Information Assurance/Cybersecurity Defense through academic year 2019. Based on the universities ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure. Meets the eleven Knowledge Units learning objectives Recognized by the National Initiative in Cybersecurity Education (NICE) as a certified Training Institution for the NIST National Cybersecurity Workforce Framework. http://csrc.nist.gov/nice/index.htm 12 CAE-2Y Accredited
Hinweis der Redaktion
- Chapter 1: This chapter will provide an introduction to Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Process Control Systems (PCS). What they are and how they are used. Then we will look at cybersecurity vulnerabilities in general and those that are of a higher concern for SCADA and PCS systems. Section 1: What is SCADA? Overview History and Installed Base How SCADA Systems Work A More In-Depth Look at a SCADA System Field Devices Measure the Process for Flow Rate, Pressure, Temperature, Level, Density, Etc. Field Control Uses Two Types of Controllers Examples of HMI Screens and Displays Used Within SCADA Systems Section 2: Overview of Cyber Vulnerabilities In this section the key objectives are: Challenges of Securing Information Understanding and Defining Information Security Cyber Threat Source to Control/SCADA Systems Descriptions GAO Threat Table Cyber-Attacks and Defenses Vulnerability Scanning vs. Penetration Testing Section 3: Understanding Control System Cyber Vulnerabilities Gaining Control of the SCADA System Three Categories of SCADA Systems Chapter 2: To strengthen the resilience of this infrastructure, President Obama issued Executive Order 13636 (EO), “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.1 This Executive Order calls for the development of a voluntary Cybersecurity Framework (“Framework”) that provides a “prioritized, flexible, repeatable, performance-based, and cost- effective approach” to manage cybersecurity risk for those processes, information, and systems directly involved in the delivery of critical infrastructure services. The Framework, developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk. Executive Order no. 13636, "Improving Critical Infrastructure Cybersecurity", DCPD-201300091, February 12,2013. http://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf Chapter 2: Cybersecurity Framework Introduction Section 1: Framework Introduction Overview of the Framework Framework Core Framework Implementation Tiers Framework Profile Section 2: Risk Management and the Cybersecurity Framework Risk Management Redefined
- Chapter 3: The purpose of the Framework is to provide a common language to enable understanding, managing, and communicating cybersecurity risk both internally and externally. It is intended for use in helping identify and prioritize actions for reducing cybersecurity risk. The Framework is a tool, used for aligning policy, business, and technological approaches to managing that risk. It is meant to be used to manage cybersecurity risk across entire organization or can be focused to service, department within the organization. “Different types of entities - including sector coordinating structures, associations, and organizations - can use the Framework for different purposes, including the creation of common Profiles.” "Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0", National Institute of Standards and Technology, February 12, 2014 The ebook introduces a business process perspective in looking at the framework and how to apply the framework from a Business Process Re-engineering perspective. Chapter 3: Cybersecurity Framework Basics Section 1: Framework Basics Section 2: Framework Core Functions Categories Subcategories Framework Implementation Tiers Section 3: How Does it All Come Together? Coordination of Framework Implementation Business Process Management (BPM) Approach to the Framework Cybersecurity Framework Assessment Process Model Breakdown and Component Parts Chapter4: The purpose of this chapter is to look at how an organization can use the Framework as a key part or enabler of its current process for identifying, assessing, and managing cybersecurity risk. Note, the Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach and develop a roadmap to improvement. Using the Framework as a cybersecurity risk management tool, can enable the organization in determining activities that are most important to critical service delivery and prioritize the cost of those activities to reduce the risk and maximize the impact of the investment. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014 Chapter 4: How to Use the Framework Section 1: Basic Review of Cybersecurity Practices Section 2: Establishing or Improving a Cybersecurity Program Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Section 3: Communicating Cybersecurity Requirements with Stakeholders Identifying Gaps
- Appendix A: Framework Core Information regarding Informative References described in Appendix A may be found at the following locations: Appendix B: Cyber Security Evaluation Tool (CSET) Information Appendix C: References Recommended Publications for Purchase Further Reading and Links to Organizations Appendix D: Glossary Terms Used in this Publication Acronyms Used in this Publication CSET Tool The Cyber Security Evaluation Tool (CSET®) is a Department of Homeland Security (DHS) no-cost tool that assists organizations in protecting their key national cyber assets. The tool was developed by the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) with assistance from the National Institute of Standards and Technology (NIST). This tool provides users with a systematic, consistent, and standards based approach for assessing the security posture of their Information Technology systems and networks. The tool uses high-level and detailed questions related to all industrial control and IT systems that includes the NIST Cybersecurity Critical Infrastructure Framework, referenced in the tool standards as “NCSF V1”. The value of the tool is that it can guide the key stakeholders, custodians, and owners in systematically understanding their current IT and control system environment, potential gaps in security, and assist in developing a plan to close those gaps. The tool includes instructional videos, help screens, and information not only about how to use the tool but information on what standards might apply to one’s organization. The tool gives organizations who have not conducted any sort of comprehensive risk assessment of the IT infrastructure, an excellent starting point.
- 1.1. Basic Data Analysis 1.2. Basic Scripting or Introductory Programming (4 yr core) 1.3. Cyber Defense 1.4. Cyber Threats 1.5. Fundamental Security Design Principles 1.6. IA Fundamentals 1.7. Intro to Cryptography 1.8. IT Systems Components 1.9. Networking Concepts 1.10. Policy, Legal, Ethics, and Compliance 1.11. System Administration