Cybersecurity For Physical Security Professionals

1y ago
31 Views
2 Downloads
737.99 KB
10 Pages
Last View : 11d ago
Last Download : 3m ago
Upload by : Albert Barnett
Transcription

2022August 23-25, 2022#ChemicalSecurity2022 Chemical Security SummitAugust 25, 20221

Cybersecurity for PhysicalSecurity ProfessionalsKelly MurrayAssociate Director, CISA Chemical SecurityMichael MorganChief Information Security Officer, Phillips 66Moderator: Jake MehlSection Chief, Chemical Sector Management Team,CISA2022 Chemical Security SummitAugust 25, 2022#ChemicalSecurity

Cybersecurity StatsAKA: why you really SHOULD care about cyber even if you’re not a “cyber guy” Cyber systems are integrated throughout the operations of facilities that possess chemicals. A good cybersecurity posture takes a comprehensive view of all cyber systems and uses alayered approach of policies, practices, and people to prevent, protect against, respond to,and recover from cyber sabotage or incidents.Quick Stats: In 2021, there was a ransomware attack every 11 seconds 43% of cyber-attacks target small businesses Supply chain cyber-attacks grew 420% The FBI estimates phishing attacks may increase by as much as 400%year-over-year 30% of phishing emails are opened The average cost of a data breach is 3.86M One company reported as many as 78% of emails received monthly are2022 Chemical Security SummitmaliciousAugust 25, 20223

Types of Cyberattacks Malware: Harmful software distributed through a computer’s system (often requiring the user to take anaction, such as clicking on an email attachment). Examples of malware include viruses, worms, maliciousmobile code, Trojan horses, rootkits, spyware, and some forms of adware. Ransomware: A type of malware that encrypts data that can only be unlocked when ransom is paid. Man-in-the-Middle Attack: An interruption into a two-party transaction that allows attackers to filter and stealdata during the transaction. Pharming/ Watering Hole Attacks: A means of directing users to a malicious or illegitimate website byredirecting the original uniform resource locator (URL) or an attack that involves corrupting a highly traffickedwebsite, so that a user’s computer is also infected when visiting the corrupt website. Phishing: Fraudulent emails, text messages, or websites purporting to be from a trusted source that requireaction, such as sending money or confidential documents to the “source.”2022 Chemical Security SummitAugust 25, 20224

Secure Your ChemicalsCybersecurity is one part of a larger security plan A security plan serves as amanagement tool to guide afacility’s security and responseefforts. A strong security plan integratesall major security goals into aholistic approach. This reduces duplication of effortand allows facilities to identifysecurity gaps.Facility Security PlanRisk and eCybersecurityPolicies, Plans, andProcedures2022 Chemical Security SummitAugust 25, 20225

CybersecurityPrinciples andInitiatives2022 Chemical Security SummitAugust 25, 2022

Step 1: Identify Your Cyber SystemsConsider what systems could impact the security of the COI. Physical Security Systems Access control or other electronic security that is connected to other systems Does the facility employ an intrusion detection system or cameras? Business Systems Inventory management systems Ordering, shipping, and receiving systems Process and Control Systems Systems that monitor or control physical processes that contain COI Does the facility employ control systems (ICS, DCS, SCADA)?2022 Chemical Security SummitAugust 25, 20227

Step 2: Cyber Vulnerability AssessmentIdentify whether your critical cyber systems, networks, hardware, and software havevulnerabilities that could be exploited by an attacker.Learn more or sign up ialscisa.gov/cyber-hygiene-servicesSAMPLE REPORT CARD (data not real). For illustrative purposes only.2022 Chemical Security SummitAugust 25, 20228

Step 3: Identify Cybersecurity Measures and PoliciesPurposeSecurity PoliciesAccess Controland ManagementNetwork SecurityBusinessPlanningConfigurationManagement Critical System Identification / Protection Mission Roles and Responsibilities Contacts Rules of Behavior Password Policies Access Determination / Least Privilege External Connections Remote Access Third-party Cyber Support Cybersecurity Controls System Boundaries Monitoring Continuity Plan Audits Disaster Recovery Plan Training Incident Reporting Cyber Asset Identification Network/System Architecture Business Needs2022 Chemical Security SummitAugust 25, 20229

Reporting Cyber Incidents We have developed a webpage and fact sheet(cisa.gov/cfats-cyber-reporting) to help facilities determinehow and when to report significant cyber incidents: Examples of critical cyber systems Examples of cyber incidents Actions to take before, during, and after a cyberincident, including reporting Additional resources and trainingsNoteThis resource has no new reporting requirements but consolidatesand clarifies existing requirements under RBPS 8 – Cyber andRBPS 15 – Significant Security Incidents.2022 Chemical Security SummitAugust 25, 202210

Cybersecurity is one part of a larger security plan A security plan serves as a management tool to guide a facility's security and response efforts. A strong security plan integrates all major security goals into a holistic approach. This reduces duplication of effort and allows facilities to identify security gaps. Facility Security Plan

Related Documents:

Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original

Brownie Cybersecurity Explore cybersecurity by earning these three badges! Badge 1: Cybersecurity Basics Badge 2: Cybersecurity Safeguards Badge 3: Cybersecurity Investigator This Cybersecurity badge booklet for girls provides the badge requirements, background information, and fun facts about cybersecurity for all three Brownie

10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan

service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största

Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid

LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .

Mar 01, 2018 · ISO 27799-2008 7.11 ISO/IEC 27002:2005 14.1.2 ISO/IEC 27002:2013 17.1.1 MARS-E v2 PM-8 NIST Cybersecurity Framework ID.BE-2 NIST Cybersecurity Framework ID.BE-4 NIST Cybersecurity Framework ID.RA-3 NIST Cybersecurity Framework ID.RA-4 NIST Cybersecurity Framework ID.RA-5 NIST Cybersecurity Framework ID.RM-3 NIST SP 800-53

CSCC Domains and Structure Main Domains and Subdomains Figure (1) below shows the main domains and subdomains of CSCC. Appendix (A) shows relationship between the CSCC and ECC. Cybersecurity Risk Management 1-1 Cybersecurity Strategy 1-2 1- Cybersecurity Governance Periodical Cybersecurity Review and Audit 1-4 Cybersecurity in Information Technology