If you can't read please download the document
Upload
doanduong
View
220
Download
2
Embed Size (px)
Citation preview
1
Presentation #: CL02
Audie Whipple SRP Philip Santore DVS Security Scott Sieracki Quantum Secure
March 27, 2012
Unified Threat Management
2
Presented By
3
CL02: Unified Threat Management
Audie Whipple Salt River Project
4
Introduction/Overview Introduction/Overview of SRP SRPs Threat Environment Managing Threats Compliance Security Industry Support Conclusion/Question
5
Introduction 1903 Formation of Salt River Valley
Water Users Association 1937 Formation of Salt River Project
Agricultural Improvement and Power District
Combination of the two = SRP Today
6
SRP Threat Environment
7
SRP Threat Environment
8
SRP Threat Environment
9
SRP Threat Environment External Threats
Copper Theft Environmentalists/Protests Union Strikes Terrorist Attacks Against Critical Assets Sabotage Cyber Attacks/Social Engineering
10
SRP Threat Environment Internal Threats
Employee Theft/Fraud Sabotage Disgruntled Employees Work Place Violence Active Shooter Type Scenarios
11
Threat Management Adequate Security Controls and
Procedures Open and Regular Communication with
Law Enforcement Employee Education/Awareness Personnel Risk Assessments Threat Management Team
12
Compliance NERC/CIP Compliance
North American Electric Reliability Corp. Critical Infrastructure Protection
Potential for up to $1mil per day in fines for non-compliance
Significant driver of physical security policies and procedures
13
Industry Support Evolving Systems and Solutions Lower Technology Costs Increased awareness of compliance
requirements by Manuf./Integrators PIAM PSIM
14
Conclusion Wide Variety of threats Proper Threat Management Sound Compliance Program Adequate Industry Support
15
CL02: Unified Threat Management
Phil Santore DVS Security
16
Consultant Challenges Understanding the threat Identify potential mitigation strategies Develop ConOps Multiple systems Review available tools How far to the edge? Client participation
17
Consultant Challenges
Understanding the threat
18
Consultant Challenges Identify potential mitigation strategies
19
Consultant Challenges Develop ConOps
20
Consultant Challenges Multiple systems
21
Consultant Challenges Review available tools
22
Consultant Challenges How far to the edge?
COTS
CUTTING
BLEEDING
Cooperative Development
23
Consultant Challenges Client participation
MANUFACTURER
CLIENT
CONSULANT
24
CL02: Unified Threat Management
Scott Sieracki Quantum Secure
Unified Threat Management
25
New types of solutions create the opportunity for physical security consultants to be in the IT/Cyber security conversations PIAM (Physical Identity and Access Management)
solutions complete the 360 Life Cycle Identity Management Circle
Security Intelligence and Analytics solutions PSIM Other
26
Out of the Box Thinking = Results Consulting Engagements can be Strategic
Elevating physical security by aligning with a Value Proposition that the overall Business is driven by
Operational Cost Reduction Compliance Automation Risk Mitigation Future Proof and Capital Cost Mitigation
Consult for the physical security department but consult as an advisor to the business
Physical Security data is a best kept secretit is part of Big DATA
27
Unified: Physical and Cyber Security Compliance
Single Identity Related Compliance
CIP 004-3 R2 Training
CIP 006-3 R1 Restrict Area Perimeter; Control Physical Access To Restricted Areas
CIP 006-3 R4 CIP 004 R4.1 Screen & Control Access
CIP 006-3 R5 Monitoring
Alarms & Events
CIP 004-3 R3 Personnel Surety
CIP 006-3 R6 Reporting of Key Information
CIP 004-3 R4.2 Revoke Access If Not Needed
28
Exports EAR/ITAR
All Organizations Sarbanes-Oxley SAS 70, ISO-2700
Healthcare HIPAA Title II
Payment Card Industry PCI
Energy NERC/CIP
Airports TSA, SIDA AAAE
Banking Basel II, FSA
Government FIPS 201 HSPD-12
ICAM
Finance GLBA
Pharma DEA Regs,
21-CFR
Food & Drug FDA/DEA
Petrochem CFATS
Telecom TL-9000
Identity in Physical Security
Unified Compliance Examples
29
What Should You Expect Team approach to address end user
requirements Manufacturer should educate you on what they are
seeing, have experienced, where they need support Manufacturer should contribute in the design phase
of the engagement; part of your team Manufacturers should approach with a
solution not a technology Leverage Existing Infrastructure
Truly open standards and Interoperability
Align with IT strategy, technology, methodology
30
The Landscape is Changing IT Consultants and Integrators are
moving in to our space They have their Strengths
Physical Security Consultants have the domain knowledge
These new technologies are an open door for physical security consultants to move closer to CISO
Presentation #: CL02Presented ByCL02: Unified Threat ManagementIntroduction/OverviewIntroductionSRP Threat EnvironmentSRP Threat EnvironmentSRP Threat EnvironmentSRP Threat EnvironmentSRP Threat EnvironmentThreat ManagementComplianceIndustry SupportConclusionCL02: Unified Threat ManagementConsultant ChallengesConsultant ChallengesConsultant ChallengesConsultant ChallengesConsultant ChallengesConsultant ChallengesConsultant ChallengesConsultant ChallengesCL02: Unified Threat ManagementUnified Threat ManagementOut of the Box Thinking = Results Unified: Physical and Cyber Security ComplianceSlide Number 28What Should You ExpectThe Landscape is Changing