Abstract
Critical Controls for Effective Cyber Defense

To secure Industrial Control System from cyber-attacks, networks and systems must vigorously defend against a variety of internal and external threats. Defense must be prepared to detect and thwart follow-on attacks inside a network. The goal of this presentation is to provide an insight to participants on how to strengthen the defensive posture of their organization. The presentation will cover ten critical controls to mitigate targeted cyber intrusions to ICS.

  1. Inventory of Authorized & unauthorized devices

  2. Inventory of Authorized & unauthorized software

  3. Secure Configuration for hardware and software

  4. Malware Defense

  5. Data recovery Capability

  6. Security Skills assessment and appropriate Training to fill the gap

  7. Controlled use of administrative privileges

  8. Boundary defense

  9. Maintenance, Monitoring and analysis of audit logs

  10. Patch Management

Within each control, the presentation will cover four (4) critical tenets;

  1. Offense Inform defense: The use of knowledge of actual attacks to provide foundation to build effective defense

  2. Metric: Establish common metrics to measure the effectiveness of the security measure implemented

  3. Continuous monitoring: Carry out continuous monitoring and auditing to test and validate these controls

  4. Automation: Automate defenses so that you can achieve reliable, scalable and continuous measurements.

Keywords:
istanbul 2017, information, data security, action 1, effective cyber defense, application, vulnerability, procedure, cyber security, inventory
Subjects:
Security, Information Management and Systems, Data and communications security, Data security
This content is only available via PDF.
2017. World Petroleum Council
You can access this article if you purchase or spend a download.