Home > Internet > SOC and ICS/SCADA Security

SOC and ICS/SCADA Security

Date post: 14-Apr-2017
Category:
Author: ali-abdollahi
View: 154 times
Download: 3 times
Share this document with a friend
Embed Size (px)
of 48 /48
اسرساخت های حست امنیت در زیکز عملیا مرا1 SOC and ICS/SCADA Security
Transcript
  • 1SOC and ICS/SCADA Security

  • 80%

    20%

    ! % 20

    2SOC and ICS/SCADA Security

  • 365*7*24

    (KPI)

    Attack vector Forensic CSIRT CERT ISO27001

    3SOC and ICS/SCADA Security

    SOC

  • Real-Time Monitoring- Data Aggregation - Data Correlation - Aggregates Logs- Coordinates Response- Automates Remediation

    Reporting- Executive Summary- Audit and Assessment - Security Metric Reporting- KPI Compliance- SLA Reporting

    Security Incident Management - Pre and Post Incident Analysis- Forensics Analysis- Root Cause Analysis- Incident Handling - aeCERT Integration

    4SOC and ICS/SCADA Security

  • 10

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    5SOC and ICS/SCADA Security

  • ))

    6SOC and ICS/SCADA Security

  • 7SOC and ICS/SCADA Security

  • Business Continuity

    8SOC and ICS/SCADA Security

  • Talented

    Trained

    Experience

    9SOC and ICS/SCADA Security

  • DATA SECURITY AND MONITORING

    Data Asset Classification Data Collection Data Normalization Data at Rest and In Motion Data Protection Data Distribution

    10SOC and ICS/SCADA Security

  • EVENT MANAGEMENT

    Event Correlation Identification Triage Roles Containment Notification Ticketing Recovery Forensics and Situational Awareness

    11SOC and ICS/SCADA Security

  • INCIDENT RESPONSE PRACTICE

    Security Incident Reporting Structure Security Incident Monitoring Security Incident Escalation Procedure Forensics and Root Cause Analysis Return to Normal Operations Post-Incident Planning and Monitoring Communication Guidelines SIRT Integration

    12SOC and ICS/SCADA Security

  • SOC OPERATING GUIDELINES

    SOC Workflow Personnel Shift Description Shift Reporting Shift Change Information Acquisition SOC Monitoring Suite SOC Reporting Structure Organizational Chart

    13SOC and ICS/SCADA Security

  • ESCALATION MANAGEMENT

    Escalation Procedure Pre-Escalation Tasks IT Security Network Operation Center Security Engineering SIRT Integration Law Enforcement 3rd Party Service Providers and Vendors

    14SOC and ICS/SCADA Security

  • DATA RECOVERY PROCEDURES

    Disaster Recovery and BCP Procedure Recovery Time Objective Recovery Point Objective Resiliency and High Availability Facilities Outage Procedure

    15SOC and ICS/SCADA Security

  • SECURITY INCIDENT PROCEDURES

    Email Phishing - Email Security Incident Virus and Worm Infection Anti-Virus Management Incident NetFlow Abnormal Behavior Incident Network Behaviour Analysis Incident Distributed Denial of Service Incident Host Compromise - Web Application Security Incident Network Compromise Internet Misuse Human Resource - Hiring and Termination Domain Hijack or DNS Cache Poisoning Suspicious User Activity Unauthorized User Access (Employee)

    16SOC and ICS/SCADA Security

  • VULNERABILITY AND PATCH MANAGEMENT

    Vulnerability Research Patch Management - Microsoft SCOM Identification Dissemination Compliance Monitoring Network Configuration Baseline Anti-Virus Signature Management Microsoft Updates

    17SOC and ICS/SCADA Security

  • TOOLS OPERATING MANUAL FOR SOC PERSONNEL

    Operating Procedure for SIEM Solutions Event Management and FlowCollector/Processor Firewall Security Logs IDS/IPS Security Logs DMZ Jump Server / SSL VPN logs Endpoint Security logs (AV, DLP, HIPS) User Activity / Login Logs Operating Procedure for Policy and Configuration Compliance Operating Procedure for Network Monitoring Systems Operating Procedure for Vulnerability Assessment

    18SOC and ICS/SCADA Security

  • SECURITY ALARMS AND ALERT CLASSIFICATION

    Critical Alarms and Alerts with Action DefinitionNon-Critical and Information AlarmsAlarm reporting and SLA to resolve the alarms

    19SOC and ICS/SCADA Security

  • SECURITY METRIC AND DASHBOARD EXECUTIVE SUMMARY

    Definition of Security Metrics based on Center of InternetSecurity standards Security KPI reporting definition Security Balanced Scorecard and Executive Reporting

    20SOC and ICS/SCADA Security

  • Penetration testing

    Real-Time network security monitoring

    Vulnerability scanning and management

    Threat intelligence

    Incident investigation

    Malware forensics

    Cybersecurity exercise creation and delivery

    21SOC and ICS/SCADA Security

  • 22SOC and ICS/SCADA Security

  • 23SOC and ICS/SCADA Security

  • 24SOC and ICS/SCADA Security

  • 25SOC and ICS/SCADA Security

  • 26SOC and ICS/SCADA Security

  • 27SOC and ICS/SCADA Security

  • 28SOC and ICS/SCADA Security

  • 29SOC and ICS/SCADA Security

  • SegmentationFirewallsIDPSHonepotsAntivirusHardening...

    !...

    30SOC and ICS/SCADA Security

  • 31SOC and ICS/SCADA Security

  • :

    Security Camera

    Fencing

    Guards

    Gates

    Smart Locks

    32SOC and ICS/SCADA Security

  • :

    Switch

    Router

    Firewalls

    Modems

    33SOC and ICS/SCADA Security

  • :DMZ

    Web Server

    FTP

    SMTP

    DNS

    34SOC and ICS/SCADA Security

  • :

    Profibus

    Modbus

    OPC

    35SOC and ICS/SCADA Security

  • :

    PLC

    RTU

    IEDs

    HMI

    36SOC and ICS/SCADA Security

  • Security Plans, Policies Asset Inventory, System Documentation Change management Risk Management Patch Management Assessment Crisis Management Backup and Recovery

    37SOC and ICS/SCADA Security

  • Asset Management

    Name Description Weight OS Location Business Owner Business Owner Contact Information Technical Owner Technical Owner Contact Information

    38SOC and ICS/SCADA Security

  • Asset Management

    39

  • Vector

    Extranet

    Intranet

    Internet

    Data Center

    Active Directory

    Malware / Virus Infection and Propagation

    NetFlow Analysis

    Remote Sites / WAN

    Remote Access IPSEC VPN / SSL VPN

    Wireless

    ... 40SOC and ICS/SCADA Security

  • 41SOC and ICS/SCADA Security

  • 42SOC and ICS/SCADA Security

  • 43SOC and ICS/SCADA Security

  • Workflow

    44SOC and ICS/SCADA Security

  • 1.

    2.

    1.1 Access Control

    1.2 Use Control

    1.3 Data Integrity

    1.4 Data Confidentiality

    1.5 Restrict Data Flow

    1.6 Timely Response to An Event

    1.7 Resource Availability

    45SOC and ICS/SCADA Security

  • 46

  • 47SOC and ICS/SCADA Security

  • Author: Ali Abdollahi

    References:

    "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014.

    Transaction Monitoring for HMG Online Service Providers" . CESG. Retrieved 22 June 2014

    "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014.

    Dts building scada security operation center EY-security Security Operations Centers helping you get ahead

    of cybercrime Nadel, Barbara A. (2004). Building Security: Handbook for Architectural Planning

    and Design. McGraw-Hill. p. 2.20. ISBN 978-0-07-141171-4.

    SOC and ICS/SCADA Security 48

    https://www.aanval.com/nsochttps://www.gov.uk/government/uploads/system/uploads/attachment_data/file/271268/GPG_53_Transaction_Monitoring_issue_1-1_April_2013.pdfhttps://www.aanval.com/nsochttps://en.wikipedia.org/wiki/International_Standard_Book_Numberhttps://en.wikipedia.org/wiki/Special:BookSources/978-0-07-141171-4


Recommended