当前位置:首页 > 报告详情

研讨会 - 网络 FAT_SAT.pdf

上传人: 可*** 编号:991870 2025-12-07 22页 1.73MB

1、Workshop:Paul Piotrowski and Mike HoffmanWorkshop:Paul Piotrowski and Mike HoffmanDOING FAT/SAT RIGHT IN ICS/OT PROJECTSWHO ARE WE?Paul PiotrowskiSANS Certified Instructor,ICS410 Principal OT Cyber Security Engineer in Shells Global OT Security Discipline.Consult on Global Capital Projects and suppo

2、rt Shell Operated and Non-Operated Assets globally.Spent over 22 years in Shell in various security roles including network operations,risk governance and compliance,audit,incident management,forensics,pen testing and project management.Helped create the GICSP Cert(#50)Involved with SANS over the la

3、st 10 years on various initiatives.Certs:GICSP,GRID,GCIP,CISSP,CRISCMike HoffmanSANS Certified Instructor ICS410,ICS612O&G Advisory Solutions Architect with the industrial cybersecurity company Dragos,Inc.Held positions with Shell for 20 years across ICS Security Engineering,Controls&Automation,Labo

4、ratory&Process Analyzers,Measurement,and Instrumentation&Electrical.Technical background gives him an understanding of industrial processes,which is extremely important in understanding the impact of OT system compromise and the nuances of defense.SANS Technology Institute MSISE graduate.Certs:GSE#3

5、20,GRID-Gold,GICSP-Gold,GCIP,GCLD,GPEN,GWAPT,GCIH,GCIA,GPYC,GSEC,GSTRT,GCPM,GCCC,CISSP,PMPCONTEXT AND GROUNDINGSuper Cool Stuff about FAT and SAT!CYBER SECURITY THROUGHOUT THE LIFECYCLEDesign SecureBuild to External Standards(e.g.,ISA/IEC-62443,NIST 800.XX,NIST CSF V2.0),SANS 5 Critical Controls-at

6、Minimum.Procure SecureSystem Security Requirements,Security Procurement LanguageCommission SecureFactory Acceptance Testing,Site Acceptance Testing,CutoverRun SecureSecurity Program Management,Assessments,Auditing,Change ManagementLook to the NIST CSF v2.0 for practice areasDecommission SecureRemova

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Data》标记中的内容,全文主要内容概括如下: - **作者与背景**:Paul Piotrowski 和 Mike Hoffman,SANS 认证讲师,专注于工业控制系统(ICS)和运营技术(OT)的安全。 - **FAT 和 SAT 的定义**:FAT(工厂验收测试)和 SAT(现场验收测试)是确保 ICS/OT 系统安全的关键阶段。 - **FAT 和 SAT 的重要性**:确保系统安全要求在 FAT 阶段得到验证,避免技术债务,降低风险。 - **FAT 和 SAT 的阶段**:包括规划、设计、采购、建设、调试和运营等阶段。 - **FAT 和 SAT 的测试内容**:网络管理、安全监控、账户管理、日志配置、防病毒、资产清单、操作系统补丁管理等。 - **FAT 和 SAT 的成功关键**:确保法规遵守、明确期望、记录测试、与供应商合作、时间管理、问题升级和沟通。 - **高级 FAT 和 SAT 活动**:利用非生产环境进行额外安全工作,如数据流分析、漏洞扫描、渗透测试等。 - **资源**:提供各种资源,如检查清单、模板和指导方针,以帮助进行 FAT 和 SAT。
"FAT/SAT的关键误区有哪些?" "如何避免工厂验收风险?" "提升FAT/SAT测试效果的秘诀?"
客服
商务合作
小程序
服务号
折叠