当前位置:首页 > 报告详情

维护您的ICS网络安全计划——获得支持、沟通风险并确保长期成功.pdf

上传人: 可*** 编号:991883 2025-12-07 28页 1.68MB

1、CybersecuritySustaining Your ICS Cyber ProgramGaining Support,Communicating Risk,and Ensuring Long-Term Success Blake GilsonUpstream Oil&GasManufacturingMidstreamPipelineFuels/TerminalsLube OpsUnconventionalDeep WaterLNG/ConventionalRefining/ChemicalsResearch LabsResearchProtect the perimeter of the

2、 ICSThe perimeter of the ICS is a critical layer of our defense in depth strategyProtecting&monitoring is a key enabler to maintain a strong cyber postureEnable visibility within the ICS Detect within the ICS to enable visibility into key infrastructureSupplement local monitoring with central monito

3、ring capabilities Monitorkey data centrallyData aggregation enables event correlation&fleet monitoringCollect key data sources&refine alerts to enable value added investigationsInvestigatethrough partnerships Site Engineering&Operations teams critical for investigationsPartnership with IT&OT subject

4、 matter experts is key to unlocking value A p p r o a c h t o I C S C y b e rService Management FoundationL e s s o n s f ro m E x xo n M o b i l s A p p r o a c hDedicated OT cybersecurity program&rolesIntegrated security with operationsCross-functional OT and IT teamsCentralized framework,local ex

5、ecutionData-driven security improvementsCybersecurity as a cultural priority5F ra m i n g Yo u r P ro g r a mWhy do we have an OT/ICS Cyber Program?Safety?Cybersecurity?Operations?Stop the threats?About new developing risk management area?Backdoor/BreachBackdoor/BreachSteal/Break SomethingSteal/Brea

6、k SomethingLogic Bomb to Impact OTCyber Physical AttackCyber EspionageCyber PrepositionI T /OT C y b e r T h r e a t O v e r l a pBow-tie analysis as bases for OT controls understandingVisual control relationship to eventPossibly effective engineering,operations or leadershipRisk EventB o w-T i e A

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Sustaining Your ICS Cyber Program》文章,以下为全文关键点: 1. **ICS网络安全的重要性**:保护工业控制系统(ICS)对于确保操作完整性(OI)至关重要,以保障工业系统安全、可靠和负责任地运行。 2. **ICS与IT网络安全差异**:两者在目标、环境和风险上不同,但都对于确保持续业务运营(CBO)至关重要。 3. **ICS网络安全策略**:包括建立专门的网络安全计划、跨职能团队、集中框架、本地执行、数据驱动安全改进和将网络安全作为文化优先事项。 4. **风险与控制**:使用鱼骨图分析(Bow-tie analysis)来理解OT控制,并确保预防、检测和恢复措施到位。 5. **关键绩效指标(KPIs)**:包括合规性、风险降低活动、员工网络安全准备度、响应时间改进和业务影响。 6. **文化成熟度**:从“因为它是规则”到“因为它对成功至关重要”,逐步提高网络安全文化成熟度。 7. **测量与指标**:使用平衡计分卡、综合视图、部门重点和交付来衡量OT网络安全计划。
企业韧性保障" "如何打造OT网络安全文化?" 业务优先还是风险控制?"
客服
商务合作
小程序
服务号
折叠