180 likes | 372 Views
Cybersecurity Brief. [Date of presentation]. National Cyber Security Division Mission.
E N D
Cybersecurity Brief [Date of presentation]
National Cyber Security Division Mission • The Department of Homeland Security (DHS) is responsible for safeguarding our Nation’s critical infrastructure from physical and cyber threats that can affect our national security, public safety, and economic prosperity. • The National Cyber Security Division (NCSD) leads DHS efforts to secure cyberspace and our Nation’s cyber assets and networks.
National Cyber Security Division Tools • NCSD provides two tools to assess cybersecurity: • The Cyber Security Evaluation Tool (CSET) • The Cyber Resilience Review (CRR) • These assessments are intended for all 18 critical infrastructure sectors, and for use within State, local, tribal, and territorial governments.
Cyber Security Evaluation Tool • CSET provides users with a systematic and repeatable approach for assessing the cybersecurity posture of their industrial control system (ICS) networks. • CSET is a desktop software tool that enables users to assess their network and ICS security practices against recognized industry and government standards, guidelines, and practices.
CSET: A Four Step Process • STEP 1 – Select Standards: Users are given the option to select industry and government-recognized cybersecurity standards. • STEP 2 – Determine Security Level: The basis for a Security Assurance Level is the user’s answers to a series of questions relating to the potential worst-case consequences of a successful cyber attack. • STEP 3 – Create Diagram: CSET contains a graphical user interface that allows users to create a network architecture diagram using components deemed critical to the organizations cybersecurity boundary and posture. • STEP 4 – Answer Questions: The assessment team then selects the best answer to each question generated by CSET specifically for the user. CSET then generates a list of recognized good practices and/or security gaps based on the answers.
CSET Final Product • CSET generates both interactive (on-screen) and printed reports. • The reports provide a summary of security level gaps or areas that did not meet the recommendations of the selected standards. The assessment team may use this information to plan and prioritize mitigation strategies.
Onsite CSET Assessment • NCSD provides “over-the-shoulder” training guidance to assist asset owners in using CSET for the first time. • An example agenda for an onsite assessment from NCSD would include the following activities: • ICS Awareness Briefing • IT and Enterprise Network Evaluation • ICS Evaluation • Review/Closeout Briefing
CSET Information • To learn more about the CSET or to request a software copy via CD, contact cset@dhs.gov. • For general program questions contact cssp@dhs.gov or visit http://www.us-cert.gov/control_systems/.
Cyber Resilience Review • The CRR serves as a repeatable cyber review of an organization’s ability to manage cybersecurity. • The CRR is a facilitated, interview-based assessment conducted in one day with onsite participants. • The CRR is not an audit, and does not compel an organization to take corrective action. • The CRR is designed to assist in constructive dialogue and cooperative improvement by building a common perspective on resilience.
CRR Key Goals and Process • The key goal of the CRR is to ensure that core process-based capabilities exist and are measureable and meaningful predictors for an organization’s ability to manage cyber risk to critical infrastructure. • This is achieved through eliciting responses from the organization’s IT security, IT operations, and business continuity personnel to assess how the organization performs in key categories during normal operations and during times of operational stress.
Performance Categories 1. Asset Management 2. Information and Technology Management 3. Vulnerability Management 4. Incident Management 5. Service Continuity 6. Environmental Control 7. External Dependency Management 8. Situational Awareness • Each CRR participant is assessed for specific abilities in defining, managing, and performing cybersecurity strategies, operational practices, and individual behaviors in each of the categories to the left:
CRR Results • The CRR report, delivered in 30-45 days post-evaluation, contains results to provide the organization with: • Capabilities and capacities in the form of strengths and weaknesses. • Options for consideration, which identify opportunities for improvement in cybersecurity management and for reduction in operational risks related to cybersecurity. • Please address inquiries regarding the CRR to: CSE@hq.dhs.gov (Cyber Security Evaluations).
[Presenter] [Title] [Email]