Techno Security's Guide to Securing SCADAA Comprehensive Handbook On Protecting The Critical Infrastructure > SCADA Security Assessment Methodology > Frequently Asked Questions

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

Techno Security's Guide to Securing SCADAA Comprehensive Handbook On Protecting The Critical Infrastructure

Search

Ch. 1. Physical Security: SCADA and the Critical Infrastructure's Biggest Vulnerability

Ch. 2. Supervisory Control and Data Acquisition

Ch. 3. SCADA Security Assessment Methodology

Introduction

Why Do Assessments on SCADA Systems?

Information Protection Requirements

An Approach to SCADA Information Security Assessments

Pre-Project Activities

Pre-Assessment Activities

On-Site Assessment Activities

Post Assessment Activities

Resources

Summary

Solutions Fast Track

Frequently Asked Questions

Ch. 4. Developing an Effective Security Awareness Program

Ch. 5. Working with Law Enforcement on SCADA Incidents

Ch. 6. Locked but Not Secure: An Overview of Conventional and High Security Locks

Ch. 7. Bomb Threat Planning: Things Have Changed

Ch. 8. Biometric Authentication for SCADA Security

Personal, Workforce, and Family Preparedness

Index

Frequently Asked Questions

Q I have never needed to worry about SCADA security in the past. Why should I now?
A SCADA systems have migrated toward common protocols such as TCP/IP instead of previously proprietary protocols. SCADA systems are now being interconnected on the same network as the business network, allowing for greater avenues of attack.
Q Why are the NSA IAM and IEM recommended as the methodology to use for SCADA assessments?
A These are extremely flexible methodologies that provide a clear and comprehensive framework for doing any kind of security assessment. The NSA IAM and IEM are not the only methodologies out there and the assessment team can choose which methodology to use. Be sure that, no matter which methodology you use, it covers a similar or better cross-section of information security topics.
Q Why not just give the potential customer exactly what they ask for?
A Because what they ask for may not be what they are really looking for. Be sure to conduct the Vetting process to give the customer what they need.
Q Is understanding critical information and impact important? Don't we just need to know the systems?
A Understanding critical information and impact is essential to defining appropriate recommendations to improve the security posture. This process answers the question of “Why” security needs to be implemented and how much security is required.
Q Why is the On-Site Assessment work broken out between organizational and technical?
A The quick answer is because of the skill set. The skill set required for an individual to conduct the technical assessment is significantly different than those individuals who are conducting the assessment.
Q Can't I just “cut and paste” the results out of the scanning tools?
A No. You must conduct an analysis to make it specifically relevant to that particular organization.
Q Can I get more help when I am conducting an analysis?
A Absolutely. Don't be afraid to seek assistance either by doing additional research or bringing in additional expertise.
Q Are the NSA IAM and IEM rigid methodologies?
A No. The NSA IAM and IEM are very flexible methodologies that are usable across a broad section of organizational types.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 3. SCADA Security Assessment Methodology > Frequently Asked Questions

Frequently Asked Questions