Approved for 1 CompTIA CEU: A+, Network+. Security+, Cloud+, CySA+ and CASP. 1 GIAC CPE. 1 Logicial Operations CFR CEC.
The sophistication of global threats continue to evolve, while organizations race to keep pace with an ever changing library of standards, regulations and policies based on outdated historical data. Recent events like that targeting Equifax show that today's actors only need a brief moment of weakness in order to establish a persistent foothold with significant consequences.
The solution lies in how organizations can implement a security architecture that complies with current obligations, while at the same time offering assurance that it will tolerate unknown threats that may have not been previously considered. This resilient security architecture focuses on key essential services through proven risk identification concepts and a layered approach to fault-tolerant risk mitigation strategies. This underlying strategy shifts traditional layers of protection from a perimeter-based approach to a functional one. Many understand the concept of a "blended" attack -- especially after the events against the electric distribution infrastructure in the Ukraine - and are now aware of the potential for extreme consequences should an adversary succeed.
The US government - working closely with industry partners - developed a framework for reducing cyber risks to critical infrastructure. Many organizations struggle in applying the framework to real-world installations with the goal of reducing not only risk, but improving resiliency of the underlying industrial architecture. The problem many organizations face is how to cope with a constantly changing threat landscape, while at the same time complying with both internal and external regulations and policies. The solution must address the resiliency of an operational architecture and how it can anticipate, withstand, recover from, and evolve in the face of adverse conditions.
This session will discuss the importance of operational risk and information assurance. The concepts behind threat, vulnerability and risk identification and management will be introduced and how they are being applied within critical infrastructure. It will introduce a methodology upon which traditional one-dimensional policies can be augmented to encompass a two-dimensional approach to identifying and reducing operational risk.
Key topics covered will include identifying operational risk across cyber, physical and electromagnetic spectrum domains, mapping threats to operational risk, identifying and characterizing operational assets, and application of multi-dimensional approach to cyber security and resilience.