Bill Trelease VP – CTO Delhi Telephone Company [email protected].
-
Upload
rosamond-lucas -
Category
Documents
-
view
218 -
download
0
Transcript of Bill Trelease VP – CTO Delhi Telephone Company [email protected].
Bill TreleaseVP – CTO Delhi Telephone [email protected]
The Cyber Security Framework
The Core of the matter:
Identify Protect Detect Respond Recover
Identify – Who is deciding the what
Put a team together that represents all aspects of your business
Since the Executive Order does not apply, we get to decide what “Core” and “Critical Infrastructure” are for us.
What is critical, and to who
Identify – The inventory
lTelephone
The voice switch A large [capacity] Mux (OC-x) ? DXC ? An NGDLC or OLT
Identify – The inventory
lInternet
• Core or Border router• DNS• Authentication server• Other routers or switches
Identify – The inventory
lTV
• EAS receiver• Comb generator(s)• EAS server
Identify – The inventory
lBusiness Critical
• Billing• NMS / EMS• OSS
Identify – The inventory
Don't forget the interaction• EMS all of it's devices• Billing / OSS to authentication • NMS
Identify – The InventoryDocument IT !!!!!
What it is (make, model, etc) Where it is Who has to have access and what kind (read,
write, admin) Who should not have access Date of last upgrade and / or patch and Rel. Id
Protect
lStart from the outside, work in
• ACLs on Edge routers and SBC• Firewall• Segment networks• Inter company internet network ACLs• Per device
• Real passwords• Appropriate permissions• Backups incremental with full archival snapshots
Detect (think monitor)
Log all login attempts Firewall with current signatures IDS current signatures Traffic patterns specifically changes of
irregularities
Respond and Recover
A response and recovery plan should be in place for all the assets identified
Allow for the possibility that drastic measures may be required Segment disconnect Area isolation Stopping a service to maintain others
The Framework – it's more than just the “core”
Tiers (4) Refer to Framework for more detail Keeps the core from being a check list Indicative of framework risk management
“philosophy” adoption
Tier 1: Partial – don't know that you don't know Tier 2: Risk Informed – know you don't know, but it's ITs problem
The Framework – it's more than just the “core”
• Tier 3: Repeatable – know there is a cyber risk and the company is working on it
• Tier 4: Adaptive – cyber security risk management is integrated in all company practices, there are scheduled tests, and results flow back into the process for improvement
Hand off to Jon