CAE-2Y Accredited

Topics Covered

• E-Book Purpose

• Key Objectives

• Outline Of Content

• Training Plans

– Cybersecurity Programs

– Boot Camp

• About ENMU-Ruidoso

• Q & A?

2

CAE-2Y Accredited

Purpose

• Provide a quick reference guide to the framework

• Promote awareness of

– Cybersecurity Critical Infrastructure Framework

– SCADA Cybersecurity threats and vulnerabilities

– The importance of risk assessments

– How to use the framework

– Look into applying security to Indusoft Web Studio

3

CAE-2Y Accredited

Key Objectives

• Knowledge of SCADA and cybersecurity environment

– Types of SCADA systems

– Threats and risks

• Understanding of framework

• Knowledge of tools and processes for risk analysis

• Ability to apply risk management processes to obtain the right framework tier for an organization. 4

CAE-2Y Accredited

Outline Of Content

• Chapter 1 - SCADA Cybersecurity Introduction and Review– What is SCADA

– Overview of Cybersecurity Vulnerabilities

– Understanding Control System Cyber Vulnerabilities

• Chapter 2 – Cybersecurity Framework Introduction– Framework Introduction

– Risk Management and

– the Cybersecurity Framework

5

CAE-2Y Accredited

Outline Of Content

• Chapter 3 – Cybersecurity Framework Basics

– Basic framework overview

– Framework core

• Chapter 4 – How to Use the Framework

– Basic Review of Cybersecurity Practices

– Establishing or Improving a Cybersecurity Program

– Communicating Cybersecurity Requirements with Stakeholders

• Chapter 5 – Indusoft Security Guide

– Embedded in this chapter.6

CAE-2Y Accredited

Outline Of Content

• Appendix (Framework Core, CSET Tool, References, and Glossary)

7

CAE-2Y Accredited

CSET 6.1 Tool

8

https://ics-cert.us-cert.gov/Assessments

CAE-2Y Accredited

Training Plans: Cybersecurity Programs

• Computer and Network Security Certification Program (Online) Credited or Self-paced

• This program is specifically designed to prepare students as Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011and CNSSI No. 4016 Entry Level Risk Analysts and is CAE-2Y Accredited. – IS 131: Network Security Fundamentals-3

– IS 136: Guide to Disaster Recovery- 3

– IS 153/L: Introduction to Information System- 4

– IS 253: Firewalls and How They Work- 3

– IS 257: Network Defense and Counter Measures- 3

– IS 258: Cyber Ethics, Professionalism, and Career Development- 3

9

CAE-2Y Accredited

Training Plans: Cybersecurity Programs

• Associates of Applied Science Degree - Information Systems Cybersecurity (Online) Credited (CAE-2Y,4011 & 4016-E, DOD 8570) Career pathway to 4-yr degrees

• The focus of this program will be on the key components of

information systems assurance and cybersecurity:

– People

– Software

– Hardware

– Data

– Security

– Communication technologies

– How these components can be integrated and managed to create

competitive advantage. 10

CAE-2Y Accredited

Training Plans: Boot Camp

• 4 day Boot Camp covering:– Course Orientation and Introduction to Cybersecurity and SCADA

• CompTIA-Security+ Key Topics

• SCADA Cybersecurity Recommended Practice/ Infrastructure

Guiding Principles/National Infrastructure Protection Plan– IS-821 Critical Infrastructure and Key Resources Support Annex

– IS-860.a National Infrastructure Protection Plan (NIPP)

• Cybersecurity Critical Infrastructure Framework / CAP

Process/Intro to a SCADA Product (IDUSOFT)

• CSET Department of Homeland Security Risk Assessment Process

and Tools Using the Cybersecurity Critical Infrastructure Framework

11

CAE-2Y Accredited

About ENMU-Ruidoso

The National Security Agency and the Department of Homeland Security have designated Eastern New Mexico University - Ruidoso National Center of Academic Excellence in Information

Assurance/Cybersecurity Defense through academic year 2019.

Based on the universities ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure. Meets the eleven Knowledge Units learning objectives

Recognized by the National Initiative in Cybersecurity Education (NICE) as a certified Training Institution for the NIST National Cybersecurity Workforce Framework. http://csrc.nist.gov/nice/index.htm

12

CAE-2Y Accredited

http://www.us-cert.gov/control_systems/csstandards.html

CAE-2Y Accredited