Читать книгу Critical Infrastructure Risk Assessment - Ernie Hayden MIPM CISSP CEH GICSP(Gold) PSP - Страница 8
ОглавлениеTable of Contents
WHAT YOUR COLLEAGUES ARE SAYING ABOUT CRITICAL INFRASTRUCTURE RISK ASSESSMENT
DEDICATION AND ACKNOWLEDGEMENTS
The Genesis
In this chapter you will discover:
The Risk Assessment Flow Chart
PART I FOUNDATIONS Chapter 1 Just What is Critical Infrastructure?
1.1 What is Critical Infrastructure?
1.2 Critical Infrastructure Conceptual Development — United States
1.2.1 Mid-1990’s — Executive Order 13010
1.2.2 1998 — Presidential Decision Directive (PDD) 63
1.2.3 2001 (Post 9/11) Executive Order 132 2823
1.2.4 2001 (Post 9/11) USA PATRIOT Act24
1.2.5 2002 National Strategy for Homeland Security26
1.2.6 2003 National Strategy for Physical Infrastructure Protection
1.2.7 2003 Homeland Security Presidential Directive (HSPD-7)
1.3 International Perspectives on Critical Infrastructure
1.4 Critical Infrastructure — A Missing Sector
1.5 Critical Infrastructure Interdependencies
1.5.1 Seattle Tacoma Airport Oil Pipeline Interdependencies
1.5.2 Critical Infrastructure Interdependencies with Orbiting Satellites
1.5.3 The Expansive Nature of Interdependencies and Critical Infrastructure
1.7 Questions for Further Thought and Discussion
Chapter 2 Risk and Risk Management 2.1 What is Risk?
2.1.6 Risk Appetite and Tolerance
2.2.1 Risk Management Principles
2.2.4 Risk Management Focus — Component or System
2.2.5 Risk Management Focus — Defensive and Offensive
2.2.6 Risk Management Focus — Checklist Approach
2.2.7 Risk Management — Convenience vs Liability or Risk
2.2.8 Risk Management — Summary Guidance
2.3 The Next Chapter — Risk Assessment
2.4 Questions for Further Thought and Discussion
3.1 Definitions of Risk Assessment
3.2 Assessment Foundational Principles, Scope, and Applicability
3.3 Application of Risk Assessments
3.4 Risk Assessment Techniques
3.4.2 Deductive Risk Assessment
3.4.3 Inductive Risk Assessment
3.4.4 Targeted Risk Assessment
3.5 Assessment Approaches — Qualitative vs Quantitative
3.7 Difference Between Assessment and Audit57
3.8.2 NIST SP 800-30, R1 — Guide for Conducting Risk Assessments
3.8.3 NIST SP 800-30, R0 — Risk Management Guide for Information Technology Systems
3.8.4 Cyber Security Assessments of Industrial Control Systems — Good Practice Guide
3.8.5 Hybrid Risk Assessment Flow Chart
3.9.2 Conducting the Assessment
3.10 Questions for Further Thought and Discussion
PART II HANDBOOK Chapter 4 Pre-Assessment
In this chapter you will discover:
4.4 Collect Artifacts, Templates, Preliminary Documentation
4.5 Define the Assessment Plan
4.6 Hold the Initial Team Meeting
4.10.1 Example Site Risk Assessment Visit Plan
4.10.2 Preparing Your Steno Pad
4.10.3 Pre-Checking Control System Assets for Vulnerabilities
4.11 Excited to Start the Assessment
Chapter 5 The Power of the Observation
In this chapter you will discover:
5.1 An Introduction to the History of Observations
5.2 Just What is an “Observation?”
5.4.2 Communicating Your Observations
5.5 Unintended Influence of the Observation on Performance of Work
5.7 The Power of the Observation
In this chapter you will discover:
6.1 On Site Arrival — Entrance Meeting
6.2 Example Site Schedule and Activities
6.5.1 Tools of the Inspection Trade
6.5.2 Inspection Data Collection
6.8 Development of Strengths & Weaknesses
In this chapter you will discover:
7.1 Back in the Home Office — Compiling the Information
7.2.4 Informational Observations
7.3 Identifying the Risk Level of Findings
7.3.2 Probability or Likelihood
7.3.3 Risk Assessment Matrix Development
7.4 Preparing the Draft Report
In this chapter you will discover:
8.1 Rule #1 — Don’t Shelve the Report and Findings!
8.3 Assign a Professional Project Manager
8.4 Review the Entire Risk Assessment Report
8.4.1 Recognize the Strengths!
8.4.2 Assign Unique Numbers to Each Finding
8.5 Build the Remediation Team
8.7 Monthly Meetings (or More Frequent)
8.10 Postmortem/After-Action Review
8.11 Questions for Consideration
Chapter 9 Continuing the Journey
“Hey Boss, I know how to do a Risk Assessment!”
