Order Now

Expert answer:project work

Uncategorized

Expert answer:This assignment is a part of your overall final project. Please make sure to incorporate this assignment to your final project; reference to Week 1 Final Project Template.Profile ICS Devices1. For each ICS device document:a. Logical PortsFor example, 80, 443, etc.http://www.digitalbond.com/tools/the-rack/control-…b. Protocols RunningFor example, SMTP, SNMP, DNP3, Modbus, Fieldbus, Ethernet, etc.c. Physical Connection TypesFor example, serial, RJ45, USB, parallel, etc.http://www.digitalbond.com/tools/the-rack/control-…d. Default Accounts:Research the manufacturer’s information on the device. Look for default account information to login with.Check “Default Password List” for an entry: http://www.defaultpassword.com/e. ServicesResearch manufacturer’s information on the device and document services running.f. AuthenticationResearch manufacturer’s website for the device and locate information on how the device authenticates users.g. Use of EncryptionResearch manufacturer’s website for the device and locate information about encryption. For example, does the device use encrypted connections? Is the back-end database encrypted? What type of encryption does it use? Is public/private key encryption like RSA?h. Logging CapabilityResearch manufacturer’s website for the device and locate information about logging. Answer questions like is logging enabled? Are logs stored locally or remotely?i. Other Security DocumentationDoes the manufacturer have any security related documentation not provided above that would be of use?NOTE;THIS IS PROJECT EXTENSION PAPER THE WATER PLANT DOCUMENT IS ONE OF THE PART OF THE PROJECTC AND I NEED FURTHER EXTENSION FOR THIS PROJECT ACCORDING TO THE QUESTION
sec6084_ics_risk___audit_methodology_project_template__1_.docx

water_plant_industry_document_1.docx

Unformatted Attachment Preview

Running Head: ICS Risk & Audit Methodology Project Template
ICS Risk & Audit Methodology Project Template for Water Plant
SEC6084
Your Name
1
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
2
Table of Contents
Description of Industry …………………………………………………………………………………………………….X
Industrial Control System Processes Employed …………………………………………………………………..X
Profile ICS Security Devices …………………………………………………………………………………………….X
Create Diagrams of ICS Device Network …………………………………………………………………X
Identify, Measure, and Manage Risks ……………………………………………………………X
Identify Security Controls …………………………………………………………………………………………………X
Apply ICS Security Best Practices ………………………………………………………………………….X
Identify Vulnerability Continuous Monitoring Strategy………………………………………………………..X
Reference ……………………………………………………………………………………………………………………….X
Appendix …………………………………………………………………………………………………………….. X
Example: Industrial Incident or Accident ……………………………………………………X
Example: Disaster Recovery and Incident Response…….. ………………………………X
Example: Test Outputs…………………………………………………………………………………………..X
Example: Vulnerability Scan Reports ………………………………………………………………………X
Example: Analysis Metrics from Tools ……………………………………………………………………X
Example: Presentations ………………………………………………………………………………………….X
Example: Screenshots of Systems …………………………………………………………………………..X
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
3
List of Tables and Figures
Figure 1. Example: ICS System Documentation ………………………………………………………………….X
Figure 2. Example: Security Solution Documentation ………………………………………………………….X
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
4
Description of Industry
1. What type of industry is this?
2. What is the importance of this industry to society?
Industrial Control System Processes Employed
1. List industrial control system processes specific to industry.
2. List the control systems that control those processes and how they control those
processes.
3. Create a network diagram displaying the interconnections of the industrial control
system devices listed in item 3.
a. For example: Use ICS CERT CSET, Visio, Excel, Word, etc.
Profile ICS Devices
1. For each ICS device document:
a. Logical Ports
For example, 80, 443, etc.
http://www.digitalbond.com/tools/the-rack/control-system-port-list/
b. Protocols Running
For example, SMTP, SNMP, DNP3, Modbus, Fieldbus, Ethernet, etc.
c. Physical Connection Types
For example, serial, RJ45, USB, parallel, etc.
http://www.digitalbond.com/tools/the-rack/control-system-port-list/
d. Default Accounts:
Research the manufacturer’s information on the device. Look for default
account information to login with.
Check “Default Password List” for an entry:
http://www.defaultpassword.com/
e. Services
Research manufacturer’s information on the device and document services
running.
f. Authentication
Research manufacturer’s website for the device and locate information on
how the device authenticates users.
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
5
g. Use of Encryption
Research manufacturer’s website for the device and locate information
about encryption. For example, does the device use encrypted
connections? Is the back-end database encrypted? What type of
encryption does it use? Is public/private key encryption like RSA?
h. Logging Capability
Research manufacturer’s website for the device and locate information
about logging. Answer questions like is logging enabled? Are logs stored
locally or remotely?
i. Other Security Documentation
Does the manufacturer have any security related documentation not
provided above that would be of use?
Identify, Measure, and Manage Risks
1.
Identify risks:
Risk is a function of M, AV, T, and V:
R = f (M, AV, T, V)
R – risk, M – mission importance, AV – asset values, T – threats, V –
vulnerabilities
2.
“What”: what is the problem/challenge in managing risks and auditing the ICS?
Explain how you might measure
“Why”: why do you need and want to solve the problem?
“How”: how do you economically solve it?
Identify Security Controls
1. Select security controls based on results from “Industrial Control System Processes
Employed” and “Profile ICS Devices”:
Reference either ICS CERT CSET or NIST 800-53, Security and Privacy Controls for
Federal Information Systems and Organizations,
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
Apply ICS Security Best Practices
1. NIST 800-82, Industrial Control System Security,
http://csrc.nist.gov/publications/drafts/800-82r2/sp800_82_r2_draft.pdf
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
2. Identify unremediated risks and choose risk strategy: Accept risk, avoid risk, mitigate
risk, share risk, transfer risk, combination.
Reference: NIST 800-37, Guide for Applying the Risk Management Framework to
Federal Information Systems,
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf
Identify Vulnerability Continuous Monitoring Strategy
1. Examples:
a. Nessus – Bandolier modules.
b. Metasploit – ICS exploits.
c. Snort
d. Nmap – Identify ICS “friendly” scans.
2. Are these IA certified tools? How so?
a. For example:
i. NIAP: https://www.niap-ccevs.org/CCEVS_Products/pcl.cfm
ii. Common Criteria: https://www.commoncriteriaportal.org/products/
b. For example: Are these tools SCAP-compliant?
3. Create script rules for baselining each ICS system.
a. For example scripts rules should audit:
i. Installed programs.
ii. Users, groups.
iii. Shares.
iv. Services.
v. Processes.
vi. Etc.
6
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
Reference
7
ICS RISK & AUDIT METHODOLOGY PROJECT TEMPLATE
Appendix
8
1
Running Head: WATER PLANT INDUSTRY
Water Plant Industry
Description of the industry
The type of industry
Water is a very vital resource in the world. It is not equally distributed; meaning that all
human beings do not have equal access to water. Water plant industry refers to the industry that
provides water for drinking; both for human and animal consumption, as well as waste water
2
Running Head: WATER PLANT INDUSTRY
services which include the treatment of sewage water to industrial, residential and commercial
sectors of the economy. This industry also includes waste water plant construction, water
engineering, equipment supply, operations, specialist water treatment chemicals, waste water and
water plant construction, among many others (Water industry, 2011).
A largest percentage of industries rely largely on water industry for their operations and
processes. Water industry has played a key role in ensuring that all the other industries achieve
their goal. Food industry is a good example of those industries that rely on water industry for
their operations. The food sector relies on water industry to produce beverages which include the
bottled water. This is to mean that, all the suppliers and manufacturers of bottled water are also
in water industry. Statistics show that in 2015, the consumption of bottled water per capita in the
United States of America totaled to36.5 gallon.
Water industry is the type of industry that is relied upon by all the living creatures. Various
organizations and industries use water industry for most of their operations. Water is life and
therefore ensures the continuity and sustainability of the other industries.
Importance of water industry to the society
As noted earlier, water is a very important factor in life. Without water, earth could not
have been a comfortable place for both human beings and animals. Therefore, water industry has
played a very vital role in promotion of life and to the society at large. It has been a great
challenge for the industry to convince the public that wastewater can be treated and become
useful once again. The industry has been of great importance to the society whereby it has gone
ahead with the recycling of wastewater. This has greatly helped those regions that suffer from
3
Running Head: WATER PLANT INDUSTRY
water scarcity. Once the waste water has been recycled, the problem of water scarcity in some
parts of the country has been half-solved.
With the availability of recycled water by the water industry, the use of external water
sources has been minimized hence enhancing water savings. This has ensured that processes like
food manufacturing does not stop due to lack of water (Water industry, 2011)..
Water industry has also played a very important role by ensuring that the world’s
economy keeps on increasing and moving forward. It is through this industry that activities such
as fishing, irrigation, agriculture and transportation of goods and services have been made
possible. By all that, ecosystem has been supported largely by this irrigation. Therefore in other
words, this industry has greatly promoted life to the later.
Apart from food manufacturing, this industry has also contributed greatly to the success
of other industries such as the acids manufacturing industries. For these acids to be
manufactured, water is a very key component that must feature in. For both the sulphuric and
nitric acid to be produced, water is integral factor for the entire industrial process to be
successful.
This industry ensures that there is water availability needed for industrial process.
Whenever these processes take place, a lot of heat is produced and therefore this water is useful
in cooling the machines in industries and factories. Water is therefore used in industries for
fabrication, lubrication, cleaning, smelting and cooling of machines.
4
Running Head: WATER PLANT INDUSTRY
Water plant industries aid in treatment of sewage, water treatment, conservation and then
distribution. It helps in distributing water to those places which do not receive adequate rainfall
hence saving lives from drought and famine.
As seen earlier, water industry aids in provision of water for drinking by enhancing its
quality through the treatment of sewage. Alongside that, it provides wastewater services to
various sectors of economy which include commercial, residential and industrial sectors. Sewage
treatment also helps in controlling waste pollution in the society hence ensuring that the
environment is safe and conducive for all the people and animals both living in the land and in
the waters (Arceivala & Asolekar, 2007).
5
Running Head: WATER PLANT INDUSTRY
Water industry has also played a very big role in the production of electricity. Electricity
production relies greatly in water. Electricity is another important component which is equally
important to water. It is actually used everywhere. Most of the processes require electricity in
order to be successful.
Through provision of water by this industry, sanitation has been improved in various
communities whereby this industry has taken the initiative of creating awareness on proper
hygiene to both the individuals and communities (Wintgens, Li & Kazner, 2013)
Water plant industry has also developed new ways of collecting and storing rain water for
example through the construction of dams. Additionally, it has formulated policies that govern
the use and conservation of water in the society.
Above all, it has created employment opportunities to people. Many jobless people have
secured a job in this industry. This has helped in improving the standard of living among people
through which the global standard of living has been attained. People of all specialization and
specification have been employed in this industry to provide workforce and a successful running
of the entire industry.
Industrial control processes employed
The control system processes specific to this industry
This industry employs some Industrial Control Systems (ICS) which include the
Supervisory Control and Data Acquisition (SCADA). These two technologies ensure that the
functionality and operation of the control systems in this industry (Groves & Azagra, 2012).
The control systems that control these processes and how they control them
6
Running Head: WATER PLANT INDUSTRY
The industry has control systems such as ICS and SCADA which are used to monitor and
control all the operations taking place in the industry. These control systems also ensure that the
functionality of the whole industrial process is maintained.
These systems also contain traditional IT elements which ensure the security of the whole
process. It is there to provide protection and detect any cyber attacks that could make the whole
process to collapse or not to function as intended. Distributed Control Systems (DCS) together
with Programmable Logic Controllers (PLC) are also examples of control systems used in water
industry. The DCSs ensure that the production systems are controlled within the industry while
the PLCs aid in controlling specific applications and providing the regulatory control generally.
A network diagram displaying the interconnections of the industrial control system devices
The following diagram shows the interconnections of the industrial control system devices. The
diagram clearly shows that this device has different levels. The levels include the field level, the
direct control level, the plant supervisory level, the production level and the production
scheduling level.
7
Running Head: WATER PLANT INDUSTRY
8
Running Head: WATER PLANT INDUSTRY
References:
Groves, D., & Azagra, E. (2012). Bridging the Gap between IT and SCADA Systems in the
Water Sector. Journal – American Water Works Association, 104, 26-29.
http://dx.doi.org/10.5942/jawwa.2012.104.0035
Water industry. (2011). Teddington, Richmond upon Thames [England].
Wintgens, T., Li, Y., & Kazner, C. (2013). Water Resources and Industry. Water Resources and
Industry, 1-2, iv-v. http://dx.doi.org/10.1016/j.wri.2013.08.001
Arceivala, S., & Asolekar, S. (2007). Wastewater treatment for pollution control and reuse. New
York, N.Y.: McGraw-Hill Education LLC.

Purchase answer to see full
attachment

How it works

  1. Paste your instructions in the instructions box. You can also attach an instructions file
  2. Select the writer category, deadline, education level and review the instructions 
  3. Make a payment for the order to be assignment to a writer
  4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades

Continue to order Get a quote
Place your order
(550 words)

Approximate price: $22

Recent Comments

No comments to show.

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 20% with the discount code ESSAYHELP

Get a plagiarism free paper now