Reference no: EM131464682
Audit Defense Practice
A key responsibility for security professionals is representing organizations during audits, either internal or external. Since our case study involves cyber security for a chemical facility, we'll be practicing this skill by responding to questions that might be generated by an inspector with the Department of Homeland Security (DHS).
Consult the attached document to get your assigned audit question and post to the Wiki your question and answer so that we can share the learning experience.
PureLand Wastewater Compliance Audit
Objective
This assignment requires the students to answer questions as might be encountered while undergoing a compliance audit regarding Department of Homeland Security Chemical Facility Anti-Terrorism Standards (CFATS) regulations. The students will play the role of a Cyber Security consultant being audited by a DHS compliance inspector.
Instructions for assignment
1. Find your assigned question from the table below
|
Student Name
|
Assigned Question
|
|
Name 1
|
2.1
|
|
Name 2
|
2.2
|
|
Name 3
|
2.3
|
|
Name 4
|
2.4
|
|
Name 5
|
2.5
|
|
Name 6
|
2.6
|
|
Name 7
|
2.7
|
2. Using the Risk-Based Performance Standards
Guidance Chemical Facility Anti-Terrorism Standards document for reference, research and write an answer for one of the following questions (assigned to you based on a random draw) from a DHS inspector conducting a site inspection. Consult your team members if you need help. After the team has compiled all their answers, get ready to be audited by the instructor. You'll have 20 minutes to research and write your answer.
2.1. What systems listed on your PureLand Network Diagram do you consider to be the most critical systems? Why did you pick these systems as most critical?
2.2. What do you feel are the most important elements of a successful change management process? How will you ensure that changes made to the Cyber systems at PureLand Wastewater won't lead to Cyber Security Incidents?
2.3. Is there currently any segregation of systems at PureLand based on criticality of the systems? If yes, please explain the segregation strategy. If not, please explain what plans are being developed to segregate assets on the network based on risk.
2.4. What methods are used or planned for implementation to manage passwords? Is there any differentiation in how end user and privileged (e.g., system administrator) accounts are managed?
2.5. Is there currently any Cyber Security awareness and training program in place at PureLand? If yes, please explain the frequency and method of documenting completion. If not, please explain what topics will be included in your awareness program and how you plan to document and track compliance.
2.6. What kinds of technical controls are being used at PureLand to prevent malware attacks? What additional controls are planned for implementation within the next 24 months?
2.7. If PureLand was aware of a Cyber Security incident taking place at their facility, what is the protocol for responding to and reporting the incident?
2.8. What measures does PureLand take (or plan to take) to secure Safety Instrumented Systems to prevent Cyber Security incidents from causing a catastrophic event?
2.9. Does PureLand have an up to date inventory of hardware connected to their network? What is included in the inventory? Is PureLand aware of new devices being added to the network? What technology is used to gain awareness of what devices are connected to the network?
2.10. What do you feel is the greater risk driver for PureLand Chemical theft or diversion or release of the Chemical of Interest and why?
2.11. Provide some examples of areas you feel have physical security concerns related to cyber assets along with brief explanations of why they have higher risk.
2.12. What are the requirements you will have for the person who will manage your cyber security program?
2.13. Does PureLand use shared accounts for accessing computer systems? What are the risks associated with use of shared accounts and how might you mitigate these risks?
2.14. Does PureLand use separation of duties as a security practice? What duties are separated or planned to be separated and why?
2.15. What kinds of controls are in place to ensure access to devices or information is managed appropriately? What processes are used or planned to manage changes to the workforce?
2.16. If PureLand had a Cyber Security Incident take place (for example, an APT penetration), who would PureLand IT folks report the incident to internally and externally? How would they notify the Department of Homeland Security?