Driving Factors

Security Risk Mgt

Controls

Compliance

Risks, Threats, Vulnerabilities

• Risk – Generalized impact statement– Ex: disclosure of ratepayer data would be bad

• Threat – a generic method of exploiting a risk– Ex: interception of data in-flight or at rest

• Vulnerability – a specific, actual, existing technical issue that could be leveraged– Ex: an unencrypted customer information file on a

server

Risk Profile: Confidential Data

• Generalized Risks:– Disclosure, Unauthorized Modification

• Threats:– Interception of data in-flight, at rest, after

transformation, after export, before destruction

• Vulnerabilities:– Unencrypted data transport– Unencrypted storage in flat files or in DB– Unencrypted storage after export to external

components– Unencrypted data prior to disposal or destruction

Reliability Engineering• Security controls fail with individual

unpredictability but consistently across large control sets or long periods of time

• Layered security controls limit the scope and impact of individual control failures

• Existing control set for this service– Firewalls, IDS, server hardening, patching, access

request controls, authentication/authorization, filesystem access controls, virus scanning, enterprise hardening baseline analysis, OS software, service software, application software, maintenance scripts

Mapping Vulnerabilities to Controls

• Vulnerability: Unencrypted data transport– Control: use NAESB, SFTP, or encrypted CD

• Vulnerability: Unencrypted data storage– Control:

• Vulnerability: Unencrypted data after transformation– Control:

• Vulnerability: Unencrypted data prior to disposal– Control:

Data Transport Mechanisms• NAESB

+ Current Market Standard+ Existing management and maintenance infrastructure+ Existing application infrastructure+ Strong authentication/encryption

• SFTP+ Strong transport encryptiono Partially existing server infrastructureo Partially existing management infrastructure for static passwords- No existing management infrastructure for ssh-keys- Use of static passwords for authentication creates possibility for

password recovery via brute-force or disclosure at endpoints- Reduced visibility from network security monitoring platform- Additional implementation risk- Additional management/maintenance risk

Data Transport Mechanisms• CD-R / DVD-R

+ Easy- Transportation via licensed/bonded couriers?- Still need to address encryption of data in transit- Physical media destruction becomes an issue- Need to develop operational procedures- Need to develop physical infrastructure for accepting, handling,

storing, and destroying media