Module 8: Remediation
Description
This module covers how to control risk to the network through appropriate remediation techniques. It introduces the concept of the Security Design Life Cycle (SDLC) and the importance of building security in at initiation, rather than “bolting” it on afterwards. In ICS and other SCADA systems, this may not be possible. Foundation guidelines and policies for controlling risk and personnel behavior will be addressed. An enumeration of network protection systems will be provided, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
The module discusses the importance of digital signatures to providing device authentication, and how vulnerabilities specific to ICS systems relate to remediation techniques. Additionally, it covers common vulnerabilities found in ICS systems and techniques to identify vulnerabilities, as well as remediation techniques.
Objectives
| # | Revised Bloom’s Taxonomy | Objective | Slide # | Act. 1 | Team Act | Assess Ques # |
|---|---|---|---|---|---|---|
| 8.1 | Understand | Describe how risk management techniques control risk. | 3 – 7 | 3, 4, 6 | ||
| 8.2 | Understand | Identify the types of security policies and how these relate to remediation. | 8-9 | 10 | ||
| 8.3 | Understand | Describe how awareness and training can provide increased security. | 10-11 | |||
| 8.4 | Understand | Identify remediation techniques in an ICS network, including routers, firewall technology, and tools for configuring firewalls and routers. | 12 – 17 | X | 2, 5, 11 | |
| 8.5 | Understand | Describe intrusion detection and prevention systems and web-filtering technologies. | 18 – 19 | 1 | ||
| 8.6 | Understand | Explain the importance of digitally signed code for pushes of firmware and other updates to automated devices. | 20 -21 | X | ||
| 8.7 | Apply | Demonstrate the ability to evaluate and assess vulnerabilities in ICS networks. | X | |||
| 8.8 | Understand | Explain and make recommendations for remediation strategies in an ICS network. | ||||
| 8.9 | Understand | Describe the hazards (do and don’ts) of the corporate network process vs. ICS network process. |
