This assignment is a part of your overall final project. Please make sure to incorporate this assignment to your final project; reference to Week 1 Final Project Template.
Apply ICS Security Best Practices
1. NIST 800-82, Industrial Control System Security, http://csrc.nist.gov/publications/drafts/800-82r2/…
2. Identify unremediated risks and choose risk strategy: Accept risk, avoid risk, mitigate risk, share risk, transfer risk, combination.
Reference: NIST 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio…
Identify Vulnerability Continuous Monitoring Strategy
a. Nessus – Bandolier modules.
b. Metasploit â€“ ICS exploits.
d. Nmap â€“ Identify ICS â€œfriendlyâ€ scans.
2. Are these IA certified tools? How so?
a. For example:
ii. Common Criteria: https://www.commoncriteriaportal.org/products/
b. For example: Are these tools SCAP-compliant?
3. Create script rules for baselining each ICS system.
a. For example scripts rules should audit:
i. Installed programs.
ii. Users, groups.