enhanced security through human error awareness pnnl-sa-42136
TRANSCRIPT
Enhanced Security Through Enhanced Security Through Human Error AwarenessHuman Error Awareness
PNNL-SA-42136
Tracking aTracking aSecurity EventSecurity Event
Event
A Security Event Occurs
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
Event
It Is Identified and Categorized
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
Event
A Preliminary Report to DOE Is Made
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
Event
A Full Inquiry Is Begun
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
TakeMitigative
Action
Event
Impact Is Assessed, Mitigation Begun
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
Contributions
TakeMitigative
Action
Event
Direct Cause andContributing Factors Are Identified
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
TakeMitigative
Action
Event
Internal, and… External (ITAC) Documentation
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
TakeMitigative
Action
Event
Resulting in CorrectiveActions and…
…Assessmentof Patternsand Trends
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
TakeMitigative
Action
Event
Corrective Actions to Prevent Recurrence
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
TakeMitigative
Action
Event
Distribute Lessons Learned
Lessons Learned Are Distributed in DOE
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
Distribute Lessons Learned
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
Event
…to Prevent the Likelihood of Similar Occurrences Elsewhere
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
Event
Your role in theincident inquiry process is acritical link in thechain of incident reporting, inquiry, documentation and analysis that supports the goal of reducing the number of security incidents across the DOE complex.
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
EventReporting
Reporting
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
EventReporting
Reporting
InquiryInquiry
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
Prevent Similar
Occurrences Elsewhere
TakeMitigative
Action
EventReporting
Reporting
Documentation
DocumentationInquiryInquiry
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
EventReporting
Reporting
AnalysisAnalysis
Documentation
DocumentationInquiryInquiry
Distribute Lessons Learned
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
EventReporting
Reporting
AnalysisAnalysis
Documentation
DocumentationInquiryInquiry
Lessons LearnedLessons Learned
Distribute Lessons Learned
You AreHere
Tracking aTracking aSecurity EventSecurity Event
Identify &Categorize
PreliminaryReport to DOE
FullInquiry
AssessImpact
Assess DirectCause &
ContributionsDocumentIMI 1, 2, 3via ITAC
DocumentNon Incidents
& IMI 4’sInternally
AssessPatterns &
Trends
DevelopCorrective
Actions
Prevent Recurrence
PreventSimilar
Occurrences Elsewhere
TakeMitigative
Action
Event Reduced Likelihood of Security Incidents
Reduced Likelihood of Security Incidents
Reduced Likelihood of Security Incidents
Reduced Likelihood of Security Incidents
ESTHER:ESTHER:Enhanced Security Enhanced Security
Through Human Through Human Error ReductionError Reduction