NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
NERC CIP Cyber Security Standards V4 – Is it getting better or worse?
Upcoming SlideShare
Loading in...5
×

NERC CIP Cyber Security Standards V4 – Is it getting better or worse?

955

Published on

The Federal Energy Regulatory Commission (FERC) will likely soon approve version 4 of the North American Electricity Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards. The new standards replace the traditional risk-based approach of identifying critical cyber assets with more prescriptive Bright Line criteria. How can those subject to the NERC CIPs comply with these new criteria and adopt them in a way that balances their business needs and risks? In addition, how does the adoption and spread of the smart grid impact business practices, privacy issues, threats, vulnerabilities and the need for security controls?

In this webcast, Paul Reymann, security and compliance expert and CEO of ReymanGroup joins Jim Stanton, Senior Energy Consultant at ReymannGroup to address those questions, and specifically discuss:

How operational characteristics of each asset help determine the security and reliability controls required.

The potential risk of adopting a prescriptive controls model that is tied to the bright-line criteria.
The current struggles between FERC, NERC, and the industry around updating the standards.

Possible future scenarios and legal implications of a new regulatory structure that might improve the process.

The pros and cons of the evolution of the smart grid.
So tune in and learn how to prepare for the latest version of the NERC CIP standards, and discover what changes may be coming for the complex regulatory structure that surrounds it.



Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
955
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Because companies are still having so many problems, more prescriptive guidance and stronger compliance ensues.
  • Attacks are more real than everStuxnet as an exampleIndustry is running as fast as possible to “hardened shell” strategy.Blind side not working – it’s the server and the data2 problems – The technical solution – harden from the inside outGetting people to acknowledge this as a better way and begin to adopt this new approachWhere are we?Battle between configurations and events+perimeterDavid vs. GoliathSecurity industry: events and perimeterEmerging compliance mandates: ConfigurationsCompliance: ConfigurationsVerizon: ConfigurationsSANs: ConfigurationsFederal government: Configurations and monitoringOrganizations are getting a false sense of security, because they are investing in reactive controls but not getting the benefit of their investment.At an inflection point. Our focus is on hardening and defending the server.Standards can’t evolve fast enough and no single compliance requirement will be enough.Hardened shell – embrace and extendEmbrace and extend the hard shellHard shell is necessary but not sufficientInside-out strategy
  • Leverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs
  • Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  • Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  • Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×