MISO Change Management and the Journey of Maturity. Tricia Cawthon August 30, 2013
|
|
- Janel Tyler
- 7 years ago
- Views:
Transcription
1 MISO Change Management and the Journey of Maturity Tricia Cawthon August 30, 2013
2 tcawthon.misoenergy.org Tricia Cawthon, Sr. Manager IT Operations Support Employed by MISO for 6.75 years Several other roles Background Project Management PMO Oversight IT Sarbanes-Oxley Program Manager Quality Assurance IT Service Management Industries Manufacturing of Hot Dog Casings (Teepak, Inc.) Manufacturing of Micro Chips (Rockwell International) Student Loans (Sallie Mae) Timeshare Exchanges (RCI) Electric Grid Reliability and Market Operations (MISO) Who am I? 2
3 What do I do at MISO? 3
4 Business risks demand improvements and automation Ever growing, ever changing regulations NERC CIP: Critical Infrastructure Protection; Reliability and Cyber Security Focus *** Future state: CIP V5 R 10, prescriptive configuration management SSAE 16: Market Operations and Financial Focus Board of Directors and Stakeholders: require regulatory proof that work to critical infrastructure is properly planned, approved and managed (A.K.A. Change Management compliance). We always achieved but wanted to over-achieve. Change monitoring relied on highly manual processes, burdensome on employees Complete population of changes could not be adequately validated; auditors could only sample change tickets, not actual changes Reliance upon policies, procedures, training and noble intent of all IT workers; without sufficient closed loop validation of expected changes Staff concerns Why are we doing this? We really don t have time to fit anymore work into our days. The fear of compliance is of concern to each individual; everyone wants to succeed. What s the problem? 4
5 Specific business requirements of MISO Ability to conduct File Integrity Monitoring (FIM) as a replacement solution for SSAE monitoring of application files Run FIM in parallel with old solution as a validation cycle New solution must scale beyond FIM, Configuration Monitoring and Policy Management to address NERC CIP Shopping for a solution Evaluated three vendor solutions Evaluated the experience of other ISO s Utilized Gartner experience analyst research, and IT industry measurements (Magic Quadrant vendor comparisons) Chose Tripwire as a best in class product and service provider Why Tripwire? 5
6 Tripwire s foundation DETECT leading indicators of breach; leads to early incident detection. PROTECT systems using pragmatic approach; SANS critical security controls CONNECT security to the business, make it: (1) visible, (2) actionable, (3) measurable. Gained the ability to translate Technical Risk into Overall Security Intelligence Why Tripwire? 6
7 2012 Ran parallel of old solution against Tripwire for SSAE 16 scope Limited monitoring to application code and database changes (Began 4/1/2013) Rolled into production 10/01/2012 COMPLETE BUSINESS VALUE (1) Removed manual reporting process using a tool that was not fit for purpose (ESM) (2) Became more efficient (3) Satisfied Internal Audit and Board of Director concerns surrounding insufficient monitoring of actual environment changes, not just change tickets (4) Validated the decision that Tripwire was the right vendor for our solution, based on it s capability and specialty being directly focused on this business issue Implementation Roadmap 7
8 2013 Expand change monitoring capabilities across systems governed by NERC CIP requirements (expands beyond applications and databases; move into monitoring infrastructure changes that we will be doing for the first time) COMPLETE BUSINESS VALUE (1) Expanded production monitoring across all NERC CIP devices (2) Developed automation to validate discovered changes against validate, approved change tickets (3) BONUS: used new capability to automate the review of database table changes (4) *** Achieved a platform upon which to grow future configuration monitoring, especially security configuration monitoring which is business critical and NERC CIP regulated Implementation Roadmap 8
9 Decentralize process support; move outwards from the Change Management team and institutionalize operational support of this across all IT stakeholders COMPLETE Drive increased transparency and ownership of change management responsibility COMPLETE Consider utilizing Tripwire on corporate infrastructure FUTURE BUSINESS VALUE (1) Implemented full-loop reporting of unauthorized changes to change owners (2) Allowed for process improvement as monitoring rules are refined (3) Attained the capability to discover, capture, report and mitigate risks of changes with adverse impacts to the reliability of our critical business functions Implementation Roadmap 9
10 Enabled support of future NERC CIP V5 R010 Configuration Management requirement Automated management of NERC CIP policy monitoring rules (i.e. CIP 007 nr2 Ports and Services) Ability for a tool to define approved baselines Ability to monitor baseline configuration drift for each change to production systems (Includes processes to mitigate, back out or correct documentation errors) Ability to manage changes to baselines [Change Management] Easy extract of data to prove compliance Looking forward 10
11 Enabled support of future NERC CIP V5 R010 Configuration Management requirement Automated management of NERC CIP policy monitoring rules (i.e. CIP 007 nr2 Ports and Services) Ability for a tool to define approved baselines Ability to monitor baseline configuration drift for each change to production systems (Includes processes to mitigate, back out or correct documentation errors) Ability to manage changes to baselines [Change Management] Easy extract of data to prove compliance Looking forward 11
12 How do we do this?
13 Understand the now
14 MISO s Approach
15 Develop a sustainable process solution to manage baseline security configuration data Six Sigma approach Kaizen Implement a new baseline security configuration management process across all devices in the ESP Short term
16 Create a foundation that can be used for future expansion of configuration management activities Link short term and long term: engage the team to realize configuration management best practices IT Service Transformation Long term
17 Kaizen + IT Service Transformation Comprehensive approach
18 Questions 18
TRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationEffective Use of Assessments for Cyber Security Risk Mitigation
White Paper Effective Use of Assessments for Cyber Security Risk Mitigation Executive Summary Managing risk related to cyber security vulnerabilities is a requirement for today s modern systems that use
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationHow To Write A Cyber Security Checkout On A Nerc Webinar
AS WE PREPARE FOR OUR WEBINAR Thanks to each of you for taking the time to participate in our Webinar today, which will provide extensive insight into what is required to address the Version 5 NERC Cyber
More informationJenifer Vallace Associate Cyber Security Analyst. Best User Reporting Practices September 24, 2013 CIP 101
Jenifer Vallace Associate Cyber Security Analyst Best User Reporting Practices September 24, 2013 CIP 101 Agenda What s needed when filling out: Self Reports (SR) Self Certifications (SC) Mitigation Plans
More informationAssessing Your Information Technology Organization
Assessing Your Information Technology Organization Are you running it like a business? By: James Murray, Partner Trey Robinson, Director Copyright 2009 by ScottMadden, Inc. All rights reserved. Assessing
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationMISO Annual Compliance Program Update
MISO Annual Compliance Program Update Corporate Governance & Strategic Planning Committee April 2013 Presented by Lori A. Spence 0 Table of Contents TOPIC SLIDES General Board Obligations 2 Board Compliance
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationCIP-010-1 R1 & R2: Configuration Change Management
CIP-010-1 R1 & R2: Configuration Change Management June 3, 2014 Steven Keller Lead Compliance Specialist - CIP skeller.re@spp.org 501.688.1633 Outline What is CIP-010-1? How it is different from CIP-003-3
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationEnabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal
SOLUTION BRIEF Enabling Continuous PCI DSS Compliance Achieving Consistent PCI Requirement 1 Adherence Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa
More informationWHITE PAPER. Meeting the True Intent of File Integrity Monitoring
WHITE PAPER Meeting the True Intent of File Integrity Monitoring Introduction The term file integrity monitoring, or FIM, popped up back in 2001 when the VISA started working on a security specification
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationProving Control of the Infrastructure
WHITE paper The need for independent detective controls within Change/Configuration Management page 2 page 3 page 4 page 6 page 7 Getting Control The Control Triad: Preventive, Detective and Corrective
More informationMuscle to Protect Your Grid July 2009. Sustainable and Cost-effective Muscle to Protect Your Grid
July 2009 Sustainable and Cost-effective Muscle to Protect Your Grid Page 2 Ensuring the reliability of the North American power grid is no small task and one that continues to grow in complexity on a
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationFinding The PPM Sweet Spot
Finding The PPM Sweet Spot How the Cloud and a Top Down Approach Can Help Drive Project Portfolio Value Featured Presenter: Daniel Stang Research Director Welcome! Thank you for joining us. A few things
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationRegulatory Compliance Management for Energy and Utilities
Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationLeveraging Regulatory Compliance to Improve Cyber Security
Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Brian Irish, Cyber Security Assurance Manager Salt River Project LEVERAGING REGULATORY
More informationCorporate performance management as a new way in directing companies
Acta Montanistica Slovaca Ročník 11 (2006), číslo 4, 278-282 Corporate performance management as a new way in directing companies Jozef Mihok 1 a Jaroslava Vidová Korporácia riadenia manažmentu a nová
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationCloud Computing. Key Initiative Overview
David W. Cearley Research Vice President and Gartner Fellow This overview provides a high-level description of the Cloud Computing Key Initiative. IT leaders can use this guide to understand what they
More informationSAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT
SAM Benefits Overview SAM SAM is critical to managing an IT environment because effectiveness is seriously compromised when an organization doesn t know what software assets it has, where they are located,
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationITIL V3: Making Business Services Serve the Business
ITIL V3: Making Business Services Serve the Business An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for ASG October 2008 IT Management Research, Industry Analysis, and Consulting Table
More informationDesigning & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012
Designing & Implementing Enterprise Security Programs MBA Bank Expo 2012 April 11, 2012 Session Purpose G R O U P Premise: Security is institutionalized, but the enterprise is evolving. the enterprise
More informationCity of Palo Alto (ID # 1521) Finance Committee Staff Report
City of Palo Alto Finance Committee Staff Report Report Type: Meeting Date: 4/19/2011 Summary Title: SAP Enterprise Resource Planning Assessment Title: Post-Implementation SAP Enterprise Resource Planning
More informationSecuring Your Business with Managed File Transfer
Why FTP/SFTP Solutions Are No Longer a Viable Option www.stonebranch.com Executive Summary This white paper sets out to explain the importance of a Managed File Transfer solution implementation within
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationEVOLVING THE PROJECT MANAGEMENT OFFICE: A COMPETENCY CONTINUUM
EVOLVING THE PROJECT MANAGEMENT OFFICE: A COMPETENCY CONTINUUM Gerard M. Hill Many organizations today have recognized the need for a project management office (PMO) to achieve project management oversight,
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationApplication Overhaul. Key Initiative Overview
Scott D. Nelson Research Managing Vice President This overview provides a high-level description of the Application Overhaul Key Initiative. IT leaders can use this guide to understand how to develop an
More informationLessons Learned CIP Reliability Standards
Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationSix Drivers For Cloud Business Growth Efficiency
Behind Every Cloud, There s a Reason Analyzing the Six Possible Business and Technology Drivers for Going Cloud CONTENTS Executive Summary Six Drivers for Going Cloud Business Growth Efficiency Experience
More informationHarness Enterprise Risks With Oracle Governance, Risk and Compliance
Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming
More informationStrategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges
More informationERP. Key Initiative Overview
Jeff Woods Research Managing Vice President This overview provides a high-level description of the ERP Key Initiative. IT leaders can use this overview to better understand what they need to do to prepare
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More informationNew InfoSec Leader The First 90 Days. John Bruce CEO
New InfoSec Leader The First 90 Days John Bruce CEO Agenda Introduction Co3 Systems Role of the CISO Three critical changes Suggestions Page 2 of 39 The next challenge in security PRODUCTS PREVENTION DETECTION
More informationRoadmaps to Securing Industrial Control Systems
Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationRecommendation for IT Governance Using the COBIT 4.1 Framework
Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January
More informationQA Engagement Models. Managed / Integrated Test Center A Case Study
1 QA Engagement Models Managed / Integrated Test Center A Case Study 2 Today s Agenda» Background» Overview of QA Engagement Models MTC & ITC» The Journey to Steady State» Transition Approach» Challenges
More informationGartner delivers the technology-related insight necessary for our clients to make the right decisions, every day.
Gartner s Value for Higher Education Clients Georgia Institute of Technology Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day. Allison Weil,
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationCredit Granting and Underwriting Commercial Markets & Corporate and Asset Backed Lending Final Audit Report Report Nr.
Credit Granting and Underwriting Commercial Markets & Corporate and Asset Backed Lending Final Audit Report Report Nr. 7/12 July 4, 2012 Distribution: To: CC: President & CEO Senior Vice President & Chief
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationNotable Changes to NERC Reliability Standard CIP-010-3
C L AR I T Y AS S U R AN C E R E S U LT S M I D W E S T R E LIAB I L I T Y ORGAN I Z AT I ON Notable Changes to NERC Reliability Standard CIP-010-3 Cyber Security Configuration Change Management and Vulnerability
More informationDemonstrating the ROI for SIEM: Tales from the Trenches
Whitepaper Demonstrating the ROI for SIEM: Tales from the Trenches Research 018-101409-01 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters:
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationLeveraging Network and Vulnerability metrics Using RedSeal
SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationCreating a Service-Oriented IT Organization through ITIL
Creating a Service-Oriented IT Organization through ITIL Glenn O Donnell EMC Corporation 1 Creating a Service-Oriented IT Organization through ITIL What is ITIL and Why is it So Popular? ITIL s Impact
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationAirports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions
Airports and their SCADA Systems Dr Leigh Armistead, CISSP Peregrine Technical Solutions What We May Face For an attack to be successful it only has to cause disruption not loss of life to a significant
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationFileNet and SharePoint Better Together. Tom Moen Channel Development Manager
FileNet and SharePoint Better Together Tom Moen Channel Development Manager Agenda Introductions Who is FileNet Why FileNet ECM Content Process Connectivity SharePoint Integration FileNet $500 million
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationCYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE
CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT
More informationTyson Jarrett CIP Enforcement Analyst. Best Practices for Security Patch Management October 24, 2013 Anaheim, CA
Tyson Jarrett CIP Enforcement Analyst Best Practices for Security Patch Management October 24, 2013 Anaheim, CA A little about me Graduated from the University of Utah with a Masters in Information Systems
More informationProtect Your Universe with ArcSight
Protect Your Universe with ArcSight The ArcSight SIEM Platform: Prevent Data Theft Enforce Compliance Defeat Cybercrime Before ArcSight, it was difficult to know in realtime what was happening from an
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationOverview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015
Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source
More informationTECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR
TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR (BUY VS BUILD) APRIL 17, 2015 LEVERAGING TECHNOLOGY FOR AUDIT Utilizing Software to Administrate Audit Process 40% 35% 30% 37% Tools Leveraged 32% 36% Yes
More informationSelect the right configuration management database to establish a platform for effective service management.
Service management solutions Buyer s guide: purchasing criteria Select the right configuration management database to establish a platform for effective service management. All business activities rely
More informationReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE
R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence
More informationSecurity Incident Response Process. Category: Information Security and Privacy. The Commonwealth of Pennsylvania
Security Incident Response Process Category: Information Security and Privacy The Commonwealth of Pennsylvania Executive Summary The Commonwealth of Pennsylvania is a trusted steward of citizen information.
More information7Seven Things You Need to Know About Long-Term Document Storage and Compliance
7Seven Things You Need to Know About Long-Term Document Storage and Compliance Who Is Westbrook? Westbrook Technologies, based in Branford on the Connecticut coastline, is an innovative software company
More informationEMA CMDB Assessment Service
The Promise of the CMDB The Configuration Management Database (CMDB) provides a common trusted source for all IT data used by the business and promises to improve IT operational efficiency and increase
More informationSTATE OF ARIZONA Department of Revenue
STATE OF ARIZONA Department of Revenue Douglas A. Ducey Governor September 25, 2015 David Raber Director Debra K. Davenport, CPA Auditor General Office of the Auditor General 2910 North 44 th Street, Suite
More informationChoosing the Right ERP Solution:
Choosing the Right ERP Solution: 3 CRITERIA FOR SUCCESS Table of Contents 1 2 Who We Are 3 The Key to Better Business Performance 4 ERP as the Focal Point of Your Business 5 Why Some ERP Solutions Fail
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationChange and Configuration Management
Change and Configuration Management for CIP Compliance OCTOBER 21, 2009 Developed with: Presenters Bart Thielbar, CISA Senior Research hanalyst Sierra Energy Group, a Division of Energy Central CIP-003,
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationHow an investment bank used capacity management to discover and exploit the hidden value of unused resources
Capacity Management Key Facts Large European Investment Banks using the Data Synapse application Complex grid-computing infrastructure calculating bond rate position & derivatives Growth rate of 800 servers
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission system operations
More informationSolving IT systems management and service management challenges with help of IBM Tivoli Overview
Solving IT systems management and service management challenges with help of IBM Tivoli Overview Ēriks Miķelsons Tivoli Product Sales Manager Baltic Countries October 10, 2007 Vilnius Innovation is the
More information9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania
Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationInternal audit value optimization for insurance organizations
Internal audit value optimization for insurance organizations Webinar May 13, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationISE Northeast Executive Forum and Awards
ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More information