C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance

Size: px
Start display at page:

Download "C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance"

Transcription

1 C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance June 18, 2015

2 Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity Committee Chair

3 Cybersecurity Committee The SGIP Cybersecurity Committee is collaborative forum that develops resources that smart grid stakeholders can leverage to help understand and manage cybersecurity risk. Cybersecurity is a critical, crosscutting issue for the Smart Grid

4 Update: Cybersecurity Task Force The Cybersecurity Task Force is developing a case study highlighting how different utilities have implemented various voluntary cybersecurity frameworks including results, benefits, and key lessons learned. Next Task Force virtual meeting: Tuesday, June 23 at 10 AM Eastern To learn more contact: and

5 Christopher S. Taylor, is currently a senior Engineering Analyst for Southern Company s IT Security Team.

6 Agenda NIST Cybersecurity Framework and Implementation Guidance C2M2 Overview Southern s C2M2 to NIST Framework Tool Comparative Analysis

7 NIST Cybersecurity Framework

8 NIST Cyber Security Framework Developed in response to Executive Order Calls for development of a voluntary Cybersecurity Framework Framework provides a prioritized, flexible, repeatable, performancebased, and cost effective approach to manage cybersecurity risk The Framework is composed of 3 parts Framework Core Framework Implementation Tiers Framework Profile In January 2015, DOE released the Energy Sector s Cybersecurity Framework Implementation Guidance C2M2 is DOE s recommended implementation tool

9 Cybersecurity Framework Implementation Guidance Provides standard approach aligned with Framework s 7-step process Create a Target Profile Prioritize and Scope Orient Determine, Analyze, Prioritize Gaps Create a Current Profile Implement Action Plan Conduct a Risk Assessment Advocates use of C2M2 to implement Framework because: Widespread use Supports Benchmarking Sector-specific guidance Descriptive guidance C2M2 mapped to Framework Self-evaluation toolkit

10 C2M2 Overview

11 C2M2 Overview ES-C2M2 is a DOE developed tool that helps organizations evaluate, prioritize, and improve cybersecurity capabilities Maturity Model Definition: An organized way to identify competencies and areas of improvement C2M2 is used to evaluate business unit s practices, processes, and procedures

12 Risk Management Asset, Change and Configuration Management Identity and Access Management Threat and Vulnerability Management Situational Awareness Information Sharing and Communications Event and Incident Response, Continuity of Operations Supply Chain and External Dependencies Management Workforce Management Cyberseacurity Program Management Maturity Indicator Levels C2M2 Components 3 Managed 2 Performed 1 Initiated 0 Not Performed 4 Maturity Indicator Levels: Defined progressions of practices Each cell contains the defining practices for the domain at that maturity indicator level 10 Model Domains: Logical groupings of cyber security practices

13 Sample C2M2 Evaluation Results The C2M2 Toolkit generates a graphical summary of the results divided by C2M2 domain and MIL level Detailed results and analysis are also provided for each domain

14 Southern s C2M2 to NIST Framework Tool

15 Categories Subcategories Informative References C2M2 to NIST Framework Mapping DOE s Implementation Guidance mapped C2M2 practices to NIST s Framework Core and Implementation Tier CSF Core C2M2 CSF Tiers C2M2 CSF Functions CSF Tiers IDENTIFY PROTECT DETECT RESPOND RECOVER Tier 1: Partial Tier 2: Risk Informed Tier 3: Repeatable Tier 4: Adaptive

16 Automating the C2M2 to NIST Process Current Implementation of Framework using C2M2 C2M2 toolkit and assessment process provide data required to implement the Framework Implementation guidance maps C2M2 controls to Framework User must then manually extract data from C2M2 toolkit into the Framework The C2M2 to NIST Framework tool automates the rest of the process Automates extraction of data from C2M2 Toolkit and populates the NIST Framework Uses notes section of C2M2 toolkit to develop target profiles Generates tables and charts of Framework Core Generates tables and charts of Framework Implementation Tier

17 IDENTIFY Sample C2M2 to NIST Framework Tool Output Functio C2M2 Profiles Function Category Subcategory n MIL Practice Current Target Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization s risk strategy. ID.AM-1: Physical devices and systems within the organization are inventoried ID.AM-2: Software platforms and applications within the organization are inventoried NIST Framework s 7 Steps Prioritize and Scope Orient Create a Current Profile Conduct a Risk Assessment ACM-1a ACM-1c ACM-1e ACM-1f ACM-1a ACM-1c ACM-1e ACM-1f FI FI LI PI FI FI LI PI Create a Target Profile C2M2 Activity C2M2 Activity C2M2 Activity C2M2 Activity C2M2 Activity C2M2 Activity C2M2 Activity C2M2 Activity Determine, Analyze, Prioritize Gaps Implement Action Plan Gaps C2M2 Notes C2M2 Notes C2M2 Notes C2M2 Notes C2M2 Notes C2M2 Notes C2M2 Notes C2M2 Notes

18 Sample NIST Framework Function Results MIL 1 MIL 2 MIL 3 TOTALS Identify Protect Detect Respond Recover Fully Implemented Largely Implemented Partially Implemented Not Implemented Subtotals: Fully Implemented Largely Implemented Partially Implemented Not Implemented Subtotals: Fully Implemented Largely Implemented Partially Implemented Not Implemented Subtotals: Fully Implemented Largely Implemented Partially Implemented Not Implemented Subtotals: Fully Implemented Largely Implemented Partially Implemented Not Implemented Subtotals: TOTALS The Framework Core Provides a set of activities to achieve specific cybersecurity outcomes and references examples of guidance to achieve those outcomes NIST Framework Results by Function

19 Sample NIST Framework Implementation Tier Results Tier 1 (Partial) Tier 2 ( Risk Informed) Tier 3 (Repeatable) Tier 4 (Adaptive) Fully Implemented Largely Implemented Partially Implemented Not Implemented Totals The Implementation Tiers Provides context on how an organization views cybersecurity risk and the processes in place to manage risk.

20 Displaying the CSF Results by Function Option 1: Map C2M2 by NIST CSF Function and MILs Leverages C2M2 Scoring Criteria (Partial Credit) Preserves MIL Levels to understand complexity of mitigation efforts Many-to-Many relationships so must determine whether to remove duplicates NIST Framework by Function and MIL NIST Framework by Function and MIL (No Duplicates)

21 Displaying the CSF Results by Function Option 2: Map C2M2 by NIST CSF Function but remove MILs Leverages C2M2 Scoring Criteria (Partial Credit) Removes MILs to conform to NIST CSF s flat architecture Many-to-Many relationships so must determine whether to remove duplicates NIST Framework by Function NIST Framework by Function (No Duplicates)

22 Displaying the CSF Results by Function Option 3: Map C2M2 by NIST CSF Function but remove MILs and Partial Credit Removes C2M2 Scoring Criteria (Partial Credit) to achieve complete or not complete Removes MILs to conform to NIST CSF s flat architecture Many-to-Many relationships so must determine whether to remove duplicates NIST Framework by Function NIST Framework by Function (No Duplicates)

23 Displaying the CSF Results by Function Option 4: Map C2M2 by NIST CSF Function and Category Determines average score for each subcategory and rounds down Must determine whether to preserve partial credit NIST Framework by Function and Category NIST Framework by Function and Category (No Duplicates)

24 Displaying the CSF Results by Tier Map C2M2 by NIST CSF Tier Many-to-Many relationships so must determine whether to remove duplicates Must determine whether to preserve partial credit NIST Framework by Tier NIST Framework by Tier (No Duplicates) Partial Credit No Partial Credit Partial Credit No Partial Credit

25 C2M2 to NIST Toolkit: Comparative Analysis

26 Comparative Analysis: Sortable Results Survey Reponses Per Question Ordered By Domain/Objective/Practice Sort: Domain/Obj/ Practice Sort: Domain/MIL/ Practice Sort: Domain/ Average Score Low to High Sort: Average Score Low to High Sort: Domain/ Average Score High to Low Sort: Average Score High to Low Sort: Standard Deviation Domain Objective MIL Practice C2M2 - Organization 1 C2M2 - Organization 2 C2M2 - Organization 3 C2M2 - Organization 4 Standard Average Deviation Score Score Score Score 01. Risk Management 01. Establish Cyber Security Risk Management 2 RM-1a Strategy FI FI FI FI Risk Management 01. Establish Cyber Security Risk Management 2 RM-1b Strategy FI FI FI FI Risk Management 01. Establish Cyber Security Risk Management 3 RM-1c Strategy FI FI FI FI Risk Management 01. Establish Cyber Security Risk Management 3 RM-1d Strategy FI FI FI FI Risk Management 01. Establish Cyber Security Risk Management 3 RM-1e Strategy FI FI FI FI Risk Management 02. Manage Cyber Security Risk 1 RM-2a FI FI FI FI Risk Management 02. Manage Cyber Security Risk 1 RM-2b FI FI FI FI Risk Management 02. Manage Cyber Security Risk 2 RM-2c LI LI FI FI Risk Management 02. Manage Cyber Security Risk 2 RM-2d FI FI FI FI Risk Management 02. Manage Cyber Security Risk 2 RM-2e FI FI FI FI Risk Management 02. Manage Cyber Security Risk 2 RM-2f FI FI FI FI Risk Management 02. Manage Cyber Security Risk 2 RM-2g FI FI FI FI Risk Management 02. Manage Cyber Security Risk 3 RM-2h FI PI LI FI Risk Management 02. Manage Cyber Security Risk 3 RM-2i FI FI LI FI Risk Management 02. Manage Cyber Security Risk 3 RM-2j FI LI LI FI Risk Management 03. Management Activities 2 RM-3a PI LI FI FI Risk Management 03. Management Activities 2 RM-3b FI FI FI FI Risk Management 03. Management Activities 2 RM-3c FI LI FI LI Risk Management 03. Management Activities 2 RM-3d FI FI FI FI Risk Management 03. Management Activities 3 RM-3e FI LI FI LI Risk Management 03. Management Activities 3 RM-3f PI FI FI FI Risk Management 03. Management Activities 3 RM-3g FI FI FI FI Risk Management 03. Management Activities 3 RM-3h FI LI FI FI Risk Management 03. Management Activities 3 RM-3i FI FI FI FI 3 0 Takes C2M2 input from multiple assessments and puts them in a sortable results table Only focused on C2M2, not the NIST CSF

27 Comparative Analysis: Summary (Avg Scores) Domain Average Score Domain C2M2 - Organization 1 C2M2 - Organization 2 C2M2 - Organization 3 C2M2 - Organization 4 Score Score Score Score Avg Score 01. Risk Management Asset, Change, and Configuration Management Identity and Access Management Threat and Vunerability Management Situational Awareness Information Sharing and Communications Event and Incident Response, Continuity of Operations Supply Chain and External Dependencies Management Workforce Management Cybersecurity Program Management Domain Average Score Creates a summary worksheet of the C2M2 assessment results 1 st section is an average score for each domain by organization assessed

28 Comparative Analysis: Summary (Low Scores) Average (Partial or Less) Practice C2M2 - Organization 1 C2M2 - Organization 2 C2M2 - Organization 3 C2M2 - Organization 4 Score Score Score Score Avg Score TVM-1h TVM-1j TVM-2m EDM-2c CPM-4b IR-3m TVM-1e SA-3b EDM-3a TVM-1d SA-2d SA-2e SA-2f SA-2h SA-3d IR-1g IR-2g IR-2h IR-3f IR-3g EDM-2d EDM-2e EDM-2f EDM-2h EDM-2i EDM-3g WM-1g WM-3g WM-4c WM-4d CPM-1g Domain Average Score 2 nd section is all activities that average Partial or less Only focused on C2M2, not the NIST CSF

29 Comparative Analysis: Summary (Low Scores) Standard Deviation - Top 10 Domain C2M2 - Organization 1 C2M2 - Organization 2 C2M2 - Organization 3 C2M2 - Organization 4 Score Score Score Score Std Deviation ACM-2d PI NI FI FI 1.50 IAM-3a FI NI FI FI 1.50 TVM-3a FI NI FI FI 1.50 TVM-3g FI NI FI FI 1.50 SA-4g FI NI FI FI 1.50 EDM-3d FI NI FI FI 1.50 EDM-3g NI PI NI FI 1.41 IAM-2i FI NI FI LI 1.41 IR-2e PI NI LI FI 1.29 SA-3f PI PI NI FI 1.26 Domain Average Score 3 rd section is the 10 activities with the greatest deviation in responses Only focused on C2M2, not the NIST CSF Ideal for benchmarking and determining why there are differences Possible reasons include: maturity, size, mission, or interpretation of survey questions

30 Proof of Concept Demonstration Demonstrated to DOE that process can be automated Next release of C2M2 toolkit should incorporate new capabilities (ECD 2016) Identify Industry Requirements for Implementing Framework Currently adoption of NIST Framework is a labor-intensive manual process Need to identify requirements to make adopting the Framework practical Automated Tools Standardized Charts Standardized Tables Standardized Reports Comparative Analysis Next Steps Role of Cybersecurity Framework Taskforce? Other Stakeholder Participation DOE, SGIP, NIST, C 3? Mechanism for providing feedback?

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff

More information

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case

More information

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions

More information

National Institute of Standards and Technology Smart Grid Cybersecurity

National Institute of Standards and Technology Smart Grid Cybersecurity National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

Risk Management in Practice A Guide for the Electric Sector

Risk Management in Practice A Guide for the Electric Sector Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

NIST Cybersecurity Framework. ARC World Industry Forum 2014

NIST Cybersecurity Framework. ARC World Industry Forum 2014 NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2014 ISACA Pittsburgh Information Security Awareness Day Victoria Yan

More information

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 8 April 2015 cyberframework@nist.gov Agenda Mission of NIST Cybersecurity at NIST Cybersecurity Framework

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) FACILITATOR GUIDE

CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) FACILITATOR GUIDE CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) FACILITATOR GUIDE Version 1.1 February 2014 TABLE OF CONTENTS Acknowledgments... iii 1. Introduction... 1 1.1 Purpose of This Guide... 1 1.2 Intended Audience...

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 Implementing Executive Order 13636 and Presidential Policy Directive 21 2013 2014 Winter Energy Conference November 1, 2013 Bob Kolasky Director, EO-PPD Integrated Task Force Announcement of the EO and

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 NARUC Winter Committee Meeting Committee & Staff Committee on Critical Infrastructure February 15,

More information

Understanding the NIST Cybersecurity Framework September 30, 2014

Understanding the NIST Cybersecurity Framework September 30, 2014 Understanding the NIST Cybersecurity Framework September 30, 2014 Earlier this year the National Institute of Standard and Technology released the Framework for Improving Critical Infrastructure Cybersecurity

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity 18 November 2015 grance@nist.gov cyberframework@nist.gov National Institute of Standards and Technology About NIST NIST s mission is to develop

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Applying IBM Security solutions to the NIST Cybersecurity Framework

Applying IBM Security solutions to the NIST Cybersecurity Framework IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined

More information

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity

More information

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014 Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to

More information

NIST Cybersecurity Framework What It Means for Energy Companies

NIST Cybersecurity Framework What It Means for Energy Companies Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber

More information

Implementing a Framework

Implementing a Framework Implementing a Framework 44th Tennessee Higher Education Information Technology Symposium 2015 Greg Jackson Cyber Security Analyst Dynetics Inc. Information Systems Assessment Services (ISAS) www.dynetics.com

More information

Applying Framework to Mobile & BYOD

Applying Framework to Mobile & BYOD Applying Framework to Mobile & BYOD Framework for Improving Critical Infrastructure Cybersecurity National Association of Attorneys General Southern Region Meeting 13 March 2015 cyberframework@nist.gov

More information

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS 1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS Synopsis SPSP Project Overview Phase I Summary Phase

More information

Building Security In:

Building Security In: #CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me

More information

DOE Cyber Security Policy Perspectives

DOE Cyber Security Policy Perspectives DOE Cyber Security Policy Perspectives Mike Smith Senior Cyber Policy Advisor to the Assistant Secretary Department of Energy Overview of DOE Cybersecurity Priorities Protecting the DOE Enterprise from

More information

Implementing the U.S. Cybersecurity Framework at Intel A Case Study

Implementing the U.S. Cybersecurity Framework at Intel A Case Study SESSION ID: STR-W01 Implementing the U.S. Cybersecurity Framework at Intel A Case Study Tim Casey Senior Strategic Risk Analyst Intel Information Security @timcaseycyber How would you represent your entire

More information

Collaborative, Standards-Based Approaches to Improving Cybersecurity

Collaborative, Standards-Based Approaches to Improving Cybersecurity Collaborative, Standards-Based Approaches to Improving Cybersecurity ISACA-NCAC Annual Meeting May 24, 2016 Kevin Stine Kevin.Stine@nist.gov National Institute of Standards and Technology (NIST) About

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3

More information

Happy First Anniversary NIST Cybersecurity Framework:

Happy First Anniversary NIST Cybersecurity Framework: Happy First Anniversary NIST Cybersecurity Framework: We ve Hardly Known Ya Chad Stowe, CISSP, CISA, MBA Who is your organization on Cybersecurity? Problem Statement Management has not been given the correct

More information

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1 Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds

More information

Modeling and Simulation (M&S) for Homeland Security

Modeling and Simulation (M&S) for Homeland Security Modeling and Simulation (M&S) for Homeland Security Dr. Charles Hutchings Deputy Director, Modeling and Simulation Test and Standards Division Science and Technology Directorate June 23, 2008 Outline How

More information

Water Sector Approach to Cybersecurity Risk Management

Water Sector Approach to Cybersecurity Risk Management Water Sector Approach to Cybersecurity Risk Management Wasser Berlin International March 24, 2015 Copyright 2015 American Water Works Association Cyber Threats are Real Director of National Intelligence

More information

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November

More information

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response February 2015 DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response Cyber Security Advisor Program Office of Cybersecurity & Communications National Protection

More information

Critical Manufacturing Cybersecurity Framework Implementation Guidance

Critical Manufacturing Cybersecurity Framework Implementation Guidance F Critical Manufacturing Cybersecurity Framework Implementation Guidance i Foreword The National Institute of Standards and Technology (NIST) released the 2014 Framework for Improving Critical Infrastructure

More information

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity January 2016 cyberframework@nist.gov Improving Critical Infrastructure Cybersecurity It is the policy of the United States to enhance the security

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

CIS Response to NIST RFI for the Cybersecurity Framework. Introduction

CIS Response to NIST RFI for the Cybersecurity Framework. Introduction Introduction The (CIS) hereby submits this response to the National Institute of Standards and Technology (NIST) Request for Information (RFI) pursuant to the notice published in the Federal Register on

More information

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User Valarie Burks Deputy Chief Information Officer, IT Security Division National Aeronautics and Space Administration (NASA) Agenda

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D Eric Lightner Director Federal Smart Grid Task Force July 2015 2 OE Mission The Office of Electricity

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

CONCEPTS IN CYBER SECURITY

CONCEPTS IN CYBER SECURITY CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE

More information

CForum: A Community Driven Solution to Cybersecurity Challenges

CForum: A Community Driven Solution to Cybersecurity Challenges SESSION ID: AST3-R01 CForum: A Community Driven Solution to Cybersecurity Challenges Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Sr. Security Engineer G2, Inc. @thenetworkguy Organizations

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework ) 10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure

More information

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

Continuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012

Continuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012 Monitoring in a Risk Management Framework US Census Bureau Oct 2012 Agenda Drivers for Monitoring What is Monitoring Monitoring in a Risk Management Framework (RMF) RMF Cost Efficiencies RMF Lessons Learned

More information

Cybersecurity@RTD Program Overview and 2015 Outlook

Cybersecurity@RTD Program Overview and 2015 Outlook Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

CRR-NIST CSF Crosswalk 1

CRR-NIST CSF Crosswalk 1 IDENTIFY (ID) Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative

More information

NIST Cybersecurity Framework Manufacturing Implementation

NIST Cybersecurity Framework Manufacturing Implementation NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST

More information

Continuous Monitoring. Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity.

Continuous Monitoring. Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity. Continuous Monitoring Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity. Continuous Monitoring Continuous monitoring of information systems

More information

Business Continuity / Disaster Recovery Context

Business Continuity / Disaster Recovery Context Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal

More information

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Management Model (CERT -RMM), both developed at Carnegie

More information

RSA CYBERSECURITY POVERTY INDEX 2015

RSA CYBERSECURITY POVERTY INDEX 2015 RSA CYBERSECURITY POVERTY INDEX 2015 OVERVIEW Welcome to RSA s inaugural Cybersecurity Poverty Index. The Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed by organizations

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Enterprise Architecture Program

Enterprise Architecture Program IT@UMN Enterprise Architecture Program Guiding Principles 1 Page Enterprise Architecture Guiding Principles Enterprise architecture guiding principles must be considered for all academic and administrative

More information

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the

More information

October 9, 2014. Lyman Terni, Consultant Tim Villano, Chief Technology Officer. Current Awareness of the Cybersecurity Framework

October 9, 2014. Lyman Terni, Consultant Tim Villano, Chief Technology Officer. Current Awareness of the Cybersecurity Framework October 9, 2014 Ascendant Compliance Management is an independent consulting firm assisting Registered Investment Advisers and Broker-Dealers with regulatory compliance. Our firm has an IT Risk Assessment

More information

Challenges in Cybersecurity. Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard

Challenges in Cybersecurity. Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard Challenges in Cybersecurity Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard Agenda National Perspectives & Background WA State Cyber Planning Steady State/Significant

More information

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready?

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready? SESSION ID: GRC-W04 70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready? Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Senior Security Engineer G2, Inc.

More information

Cyber Security. Doug Houseman Doug@Enernex.com. Engineering Consulting Research. Modeling Simulation Security. The Practical Grid Visionaries TM

Cyber Security. Doug Houseman Doug@Enernex.com. Engineering Consulting Research. Modeling Simulation Security. The Practical Grid Visionaries TM Cyber Security Engineering Consulting Research Modeling Simulation Security Doug Houseman Doug@Enernex.com The Practical Grid Visionaries TM Warnings The costs given are based on prior projects They may

More information

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA

NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH Arthur Carter, Frank Barickman, NHTSA Electronic Systems Safety Research Division Electronic Systems Safety (ESS) Research Division conducts research to ensure

More information

Cybersecurity Framework Security Policy Mapping Table

Cybersecurity Framework Security Policy Mapping Table Cybersecurity Framework Security Policy Mapping Table The following table illustrates how specific requirements of the US Cybersecurity Framework [1] are addressed by the ISO 27002 standard and covered

More information

Automation Suite for NIST Cyber Security Framework

Automation Suite for NIST Cyber Security Framework WHITEPAPER NIST Cyber Security Framework Automation Suite for NIST Cyber Security Framework NOVEMBER 2014 Automation Suite for NIST Cyber Security Framework The National Institute of Standards and Technology

More information

ReMilNet Service Experience Overview

ReMilNet Service Experience Overview ReMilNet Service Experience Overview ReMilNet s knowledge across all functional service areas enables us to provide qualified personnel with knowledge across the spectrum of support services. This well

More information

CHAPTER OVERVIEW AND KEY LEARNING POINTS

CHAPTER OVERVIEW AND KEY LEARNING POINTS CHAPTER Integrated Organization- 3 Wide Risk Management TABLE OF CONTENTS Chapter Overview and Key Learning Points... 23 Risk Management... 23 Risk Management and the RMF... 24 Components of Risk Management...

More information

Bringing Data to Life

Bringing Data to Life Bringing Data to Life Presented by Michael Echols REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM DHS Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014 NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Improving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework

Improving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework 1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool 6/9/2016 Tim Segerson, Deputy Director Office of Examination & Insurance FFIEC Cybersecurity Assessment Tool LSCU Cyber Breakout June 17, 2016 Continuing saga of lost sensitive data Every event enhances

More information

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

Agenda: Workforce Development for ICS Security

Agenda: Workforce Development for ICS Security Workforce Development for ICS Security Cross cutting challenge shared by asset owner & supplier Item Spans 1 professional training to simple awareness Item 2 No identified pipeline to recruit from and

More information

Cyber Security Risk Elements. Ben Christensen Senior Compliance Risk Analyst, Cyber Security

Cyber Security Risk Elements. Ben Christensen Senior Compliance Risk Analyst, Cyber Security Cyber Security Risk Elements Ben Christensen Senior Compliance Risk Analyst, Cyber Security 2 Agenda What are Risk Elements? Risk Element Identification How will WECC use Risk Elements? What does this

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles PNNL-24140 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton

More information