Cyber Security & Compliance Briefing



Similar documents
ICS Cyber Security Briefing

The Next Generation of Security Leaders

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Goals. Understanding security testing

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Domain 1 The Process of Auditing Information Systems

How To Protect Your Network From Attack From A Network Security Threat

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

NERC CIP Compliance with Security Professional Services

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Information Security Specialist Training on the Basis of ISO/IEC 27002

Cyber Security and Privacy - Program 183

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Cyber Security for NERC CIP Version 5 Compliance

The PNC Financial Services Group, Inc. Business Continuity Program

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

2014 NABRICO Conference

Peregrine Technical Solutions, LLC

Logging In: Auditing Cybersecurity in an Unsecure World

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

The Protection Mission a constant endeavor

Integrated Governance, Risk and Compliance (igrc) Approach

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Alcatel-Lucent Services

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Domain 5 Information Security Governance and Risk Management

NERC CIP Tools and Techniques

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Code of Practice for Cyber Security in the Built Environment

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

The PNC Financial Services Group, Inc. Business Continuity Program

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

SECURITY RISK MANAGEMENT

Roles within ITIL V3. Contents

CYBER SECURITY POLICY For Managers of Drinking Water Systems

How To Manage Risk On A Scada System

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE

Solutions and IT services for Oil-Gas & Energy markets

Music Recording Studio Security Program Security Assessment Version 1.1

Summary of CIP Version 5 Standards

SafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Update On Smart Grid Cyber Security

future data and infrastructure

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Which cybersecurity standard is most relevant for a water utility?

Penetration testing & Ethical Hacking. Security Week 2014

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

SECURITY CONSIDERATIONS FOR LAW FIRMS

Network & Information Security Policy

Regulatory Compliance Management for Energy and Utilities

Tait Support Agreement. Assured network communications. Service Description

Are you prepared to be next? Invensys Cyber Security

External Supplier Control Requirements

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Cybersecurity: What CFO s Need to Know

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

The Importance of IT Controls to Sarbanes-Oxley Compliance

Understanding the Security Vendor Landscape Using the Cyber Defense Matrix

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

JOB DESCRIPTION CONTRACTUAL POSITION

Department of Management Services. Request for Information

Cybersecurity The role of Internal Audit

Information System Audit Guide

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Information Blue Valley Schools FEBRUARY 2015

SCADA Security Training

Bellevue University Cybersecurity Programs & Courses

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Case Study: Hiring a licensed Security Provider

Healthcare and IT Working Together KY HFMA Spring Institute

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

How RSA has helped EMC to secure its Virtual Infrastructure

Patching & Malicious Software Prevention CIP-007 R3 & R4

Information Technology Cluster

Security for NG9-1-1 SYSTEMS

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

Transcription:

Cyber Security & Compliance Briefing

Cyber Security Offerings & Capabilities Overview Full service cyber security and compliance offerings in North America and international power markets: controls and consulting Provide both end-to-end technical and administrative solutions or specific security components Security embedded with other HPI product lines, as a standalone or in packages.

Cyber Security Offerings & Capabilities (cont.) Select Key Services Assessment and Risk Benchmarking Systems and network risk assessments Cyber vulnerability assessments Standards-based mock audits Compliance applicability assessments Internal control program effectiveness review Mitigation & Security Design Security Architecting Operations network security upgrade Remediation and recovery planning Detailed security engineering Compliance mitigation plans Compliance filings with government agencies Compliance program design and implementation Implementation & Monitoring Security system conversion Hardware and software monitoring System restoration Corporate Compliance program implementation Installation of GRC software and configuration for monitoring Compliance-as-a-service

About John Ballentine Industry service includes: John Ballentine Director of Cyber Security & Compliance Assists HPI customers by reducing their cyber security risk in industrial control system environments. Develops programs that identify, manage and mitigate compliance and regulatory risks. Board of Director of North America Generator Forum (NAGF) US Department of Homeland Security- Cyber Emergency Response Team Graduated from US FBI Compliance Academy Who is John Ballentine? Over 20 years of experience in the energy industry, including corporate and consulting roles managing cyber security and regulatory compliance at power generation facilities in North America. CSSA Certified SCADA Security Architect CISSP Certified Information Systems Security Professional CISA Certified Information Security Auditor CCEP Certified Compliance and Ethics Professional GLEG Certified Information Law Specialist

Cyber Security and Compliance Strategy Market Development Plan Focus on security as a unique product and as an enhancer to HPI full product line Ensure clients have onestop-shop for all matters on both security and compliance in both consulting and controls Create and capture unique position as only international asset operator with strong security product line North America cyber market is regulated and mandatory with new compliance deadlines (2015-2017) Growth in key areas: Direct sales to end users Partnering with hardware and software companies

Key Strengths Customized services portfolio Utilize deep controls experience and technical product capabilities. Assess existing systemsdetermine level of security risk in operational networks (ICS). Document policies and procedures- test adequacy of administrative controls to reduce cyber risk. Train personnel and contractors- ensure operational expenses are being optimally utilized. Segment the control network- ensure security is properly compartmentalized. Control system accessutilize sophisticated access and encryption technologies to prevent intrusions. Harden system componentsembed security functionality at the core component functionality level with current controls capabilities. Monitor and maintain system security- keep customers in constant state of security status awareness and respond to incidents as they occur.

Key Strengths (cont.) Optimize Resources Differentiation Product line leader in US and EU security marketplace with prominent position as trusted service provider Personnel with deep controls experience that translates well into security embedded solutions Trained sales and marketing staff that can market to technical and financial buyers of security products Only vendor that has experience in EPC, controls, operations compliance and cyber security. Other providers are typically consultants with limited understanding of security (as a function of IT) and controls (as a function of asset management).

The HPI Advantage HPI LLC Proprietary Information

HPI Security Approach: Prevent, Detect & Recover Whether you need a full compliance or security solution, or are preparing for an audit or internal control review, HPI s experience as operators will maximize your return on investment. Prevention Detection & Notification Recovery & Restoration People- trained and alert Technologymanaging systems Processesmitigating risks Network access monitoring Anomaly detection Active intrusion monitoring Back-up restoration management Annual compliance testing

HPI Cyber Security & Compliance Service Offerings There IS a starting and end point to get your company optimized to face the threats and reduce the likelihood of interrupting your business: Assessment and Risk Benchmarking Mitigation and Design Services Implementation and Monitoring Cyber Security Systems and Network Risk Assessment; Cyber Vulnerability Assessment (NERC CVA); Standards-based Audits Security Architecture; Operations Network Security Upgrade; Remediation and recovery Plans Security System Conversion; Hardware and Software Monitoring; System Restoration Compliance Applicability Assessments; Controls and Policies Reviews; Mock Audits Compliance Mitigation Plans; Compliance Filings with Govt Agencies; Overall Compliance Program Design Corp Compliance Program Implementation; Install GRC Software and Configure for Monitoring; Compliance-as-a-Service

Keys to Securing Your Operations Technology Assess existing systems, and document policies and procedures. Train personnel and contractors. Segment the control network, and control system access. Harden system components. Monitor and maintain system security.

Cyber Security Vulnerability Assessment Expert analysis of control system to identify actual and potential security vulnerabilities Network architecture diagrams Network component and host device configurations Access control strategies Software and firmware versions Policies and procedures

Implementation Phase HPI LLC Proprietary Information

Bridging the ICS Security Specialization Skill Gap IT Professionals Cyber security professionals Control system professionals Many organizations substitute Information Technology/Network Specialists for Information Security Specialists. Control System Cyber Security Professionals Most IT/Network personnel possess few of the security skills needed to harden a network. Even less have the capability to secure an ICS network. HPI has cyber security skills in the energy industry ICS- the rarest and most sought after skill set in the industry.

The HPI Differentiator Why work with us? HPI customers must be secure so that they can focus on their core business of efficiently producing power to the grid. - Hal Pontez, HPI President & CEO HPI designs, builds, operates, controls, maintains and repairs HPI designs, builds, operates, controls, maintains and repairs power generation facilities- its in our DNA. power generation facilities it s in our DNA. Generic security consultants cannot cannot match match our our comprehensive comprehensive understanding of of how how those those areas areas link link together together and and form form an an aligned aligned approach. approach. Unlike vendors that sell newfangled technology solutions solutions or or prepackaged pre-packaged systems systems, HPI, HPI customizes customizes security security solutions at at significantly significantly reduces risk. risk. Every area of HPI is completely aligned to the cyber security challenge Every area as of the HPI key is completely to protecting aligned our to client s the cyber assets. security challenge as the key to protecting our client s assets.

Contact Us www.hpienergy.com OFFICE: 713.457.7500 CELL: 512. 705.7242 EMAIL: JBALLENTINE@HPI-LLC.COM https://www.facebook.com/hpillc @hpienergy https://www.linkedin.com/company/hpi-llc/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information