NERC CIP Version 5 webinar series “Baseline management”

Slides:

Advertisements

Similar presentations

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Advertisements

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

The online system is an award Winning Online Registration and Management Facility. It is wholly Australian Owned and.

CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.

Automation & Power World 2015 Harnessing the power of change March 2-5, 2015 | Houston, Texas.

PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.

PRODUCT FOCUS 3/3/14 – 3/17/14 INTRODUCTION Our Product Focus for the next two weeks is IBM. The opportunity afforded to us in becoming an Authorized.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.

PROJECT MANAGEMENT PRODUCT FOCUS 2/17/14 – 2/28/14.

CIP Version 5 Update OC Meeting November 7, 2013.

Defense Travel Management Office Office of the Under Secretary of Defense (Personnel and Readiness) Defense Travel Management Office Office of the Under.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Introduction to the Child & Adolescent Needs and Strengths Assessment (CANS) Our Community. Our Kids. Dr. Gary Buff, Ed.D. President and COO.

Great Lakes Loan Servicing NCASFAA Conference September 2011.

Process, Communication, and Certification Padma Venkata

The OECD and electronic records 18June 2001 Head of OECD Archives and Records Management Service Mary-Ann Grosset Organisation for.

November 2009 Network Disaster Recovery October 2014.

The complete resource tool online for the conference, meeting and event industry.

© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Welcome to the Learning Community 2015 Roll out webinar Hosted by the Family Institute for Education, Practice & Research The webinar will begin shortly.

Compliance Monitoring Audit Tutorial Version 1.0 April 2013.

NASAA EFD: Industry Training THURSDAY– FEBRUARY 05, 2015: 2 PM EST Send any questions to

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

1 Texas Regional Entity Report December Performance Highlights ERCOT’s Control Performance Standard (NERC CPS1) score for October – Initial.

Clinical Audit as Evidence for Revalidation Dr David Scott, GMC Associate, Consultant Paediatrician and Clinical Lead for Children’s Services, East Sussex.

Hazards Risk Management Course Revision Project Update George Haddow June 2012.

Engaged with you. SAM Getting Started with your Course in Desire2Learn Fact: 81% of students identify SAM as a key factor in preparing to use the Office.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

© ABB | Slide 1 NERC CIP Version 5 webinar series “Access management and malicious software controls” 10/29/2014 October 29, 2014.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

2013 NPMA Fall Conference Value Through Professional Asset Management ISO 55000: First Steps Jim Dieter. MIAM, CPPM CF November 13, 2013.

Branch Chairs Conference Amanda O’Brien Director of Professional Development Continuing Professional Development 19 November 2010.

A longer version of this Powerpoint presentation, with more slides showing the ILLiad client and workflow, can be viewed at:

Introduction This presentation is intended as an introduction to the audit process for employees of entities being audited by MACD. Please refer to the.

HP OpenView eCare is a fast, efficient way to access always- on, interactive technical support tools needed to manage your business and ensure uptime.

NERC and ESISAC Electricity Sector Information Sharing and Analysis Center Update March 2006 CIPC Confidentiality: Public Release.

Compliance Monitoring and Enforcement Audit Program - The Audit Process.

PATIENT MOVEMENT WORKGROUP October 22, Update on revised standardized bed category document for sending facilities & receiving facilities + piloting.

Tony Purgar June 22,  Background  Portal Update ◦ CIP 002 thru 009 Self Certification Forms  Functional Specific (i.e. BA, RC, TOP – SCC, Other)

1 Texas Regional Entity Report November Performance Highlights  ERCOT’s Control Performance Standard (NERC CPS1) score for September –

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

NASTT’S 2016 NO-DIG SHOW POWERPOINT GUIDELINES JEFF MAIER NASTT’S 2016 NO-DIG SHOW PROGRAM CHAIR JENNIFER GLYNN NASTT’S 2016 NO-DIG SHOW PROGRAM VICE CHAIR.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

“2014 Benchmark Survey Results” 2015 Quality Management Best Practice Series Friday, March 27, 2015.

GPUG Membership Benefits Overview & Orientation By: Bob Buresh GPUG Membership Manager November 19, 2015 Broadcast Live Third Thursday Monthly: Next One.

@NAVUG Housekeeping Organizer will mute all lines during this presentation Use the Questions Box as a means to communicate with the organizer (feel free.

Public Tech Instruction: Internet Safety March 26, 2014.

@NAVUG. Objective: Build User Group Communities through engagement. Vision: Enable partners and their customers to enrich their lives and business success.

MAPIR 5.7 Walk-Through Vermont Medicaid Electronic Health Record (EHR) Incentive Program May 25, 2016.

Filing the 2016 FCC Form 499-A March 10, 2016 Using E-File to Access FCC Form 499-A.

Talks! Acteva: Event Management Made Easy September 17, 2009 Audio is only available by calling this number: Conference Call: ; Access Code:

Financial System Upgrade Agency Change Champion Deployment Session March 16 th, 2006.

Information and Orientation Session

Microsoft Dynamics GP User Group (GPUG®)

ERO Portal Overview & CFR Tool Training

NERC CIP Implementation – Lessons Learned and Path Forward

Session title Sub headline

BUS 519 Possible Is Everything/snaptutorial.com

Understanding Existing Standards:

APW, now ABB Customer World

Cyber System-Centric Approach To Cyber Security and CIP

Your session will begin shortly

Existing Franchisor Example

CFR Enhancement Session

Presentation transcript:

NERC CIP Version 5 webinar series “Baseline management” 10/22/2014 NERC CIP Version 5 webinar series “Baseline management” October 22, 2014

Housekeeping All attendees are automatically in “Mute”. If you have any questions, please type them into the questions panel. This webinar is being recorded and can be found on http://new.abb.com/us/about/nerc-cip-education after the live event. You will get a copy of this presentation in a follow-up email. Please take a few moments at the end of the webinar to answer the survey questions. October 22 2014

About the presenter(s) Joseph Baxter CISSP/CISA/CISM/CGEIT/MCDBA/MCSE:S NERC CIP Lead – HVDC / FACTS joseph.baxter@us.abb.com (919) 807-5077 Before coming to ABB, Joseph Baxter completed several years as a NERC CIP Auditor for the SERC region, with special emphasis on the technical side of cyber security. He has both audited and been audited in the realm of CIP, and brings over fifteen years of Information Security experience gleaned from the Financial Sector to bear on the problems facing Grid Security today. October 22, 2014

Quality evidence Documentation is king Record (get it down) Retrieve (find it fast) Reference (do it once) Report (show it well) Repeat (keep it up) October 22, 2014

The four options (the T’s) Managing risk The four options (the T’s) Tolerate (live with it) Terminate (get rid of it) Transfer (move it) Treat (control it) October 22, 2014

Audience question #1 Regional audits October 22, 2014

Change management (over)simplified Fitting baselines into the picture Trigger High Medium Change Impact CIP-010 R1.4 Impact CIP-002 R1 Baseline CIP-010 R1.1 Change Impact CIP-002 R1 Medium No Change Low High Controls Test CIP-010 R1.5 Update Baseline Documentation CIP-010 R1.3 Accept Authorize CIP-010 R1.2 Document Deny October 22, 2014

Basic baseline management What makes up a baseline OS or Firmware Version Installed Software Version Custom Software Logical Network Ports Security Patch Level October 22, 2014

Baseline drives the process Security Controls Baseline drives the process Most of the requirements start with the same words “For a change that deviates from the existing baseline…” Presupposes extant evidence Requires comparison October 22, 2014

The elements of a baseline Detail required The elements of a baseline Regardless of the media Each Cyber Asset Individually or Group Asset Management System Not Likely Automated October 22, 2014

Time machine Data cube concept Whether by spreadsheets Or by database report Be able to go backward in time and demonstrate a moment in time Three years or from the last audit (or since V.3) Data warehouse October 22, 2014

Audience question #2 CIP consulting October 22, 2014

Programmatic tools to the rescue Versioning systems Programmatic tools to the rescue Developers constantly change files when programming They need the ability to fall back (and reference) previous versions A few possibilities for versioning systems, many others available October 22, 2014

Baseline monitoring Eternal vigilance High Impact BES Cyber Systems only Monitor at least once every 35 days Document and Investigate Show your work October 22, 2014

Change management (over)simplified Fitting baselines into the picture Trigger High Medium Change Impact CIP-010 R1.4 Impact CIP-002 R1 Baseline CIP-010 R1.1 Change Impact CIP-002 R1 Medium No Change Low High Controls Test CIP-010 R1.5 Update Baseline Documentation CIP-010 R1.3 Accept Authorize CIP-010 R1.2 Document Deny October 22, 2014

Additional NERC CIP educational webinars (All webinars are Eastern Time) Change management Wednesday, October 15, 2014 at 2:00 p.m. Learn about change management and the fact that this will be the largest area of recurring effort. You will gain understanding of why Patch Management is not a solution to meet your NERC CIP updates and why Version 3 no longer applies. Register now: https://www1.gotomeeting.com/register/567897657 Baseline management Wednesday, October 22, 2014 at 2:00 p.m. Learn what a baseline and testing are, why automation is key and what is required to meet Version 5 compliance. Register now: https://www1.gotomeeting.com/register/937111497 Cyber asset grouping Thursday, October 23, 2014 at 12:00 p.m. (Power generation specific) Learn process approaches to CIP-002-5.1 R1 as it pertains to BES cyber asset categorization. Register now: https://www1.gotomeeting.com/register/774616816 October 22, 2014

Additional NERC CIP educational webinars (All webinars are Eastern Time) Access management and malicious software controls Wednesday, October 29, 2014 at 2:00 p.m. Learn how to access control fits with CIP-004-5 and why account management is not effortless. Register now: https://www1.gotomeeting.com/register/448008129 Low assets and future CIP versions Wednesday, November 5, 2014 at 2:00 p.m. (Power generation specific) Learn the compliance requirements for entities with low assets and audit worksheets as well as future standard activities. Register now: https://www1.gotomeeting.com/register/872327665 Identification and review of critical transmission assets Wednesday, November 12, 2014 at 2:00 p.m. Learn how to approach the guidelines and criteria highlighted by NERC to fulfill the risk assessment goal. Register now: https://www1.gotomeeting.com/register/639963169 October 22, 2014

Automation & Power World (APW) Power SmartStream Digital Conference Theme: Preparing for the power evolution Date: November 6, 2014 – 11 a.m. – 6 p.m. EST Why should you attend? 25 educational webinars, dozens of scheduled chats and interviews and more than 100 white papers available for download from knowledgeable subject matter experts. Earn Professional Development Hours (PDH) Download an official attendance certificate for every live webinar session you attend to get credit for your learning time No travel or registration costs! Can’t attend the day of? That’s fine. All webinars will be recorded and will be available for on-demand viewing after the live event. Register now: http://bit.ly/SmartStreamPower October 22, 2014

Automation & Power World (APW) LIVE conference – APW 2015 Theme: Harnessing the power of change Date: March 2-5, 2015 in Houston, Texas Location: George R. Brown Convention Center Why should you attend? Listen to interesting and topical keynote presentations Chose from over 300 industry and solution-focused educational sessions and panel discussions Network with ABB experts and your peers Earn Professional Development Hours (PDH) Completely free! Check the website for updates: http://new.abb.com/apw October 22, 2014

Questions? This is the point to review and answer any questions in the panel. If you have a question, please type your question in now. October 22, 2014

Please take a few moments to answer the survey questions. Thank you. October 22, 2014