Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERC CIP Version 5 webinar series “Baseline management”

Published byLinette Madlyn Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "NERC CIP Version 5 webinar series “Baseline management”"— Presentation transcript:

1 NERC CIP Version 5 webinar series “Baseline management”
10/22/2014 NERC CIP Version 5 webinar series “Baseline management” October 22, 2014

2 Housekeeping All attendees are automatically in “Mute”.
If you have any questions, please type them into the questions panel. This webinar is being recorded and can be found on after the live event. You will get a copy of this presentation in a follow-up . Please take a few moments at the end of the webinar to answer the survey questions. October

3 About the presenter(s)
Joseph Baxter CISSP/CISA/CISM/CGEIT/MCDBA/MCSE:S NERC CIP Lead – HVDC / FACTS (919) Before coming to ABB, Joseph Baxter completed several years as a NERC CIP Auditor for the SERC region, with special emphasis on the technical side of cyber security. He has both audited and been audited in the realm of CIP, and brings over fifteen years of Information Security experience gleaned from the Financial Sector to bear on the problems facing Grid Security today. October 22, 2014

4 Quality evidence Documentation is king Record (get it down)
Retrieve (find it fast) Reference (do it once) Report (show it well) Repeat (keep it up) October 22, 2014

5 The four options (the T’s)
Managing risk The four options (the T’s) Tolerate (live with it) Terminate (get rid of it) Transfer (move it) Treat (control it) October 22, 2014

6 Audience question #1 Regional audits October 22, 2014

7 Change management (over)simplified
Fitting baselines into the picture Trigger High Medium Change Impact CIP-010 R1.4 Impact CIP-002 R1 Baseline CIP-010 R1.1 Change Impact CIP-002 R1 Medium No Change Low High Controls Test CIP-010 R1.5 Update Baseline Documentation CIP-010 R1.3 Accept Authorize CIP-010 R1.2 Document Deny October 22, 2014

8 Basic baseline management
What makes up a baseline OS or Firmware Version Installed Software Version Custom Software Logical Network Ports Security Patch Level October 22, 2014

9 Baseline drives the process
Security Controls Baseline drives the process Most of the requirements start with the same words “For a change that deviates from the existing baseline…” Presupposes extant evidence Requires comparison October 22, 2014

10 The elements of a baseline
Detail required The elements of a baseline Regardless of the media Each Cyber Asset Individually or Group Asset Management System Not Likely Automated October 22, 2014

11 Time machine Data cube concept Whether by spreadsheets
Or by database report Be able to go backward in time and demonstrate a moment in time Three years or from the last audit (or since V.3) Data warehouse October 22, 2014

12 Audience question #2 CIP consulting October 22, 2014

13 Programmatic tools to the rescue
Versioning systems Programmatic tools to the rescue Developers constantly change files when programming They need the ability to fall back (and reference) previous versions A few possibilities for versioning systems, many others available October 22, 2014

14 Baseline monitoring Eternal vigilance
High Impact BES Cyber Systems only Monitor at least once every 35 days Document and Investigate Show your work October 22, 2014

15 Change management (over)simplified
Fitting baselines into the picture Trigger High Medium Change Impact CIP-010 R1.4 Impact CIP-002 R1 Baseline CIP-010 R1.1 Change Impact CIP-002 R1 Medium No Change Low High Controls Test CIP-010 R1.5 Update Baseline Documentation CIP-010 R1.3 Accept Authorize CIP-010 R1.2 Document Deny October 22, 2014

16 Additional NERC CIP educational webinars
(All webinars are Eastern Time) Change management Wednesday, October 15, 2014 at 2:00 p.m. Learn about change management and the fact that this will be the largest area of recurring effort. You will gain understanding of why Patch Management is not a solution to meet your NERC CIP updates and why Version 3 no longer applies. Register now: Baseline management Wednesday, October 22, 2014 at 2:00 p.m. Learn what a baseline and testing are, why automation is key and what is required to meet Version 5 compliance. Register now: Cyber asset grouping Thursday, October 23, 2014 at 12:00 p.m. (Power generation specific) Learn process approaches to CIP R1 as it pertains to BES cyber asset categorization. Register now: October 22, 2014

17 Additional NERC CIP educational webinars
(All webinars are Eastern Time) Access management and malicious software controls Wednesday, October 29, 2014 at 2:00 p.m. Learn how to access control fits with CIP and why account management is not effortless. Register now: Low assets and future CIP versions Wednesday, November 5, 2014 at 2:00 p.m. (Power generation specific) Learn the compliance requirements for entities with low assets and audit worksheets as well as future standard activities. Register now: Identification and review of critical transmission assets Wednesday, November 12, 2014 at 2:00 p.m. Learn how to approach the guidelines and criteria highlighted by NERC to fulfill the risk assessment goal. Register now: October 22, 2014

18 Automation & Power World (APW)
Power SmartStream Digital Conference Theme: Preparing for the power evolution Date: November 6, 2014 – 11 a.m. – 6 p.m. EST Why should you attend? 25 educational webinars, dozens of scheduled chats and interviews and more than 100 white papers available for download from knowledgeable subject matter experts. Earn Professional Development Hours (PDH) Download an official attendance certificate for every live webinar session you attend to get credit for your learning time No travel or registration costs! Can’t attend the day of? That’s fine. All webinars will be recorded and will be available for on-demand viewing after the live event. Register now: October 22, 2014

19 Automation & Power World (APW)
LIVE conference – APW 2015 Theme: Harnessing the power of change Date: March 2-5, 2015 in Houston, Texas Location: George R. Brown Convention Center Why should you attend? Listen to interesting and topical keynote presentations Chose from over 300 industry and solution-focused educational sessions and panel discussions Network with ABB experts and your peers Earn Professional Development Hours (PDH) Completely free! Check the website for updates: October 22, 2014

20 Questions? This is the point to review and answer any questions in the panel. If you have a question, please type your question in now. October 22, 2014

21 Please take a few moments to answer the survey questions.
Thank you. October 22, 2014

22

Download ppt "NERC CIP Version 5 webinar series “Baseline management”"

Similar presentations

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
Www.FlightCentreGroupTravel.com.au The online system is an award Winning Online Registration and Management Facility. It is wholly Australian Owned and.

The online system is an award Winning Online Registration and Management Facility. It is wholly Australian Owned and.
CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.

CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.
Automation & Power World 2015 Harnessing the power of change March 2-5, 2015 | Houston, Texas.

Automation & Power World 2015 Harnessing the power of change March 2-5, 2015 | Houston, Texas.
PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.

PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.
PRODUCT FOCUS 3/3/14 – 3/17/14 INTRODUCTION Our Product Focus for the next two weeks is IBM. The opportunity afforded to us in becoming an Authorized.

PRODUCT FOCUS 3/3/14 – 3/17/14 INTRODUCTION Our Product Focus for the next two weeks is IBM. The opportunity afforded to us in becoming an Authorized.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.
PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.

PRODUCT FOCUS 2/3/14 – 2/14/14 INTRODUCTION Our Product Focus for the next two weeks is VMware. VMware is the current industry leader in server / data.
PROJECT MANAGEMENT PRODUCT FOCUS 2/17/14 – 2/28/14.

PROJECT MANAGEMENT PRODUCT FOCUS 2/17/14 – 2/28/14.
CIP Version 5 Update OC Meeting November 7, 2013.

CIP Version 5 Update OC Meeting November 7, 2013.
Defense Travel Management Office Office of the Under Secretary of Defense (Personnel and Readiness) Defense Travel Management Office Office of the Under.

Defense Travel Management Office Office of the Under Secretary of Defense (Personnel and Readiness) Defense Travel Management Office Office of the Under.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Introduction to the Child & Adolescent Needs and Strengths Assessment (CANS) Our Community. Our Kids. Dr. Gary Buff, Ed.D. President and COO.

Introduction to the Child & Adolescent Needs and Strengths Assessment (CANS) Our Community. Our Kids. Dr. Gary Buff, Ed.D. President and COO.
Great Lakes Loan Servicing NCASFAA Conference September 2011.

Great Lakes Loan Servicing NCASFAA Conference September 2011.
Process, Communication, and Certification Padma Venkata

Process, Communication, and Certification Padma Venkata
The OECD and electronic records 18June 2001 Head of OECD Archives and Records Management Service Mary-Ann Grosset Organisation for.

The OECD and electronic records 18June 2001 Head of OECD Archives and Records Management Service Mary-Ann Grosset Organisation for.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.

Similar presentations

Ads by Google