Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release.

Published byClement Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release."— Presentation transcript:

1 Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release

2 SGWG Foil 2 Discussion Items 1.SGWG Roster 2.Change to the Guideline Preamble 3.2006 Prioritization of the Guideline Updates 4.Regular Review Cycle for All Security Guidelines 5.Content Review of Guidelines by SGWG 6.Guideline Directions

3 SGWG Foil 3

4 SGWG Foil 4 SGWG Roster: As of March 10, 2006, the SGWG comprises: 1.Scott McCoy (Physical) 2.Scott Webber (Physical) 3.Bruce Metruck (Physical) 4.Mike Paszynsky (Physical) 5.Larry Bugh (Cyber) 6.Joe Doetzl (Cyber) 7.David Baumken (Cyber) 8.Roger Lampila (Operations) 9.Tom Kropp (Research Institutions) 10.Ken Hall (Research Institutions)

5 SGWG Foil 5 Changes to the Preamble A suggestion was made by a NERC legal staff to adopt the following: “ This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage its risks. “

6 SGWG Foil 6 Prioritization of Guideline Updates: 1.Of the 18 Security Guidelines, 14 were assessed as needing updates. 2.The remainder, 4, are recent ones and deemed acceptable. 3.It is not reasonable to expect various working groups to re-draft all 14 of them and put through CIPC approvals in one year (9 months now!). 4.SGWG recommends 7 updates this year and 7 next year (refer to the SGWG Reference Document No.1)

7 SGWG Foil 7 Criteria for Prioritization: 1.Synchronization with, or in support of, the permanent cyber security guidelines 2.Importance/relevance of the subject matter today 3.How 'off' or 'dated' the content is 4.Subsumed by any new guidelines ( e.g., elimination candidates)?

8 SGWG Foil 8 Prioritization of Guideline Updates: Recommended Updates for 2006: SG001Vulnerability and Risk Assessment SG002Emergency Plans SG003Continuity of Business Processes SG005Physical Security SG006Cyber Security – Risk Management SG007Cyber Security – Access Controls SG018Threat Alert System and Cyber Response

9 SGWG Foil 9 Prioritization of Guideline Updates: Recommended Updates for 2007: SG004Communications SG008Cyber Security – IT Firewalls SG009Cyber Security – Intrusion Detection SG010Employment Background Screening SG011Protecting Potentially Sensitive Information SG012Securing Remote Access to Electronic CPS SG014Threat and Incident Reporting

10 SGWG Foil 10 Guideline Updates – Further Recommendations: 1.The CIPC Executive Committee assign an ‘owning’ working group for each security guideline. 2.The ‘owning’ working group will accommodate identified updates in their 2006/2007 work schedule. 3.NERC CIPC support staff will follow up with respective working group re the timing of completion and CIPC reviews

11 SGWG Foil 11 Regular Guideline Reviews: 1.Today, there is no fixed schedule for reviewing existing guidelines. 2.The Cyber Security Standard (CIP 003) asks for an annual review of policies. 3.SGWG Recommendation: Complete the identified updates for 2006 and 2007 After that, schedule reviews of the guidelines every two years or when there is a watershed event in the subject area. These bi-annual reviews may not necessarily result in updates.

12 SGWG Foil 12 Content Review of Security Guidelines: Background: 1.Comments were made that SGWG should stay away from reviewing guideline contents. 2.The SGWG Terms of Reference states, in part: “review existing CIPC guidelines, and other electric and non-electric industry reference material, for currency and relevance”.

13 SGWG Foil 13 Content Review of Security Guidelines: What the SGWG guideline reviews entail today: 1.Consistency and compatibility with security standards and other security guidelines 2.Consistency of parts within a specific guideline 3.Currency and relevance to the current threats/industry practices (e.g., against IEEE, ISO, NIST, ANSI, CSA, etc)

14 SGWG Foil 14 Content Review of Security Guidelines: Recommendation: 1.SGWG will review ‘content’ only in the sense of the above consistency checks – not in value judgement. 2.SGWG will provide timely comments to the ‘Owning’ working group. 3.The ‘owning’ working group will consider the comments provided. They are not obliged to accommodate all comments.

15 SGWG Foil 15 Guideline Directions: 1.Most new guidelines come from Working Groups or Task forces/Teams. 2.SGWG may from time identify the area where a new security guideline is appropriate. 3.The CIPC will have the final say in the generation of a new (or the elimination of an existing) security guidelines.

16 SGWG Foil 16 Thank you! 1.Thank you for working with me for the past two years. It has been a challenge and pleasure at the same time. 2.Please support Scott McCoy in the coming years!

Download ppt "Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release."

Similar presentations

Reliability Center Data Request Task Force Report WECC Board Meeting April 2009.

Reliability Center Data Request Task Force Report WECC Board Meeting April 2009.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
SERVICE MANAGER 9.2 PROBLEM MANAGEMENT TRAINING JUNE 2011.

SERVICE MANAGER 9.2 PROBLEM MANAGEMENT TRAINING JUNE 2011.
0 Chicago, IL March 6 th, 2007 Use Case Requirements, Design and Standards Selection HITSP Use Case Requirements, Design and Standards Selection Date:

0 Chicago, IL March 6 th, 2007 Use Case Requirements, Design and Standards Selection HITSP Use Case Requirements, Design and Standards Selection Date:
Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20, 2010 1.

Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20,
Runway Safety Teams (RSTs) Description and Processes Session 5 Presentation 1.

Runway Safety Teams (RSTs) Description and Processes Session 5 Presentation 1.
Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October 2012 11.

Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October
The R&M Task Group mandate is to: Develop specific recommendations on how social housing project reporting and monitoring could be improved and made more.

The R&M Task Group mandate is to: Develop specific recommendations on how social housing project reporting and monitoring could be improved and made more.
XBRL Voluntary Program on the EDGAR System April 2005 Brigitte Lippmann Attorney Division of Corporation Finance Jeffrey Naumann Enabling Technologies.

XBRL Voluntary Program on the EDGAR System April 2005 Brigitte Lippmann Attorney Division of Corporation Finance Jeffrey Naumann Enabling Technologies.
NESCC Meeting March 28, 2013 1. Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.

NESCC Meeting March 28, Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.

CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE. 2 Group carried over from ECAR, MAAC, & MAIN workgroups that were assembled to address 1200 Urgent Action.

CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE. 2 Group carried over from ECAR, MAAC, & MAIN workgroups that were assembled to address 1200 Urgent Action.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
CIPC Executive Committee Update CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair Public Release.

CIPC Executive Committee Update CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair Public Release.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 Crisis Response Task Force (CRTF) Proposal Tom Bowe (Chairman) CSO, PJM Interconnection Scott Heffentrager (Temp. Chairman) Physical Security.

1 Crisis Response Task Force (CRTF) Proposal Tom Bowe (Chairman) CSO, PJM Interconnection Scott Heffentrager (Temp. Chairman) Physical Security.
IEEE COMMITTEE TO RESOLVE MEMBERS' CONCERNS FINAL REPORT IEEE Central Texas Section Spring Section Meeting January 25, 2014 San Marcos, TX.

IEEE COMMITTEE TO RESOLVE MEMBERS' CONCERNS FINAL REPORT IEEE Central Texas Section Spring Section Meeting January 25, 2014 San Marcos, TX.

Similar presentations

Ads by Google