Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Slides:



Advertisements
Similar presentations
Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Advertisements

Ensure the Disaster Housing Strategy is institutionalized throughout the jurisdiction Identify a process to update and maintain the Disaster Housing Strategy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Chapter Three IT Risks and Controls.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Roles and Responsibilities
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Pro-active Security Measures
Chapter 8 Auditing in an E-commerce Environment
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Business Continuity Planning 101
Information Systems Security
Blackboard Security System
BruinTech Vendor Meet & Greet December 3, 2015
Governance and Oversight
Iowa Communications Alliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Cybersecurity - What’s Next? June 2017
Disaster and Emergency Planning
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
DoD Cyberspace Workforce Definitions
Chapter 4 Internal Controls McGraw-Hill/Irwin
The Internal Audit Role in assessing Cybersecurity
Business Continuity Plan Training
Leverage What’s Out There
Cybersecurity Policies & Procedures ICA
Introduction to the Federal Defense Acquisition Regulation
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Privacy and Security in the Employment Relationship
I have many checklists: how do I get started with cyber security?
Drew Payne, CISA Corporate Security Senior Manager
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
IT Development Initiative: Status and Next Steps
NRC Cyber Security Regulatory Overview
DoD Cyberspace Workforce Definitions
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
County HIPAA Review All Rights Reserved 2002.
How to Mitigate the Consequences What are the Countermeasures?
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
Reliability Assurance Initiative (RAI) 101
Security week 1 Introductions Class website Syllabus review
Cyber Security in a Risk Management Framework
Technology Department Annual Update
Security Policies and Implementation Issues
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
IT Management Services Infrastructure Services
{Project Name} Organizational Chart, Roles and Responsibilities
Information Technology Organization Overview RFP #220-05
Anatomy of a Common Cyber Attack
Presentation transcript:

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018

Planning - Governance CIO / CSO Board of Directors Enterprise Security Committee Director of Infrastructure and Security Guest Speakers Regular Reporting Conferences Sr. Security Manager An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties. Security Workgroups

Planning - Governance Enterprise Security Committee Members Dir. of Transmission Ops Dir. of IT and Security Dir. of Generation & Production Mgr. of Reliability Compliance Dir. of Corporate Communications Dir. of Electrical Engineering Sr. Legal Counsel Dir. Human Resources Dir. Environmental Affairs Dir. of Planning & Asset Management Dir of Natural Gas Enterprise Security Committee Work Groups An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

Planning- Security Staff Sr. Security Manager Physical Security Engineer Business Continuity / Emergency Management Security Architect Security Engineer Security Engineer - SCADA Security Engineer - Compliance Security Team Lead Access Administration Security Analyst An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

Planning – Policy Introduction and Scope 400 Configuration Management Policy Introduction 400 Policy Objective Scope 400 Policy Statements Exceptions to the Cyber Security Policy 400.1 Change Management Security Risk Management 400.2 Patch Management 500 System Acquisition, Development & Maintenance Policy Security Awareness 500 Policy Objective Incident Response Management 500 Policy Statements Information Management 500.1 System Assessments 100 - Physical Security Policy 500.2 System Acquisition 100 - Policy Objective 500.3 System Development 500.4 System Maintenance 100 - Policy Statements 600 - System and Information Protection Policy 100.1 Physical Security 600 - Policy Objective 200 - Exception Request Policy 600 - Policy Statements 200 - Policy Objective 600.1 Anti-Virus software 200 - Policy Statements 600.2 Network Protection 600.3 Encryption 200.1 Exception Request Policy 600.4 File Integrity Monitoring (FIM) 300 - Access Control Policy 600.5 Authorized and Unauthorized Devices 300 - Policy Objective 600.6 Secure Configurations for Avista Systems 300 - Policy Statements 600.7 Wireless Device Control 600.8 Secure Communications 300.1 Access Control 600.9 Audit Logs 300.2 Separation of Duties 600.10 Audit Log Storage 300.3 Account Management 600.11 Time Synchronization 300.4 Password Management 600.12 Logon Banner 600.13 Media Protection 300.5 Account Time-outs An overview of your utility’s cybersecurity policy, strategy, or governing document, including how it incorporates both cyber and physical security components. An explanation of how your utility’s cybersecurity policy is audited.

Standards - Cyber Security Framework Describe how your utility prioritizes the implementation of new cybersecurity systems, components and functions. An overview of your utility’s cybersecurity framework.

Standards – Effectiveness An overview of your utility’s process to determine the effectiveness of the current cybersecurity policy and plan, including the frequency of the evaluation. An overview of what needs to happen for improvement actions to take place with regard to your utility’s cybersecurity policy and plan, including any hindrances and what can be done to overcome them). An explanation about the frequency in which your utility’s cybersecurity plan is updated. An explanation about the frequency in which your utility’s cybersecurity plan is tested.

Reporting Cybersecurity reporting An overview of how and when your utility reports cyberattacks, and the threshold for reporting cyberattacks.

Partnerships An overview of your utility’s cybersecurity partnerships (i.e. Emergency management/law enforcement, Department of Homeland Security, fellow utilities, Fusion centers, etc.). An explanation of how and when your utility interacts with the National Cyber Security Division of the U.S. Department of Homeland Security.

Procurement Vendor and device selection Background checks Employees Vendors An overview of your utility’s cybersecurity criteria used for vendor and device selection, and the guidance you follow to ensure that your procurement language is both specific and comprehensive enough to result in acquiring secure components and systems. An overview describing personnel surety/background checks performed on those with access to key cyber components, including vendors and other third parties that have access to key cyber systems screened. An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

Risk Management Risk prioritization Vulnerability assessments Internal External Risk impacts An overview of how your utility prioritizes risks, including the criteria used to prioritize risks, and how often the priority list is updated. An overview explaining who your utility is using to perform vulnerability assessments (i.e. internal personnel or external personnel, such as a third party). An overview of your utility’s process for looking at consequences of cyber incidents that informs your risk management process.

Response & Recovery: Response and recovery plans Responsibility Exercises Sharing & mutual defense Communication plan to address customer perceptions An overview of your utility’s cybersecurity response and recovery coordination plan, including but not limited to, who in your utility oversees response and recovery, any participation in sharing analysis, and mitigation measures with other companies as part of a mutual network of defense, and communication plan to address customer perceptions and expectations when their service has been impacted by a cyberattack event. 

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.