AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Slides:



Advertisements
Similar presentations
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Advertisements

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.
<<replace with Customer Logo>>
1 Corporate Governance in Eurasia: A Comparative Overview Elena Miteva Administrator Corporate Affairs, Directorate for Financial and Enterprise Affairs.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Introduction to Enterprise Risk Management (ERM)
ECM RFP 101 Presented by: Carol Mitchell C.M. Mitchell Consulting.
September 5, 2013 Southern Region Break-Out NAAA Annual Convention.
Dr. Julian Lo Consulting Director ITIL v3 Expert
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
Security Controls – What Works
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Process, Communication, and Certification Padma Venkata
Procurement Transformation State of North Carolina
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
Revised Change, Configuration, Release (CCR) Rollout Overview
1 Federal Communications Commission (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) Working Group 1A - Public Safety Consolidation.
“Operationalizing” the Municipal Emergency Plan Presented to: 2007 Connecting the Dots to Safer Communities Conference Nov , 2007 Presented by: Dieter.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
A Product of Copyright © ANGLER Technologies AURA – Quality Compliance Monitoring & Process Management System.
May Agenda  PeopleSoft History at Emory  Program Governance  Why Upgrade Now?  Program Guiding Principles  High-Level Roadmap  What Does This.
WHAT IS “CLASS”? A BRIEF ORIENTATION TO THE CLASS METHODOLOGY.
Breakout Session 2 – Track B International Standards on Auditing: Adoption and Implementation Challenges and Tools Prof. Arnold Schilder, IAASB Chairman.
GEMI Survey EHS Risk Management
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
South West Grid for Learning Educational Portal Awareness Event.
EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Page 0 Eastern Interconnection Phasor Demonstration Enhanced Wide-Area Visibility In the Eastern Interconnection for Reliability Management Transmission.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Top 10 Privacy Risks in Web Applications Method, results and some countermeasures 29 May 2015 Florian Stahl (Project Leader) Sponsored by.
Auditing Information Systems (AIS)
Katie A. Learning Collaborative For Audio, please call: Participant code: Please mute your phone Building Child Welfare and Mental.
EMS Today: Emerging Issues Energy & Environmental Division National Conference San Antonio, Texas September 20, 2005.
Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,
TEXAS NODAL Board of Directors Austin, Texas July 15, 2003.
1 Local Readiness Team Lead Meeting June 6, 2007.
The Internet of Things and Consumer Protection
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Developing a Project Management Standard for Your Organization Francine DiMicele, PMP June 08, 2015 NC Piedmont Triad Chapter.
1 Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow.
Office of Pipeline Safety Hazardous Liquid Pipeline Integrity Management July , 2002 Houston, Texas Welcome.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
ECC Task Force Webinar September 3, Peak Anti-Trust Statement Phase 1A Update webSAS Integration PSE Access Peak and the Task Force Next Steps.
Introduction Office of Water (4608T) EPA 817-R September
OAUG SysAdmin SIG OAUG Collaborate ’07 Las Vegas, NV April, 2007.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
A Framework for Assessing Needs Across Multiple States, Stakeholders, and Topic Areas Stephanie Wilkerson & Mary Styers REL Appalachia American Evaluation.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Internal Audit Quality Assessment Guide
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
California Health and Human Services Agency - Office of Systems Integration (OSI) PMO Forum November 19,
EOB Methodology Overview
Self Identified Issues
Description of Revision
IT Governance Planning Overview
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Stewardship in biotechnology
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA T&D

AREVA T&D Security Focus Group - 09/14/092 Security Focus Group Presentation Overview 1. Background  Formation  Approach  Timeline 2. Role of the Security Focus Group  Help the participants to achieve NERC CIP compliance  Oversee specific security activities  Address security of products and services  A forum to address security issues as they arise 3. Results of the Security Focus Group  Deliverables and Recommendations  Collaborative management and solutions  Raising the quality and visibility bar on security  What’s next ?

AREVA T&D Security Focus Group - 09/14/093 Background  Formation of the Security Focus Group  Started after June 2007 AREVA T&D Users Group conference  Initial group of customer volunteers + open invitation process  Mandate to focus on NERC CIP readiness  Approach  Meeting agenda and invitations distributed in advance  1 hour conference call meetings every other week  Detailed meeting summaries published on the web  Use of on-line surveys to clarify interests, priorities of the group “Top 10 Security Concerns” NERC CIPs prioritization Change Management “Significant Change” classification

AREVA T&D Security Focus Group - 09/14/094 Background (cont’d) Timeline Q3Q4Q1Q2Q3Q4Q1Q Commissioned at June 2007 AREVA T&D Users Group conference  Phase I Security Focus Group (25 participants from 13 different companies) Results presented at ‘08 UG conference Meetings from Oct. ’07 – Apr. ’08 Commissioned at June ‘08 AREVA T&D Users Group conference  Phase II Security Focus Group (55 participants from 20 different companies) Results presented at ‘09 UG conference Meetings from Oct. ’08 – May ’09

AREVA T&D Security Focus Group - 09/14/095 Presentation Overview 1. Background  Formation  Approach  Timeline 2. Role of the Security Focus Group  Help the participants to achieve NERC CIP compliance  Oversee specific security activities  Address security of products and services  A forum to address security issues as they arise 3. Results of the Security Focus Group  Deliverables and Recommendations  Collaborative management and solutions  Raising the quality and visibility bar on security  What’s Next ?

AREVA T&D Security Focus Group - 09/14/096 NERC CIP Compliance Discussions Covered in SFG Phase ICovered in SFG Phase II C = Compliant AC = Auditably Compliant by end of 2 nd Qtr 2009  On-line survey of SFG participants to identify top security concerns, and to prioritize NERC CIPs discussion  Agenda of successive SFG meetings following this priority order

AREVA T&D Security Focus Group - 09/14/097 Security Activities Oversight  AREVA T&D Security Activities which the Security Focus Group has assumed oversight for include:  Security Patch Compatibility Testing Services  Independent Security Vulnerability Testing Services  Security Patch Communications and Release Processes AREVA T&D Operating System Vendor Patch Compatibility Testing AREVA T&D Third Party Vendor Patch Compatibility Testing Independent Security Vulnerability Testing Customer Operational system pre-deployment test Business Security Policy / NERC CIP Requirements Customer Patch Management and Significant Change Test

AREVA T&D Security Focus Group - 09/14/098 Security of AREVA T&D Products and Services  AREVA T&D Security Documents:  3 rd Party Software Documentation  Security Solutions document developed and published (mapping NERC CIPs to AREVA product features and configurations)  AREVA T&D System and Network Security Guides reviewed and updated.  Review of AREVA T&D Security policies and processes  Security training process  Background checking procedure  Secure management of remote system access

AREVA T&D Security Focus Group - 09/14/099 Addressing Security Issues as they Arise  Security audits and assessment findings  Forum for open discussion and sharing of audit experiences  Insights from an auditor  Bandolier templates for AREVA T&D systems  AREVA T&D Security Patch processes  Customer Security Bulletins  Security Patch Release process  Industry / regulatory coordination (US-CERT, NERC)  Discussion of 3 rd party security tools utilization  Tools for security event logging consolidation  Security assessment and scanning tools  Security audit and change management tools

AREVA T&D Security Focus Group - 09/14/0910 Presentation Overview 1. Background  Formation  Approach  Timeline 2. Role of the Security Focus Group  Help the participants to achieve NERC CIP compliance  Oversee specific security activities  Address security of products and services  A forum to address security issues as they arise 3. Results of the Security Focus Group  Deliverables and Recommendations  Collaborative management and solutions  Raising the quality and visibility bar on security  What’s Next ?

AREVA T&D Security Focus Group - 09/14/0911 Deliverables and Recommendations  Highlights of deliverables and recommendations include:  INL Phase III Independent Vulnerability Test Scope  SFG Significant Change List  CIP R1 Significant Change Survey Results  Log Management White Paper  AREVA T&D Personnel Risk Assessment Verification  Third Party Software Document  Security Focus Group Meeting Summaries  Vulnerability assessment and testing methodologies, procedures, and tools document  AREVA Security Patch testing and Product Release testing scope expansion  AREVA project and support personnel change notification policy and procedures

AREVA T&D Security Focus Group - 09/14/0912 Collaboration and Quality  Management responsibilities representing the User Community  Independent Vulnerability Testing  Security Patch Compatibility Testing  Raising the quality and visibility bar on security  Focus Group activities and recommendations are high priority to AREVA T&D  Meeting format makes it possible for both vendor and customers to bring their experts together to discuss specific security subjects  Broad and consistent user representation gives the Focus Group good credibility to the user community

AREVA T&D Security Focus Group - 09/14/0913 Benefits of the Participants  Helping the user community define a common interpretation of the NERC CIP requirements  Assisting users efforts to achieve NERC CIP compliance  Facilitating sharing of experience and successes among the participants  Providing users an opportunity to influence and improve AREVA T&D’s security features and services  Empowering user representatives to oversee specific AREVA T&D security activities

AREVA T&D Security Focus Group - 09/14/0914 What’s Next  The 2009 / 2010 Security Focus Group will hold it’s first meeting on October 1 st  Key subjects the Security Focus Group will concentrate on:  NERC CIPs compliance (audit experiences, best practices, etc..)  Product security testing [including INL, security patch compatibility, other]  Product security features / configuration / documentation  Product security integration [e.g. third-party tools]  Security policies and procedures (disclosure & notification, security tools &best practices, etc..)

AREVA T&D Security Focus Group - 09/14/0915

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.