Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Guidelines Working Group Update

Published byAndrea Hines Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Guidelines Working Group Update"— Presentation transcript:

1 Security Guidelines Working Group Update
CIPC Confidentiality: Public Release Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair

2 Discussion Items SGWG Roster Change to the Guideline Preamble
2006 Prioritization of the Guideline Updates Regular Review Cycle for All Security Guidelines Content Review of Guidelines by SGWG Guideline Directions

3

4 SGWG Roster: As of March 10, 2006, the SGWG comprises:
Scott McCoy (Physical) Scott Webber (Physical) Bruce Metruck (Physical) Mike Paszynsky (Physical) Larry Bugh (Cyber) Joe Doetzl (Cyber) David Baumken (Cyber) Roger Lampila (Operations) Tom Kropp (Research Institutions) Ken Hall (Research Institutions)

5 Changes to the Preamble
A suggestion was made by a NERC legal staff to adopt the following: “This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks.  Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage its risks. “

6 Prioritization of Guideline Updates:
Of the 18 Security Guidelines, 14 were assessed as needing updates. The remainder, 4, are recent ones and deemed acceptable. It is not reasonable to expect various working groups to re-draft all 14 of them and put through CIPC approvals in one year (9 months now!). SGWG recommends 7 updates this year and 7 next year (refer to the SGWG Reference Document No.1)

7 Criteria for Prioritization:
Synchronization with, or in support of, the permanent cyber security guidelines Importance/relevance of the subject matter today How 'off' or 'dated' the content is Subsumed by any new guidelines ( e.g., elimination candidates)?

8 Prioritization of Guideline Updates:
Recommended Updates for 2006: SG001 Vulnerability and Risk Assessment SG002 Emergency Plans SG003 Continuity of Business Processes SG005 Physical Security SG006 Cyber Security – Risk Management SG007 Cyber Security – Access Controls SG018 Threat Alert System and Cyber Response

9 Prioritization of Guideline Updates:
Recommended Updates for 2007: SG004 Communications SG008 Cyber Security – IT Firewalls SG009 Cyber Security – Intrusion Detection SG010 Employment Background Screening SG011 Protecting Potentially Sensitive Information SG012 Securing Remote Access to Electronic CPS SG014 Threat and Incident Reporting

10 Guideline Updates – Further Recommendations:
The CIPC Executive Committee assign an ‘owning’ working group for each security guideline. The ‘owning’ working group will accommodate identified updates in their 2006/2007 work schedule. NERC CIPC support staff will follow up with respective working group re the timing of completion and CIPC reviews

11 Regular Guideline Reviews:
Today, there is no fixed schedule for reviewing existing guidelines. The Cyber Security Standard (CIP 003) asks for an annual review of policies. SGWG Recommendation: Complete the identified updates for 2006 and 2007 After that, schedule reviews of the guidelines every two years or when there is a watershed event in the subject area. These bi-annual reviews may not necessarily result in updates.

12 Content Review of Security Guidelines:
Background: Comments were made that SGWG should stay away from reviewing guideline contents. The SGWG Terms of Reference states, in part: “review existing CIPC guidelines, and other electric and non-electric industry reference material, for currency and relevance”.

13 Content Review of Security Guidelines:
What the SGWG guideline reviews entail today: Consistency and compatibility with security standards and other security guidelines Consistency of parts within a specific guideline Currency and relevance to the current threats/industry practices (e.g., against IEEE, ISO, NIST, ANSI, CSA, etc)

14 Content Review of Security Guidelines:
Recommendation: SGWG will review ‘content’ only in the sense of the above consistency checks – not in value judgement. SGWG will provide timely comments to the ‘Owning’ working group. The ‘owning’ working group will consider the comments provided. They are not obliged to accommodate all comments.

15 Guideline Directions:
Most new guidelines come from Working Groups or Task forces/Teams. SGWG may from time identify the area where a new security guideline is appropriate. The CIPC will have the final say in the generation of a new (or the elimination of an existing) security guidelines.

16 Thank you! Thank you for working with me for the past two years. It has been a challenge and pleasure at the same time. Please support Scott McCoy in the coming years!

Download ppt "Security Guidelines Working Group Update"

Similar presentations

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
NESCC Meeting March 28, 2013 1. Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.

NESCC Meeting March 28, Topics Accomplishments Since Last Meeting Program Management for NESCC Support to the NESCC Sponsor Committee Review and.
Update: Physical Guideline UPDATE: Physical Security Guideline UPDATED Physical Response Security Guideline Public Release.

Update: Physical Guideline UPDATE: Physical Security Guideline UPDATED Physical Response Security Guideline Public Release.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.

CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE. 2 Group carried over from ECAR, MAAC, & MAIN workgroups that were assembled to address 1200 Urgent Action.

CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE. 2 Group carried over from ECAR, MAAC, & MAIN workgroups that were assembled to address 1200 Urgent Action.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release.

Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 Crisis Response Task Force (CRTF) Proposal Tom Bowe (Chairman) CSO, PJM Interconnection Scott Heffentrager (Temp. Chairman) Physical Security.

1 Crisis Response Task Force (CRTF) Proposal Tom Bowe (Chairman) CSO, PJM Interconnection Scott Heffentrager (Temp. Chairman) Physical Security.
Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.
ANZI/AIHA Z10 2005 Occupational Health and Safety Management Systems.

ANZI/AIHA Z Occupational Health and Safety Management Systems.
CIPC Executive Committee Update CIPC Meeting Mesa AZ March 16, 2006 Barry Lawson CIPC Vice-Chair CIPC Confidentiality: Public Release.

CIPC Executive Committee Update CIPC Meeting Mesa AZ March 16, 2006 Barry Lawson CIPC Vice-Chair CIPC Confidentiality: Public Release.
Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.

Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.
Standards and Guidelines Working Group Status Updates 2005 Jun 09 Washington DC Critical Infrastructure Protection Committee Public Release.

Standards and Guidelines Working Group Status Updates 2005 Jun 09 Washington DC Critical Infrastructure Protection Committee Public Release.
CIPC Executive Committee Update-1 CIPC Meeting Long Beach CA March 17, 2005 Pat Laird Vice Chair Public Release.

CIPC Executive Committee Update-1 CIPC Meeting Long Beach CA March 17, 2005 Pat Laird Vice Chair Public Release.
Security Guidelines Working Group Update CIPC Meeting Denver CO September 29, 2005 Seiki Harada SGWG Chair Public Release.

Security Guidelines Working Group Update CIPC Meeting Denver CO September 29, 2005 Seiki Harada SGWG Chair Public Release.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Similar presentations

Ads by Google