Identifying Critical Assets for CIP Compliance

Share/Save      
 

Identifying Critical Assets

Developed in coordination with NERC (view NERC press release*), Energy Central's CIP Compliance webcasts provide unique insights on how to comply with the standards. NERC reviews all content to ensure accurate information is presented.

The first webcast, Identifying Critical Assets, you'll hear from industry veterans, Richard Powell and Bart Thielbar, who are seasoned in the compliance process, allowing you to:

Learn risk-based approaches needed to identify cyber assets that are critical to infrastructure security

Discover how to avoid costly documentation errors

Gain key insights on what auditors will be seeking

Register Now

Title: Identifying Critical Assets
Cost: $147.00
Featuring:

   Richard Powell (full bio)
   Director of Information Security, JEA

   Bart Thielbar (full bio)
   Senior Research Analyst, Sierra Energy Group 

Agenda

1. Purpose, expectations and goals — Review of CIP-002 and requirements 1-4; definitions of common terms; schedule for Table 3 entities
2. Achieving compliance through risk-based assessment — Impact/ Consequence assessment; contrast traditional and expanded views of security; consideration of misuse, manipulation, maliciousness, denial of service, etc.; identify critical assets and critical cyber assets — diagrams/flow charts; required risk-based assessment inputs
3. The audit trail — Documentation requirements; input and filtering; listing of assets (even if null); annual reviews; discussion of findings related to preliminary reviews
4. A “fresh look” and a “closer look” Consider bad actor, maliciousness, manipulation, misuse, etc.
5. Possible penalties and sanctions Violation severity levels; violation risk factors
6. Culture of compliance: “tone at the top” “The best interest of reliability”

* NERC press release link:
www.nerc.com/fileUploads/File/
PressReleases/PR_090909_Energy-Central.pdf


The CIP Compliance
Series of Webcasts

For comprehensive preparation, attend all six. The webcasts in the series include:

 

9/23/09 Identifying Critical Assets
(On Demand)

10/6/09 Program Governance Issues
(On Demand)


10/21/09 Change Management Systems
(On Demand)


11/11/09 Personnel Issues & Training
(On Demand)


12/2/09 Physical & Electronic Access Controls 

12/16/09 Testing Procedures & Recovery Plans


Register Now


To apply a previously purchased CIP webcast
to the cost of the series
or to upgrade to an
Unlimited Use License,
please call 800.459.2233
or follow this link for more information.

 

Speaker Biographies: Identifying Critical Assets 


Richard Powell
Director of Information Security
JEA 
As Director of Information Security, Richard Powell is responsible for defining, developing and executing all information security programs involved in protecting JEA data and systems. He is responsible for regulatory compliance and for meeting critical infrastructure protection requirements for cyber security. Mr. Powell has been involved in the development of the NERC cyber security standards for the energy industry as a member of the NERC Critical Infrastructure Protection Committee (CIPC). He is recognized as a security and infrastructure protection expert who brings a powerful combination of leadership, technological vision and strategy development to JEA.

Prior to accepting a position at JEA, Mr. Powell was the Director of Signal Maintenance at CSX Transportation, Inc., where he was responsible for train control systems. Mr. Powell is a former Naval Submarine Officer with extensive experience in communications security.

Mr. Powell is a Certified Information Systems Security Professional (CISSP). He holds a Bachelors degree in Engineering (Nuclear) from the University of Washington and a Masters degree in Business from the University of Jacksonville in Jacksonville, Florida.


Bart Thielbar

Senior Research Analyst
Sierra Energy Group 
Bart Thielbar is a senior research analyst for Sierra Energy Group, the research and analysis division of Energy Central. Thielbar is also President of Itility Solutions, LLC, which he founded in early 2009. Itility provides executive advisory and consultative services regarding business process optimization and technology investments, including those related to the Smart Grid. Prior to forming Itility Solutions, LLC Thielbar held various executive level positions, including serving as the Sr. Vice-President and CIO of NorthWestern Energy. 

Thielbar also is a former chair of the Edison Electric Institute's (EEI) and American Gas Association's (AGA) Technology Advisory Council (TAC). He holds his certified Information Systems Auditor (CISA) designation from the Information Systems Audit and Control Association (ISACA).

The information from this webcast is provided for informational purposes only. An entity's adherence to the examples contained within this presentation does not constitute compliance with the NERC Compliance Monitoring and Enforcement Program ("CMEP") requirements, NERC Critical Infrastructure Protection ("CIP") Reliability Standards, or any other NERC Reliability Standards or rules. While the information included in this material may provide some of the methodology that NERC has elected to use to assess compliance with the requirements of the Reliability Standard, this material should not be treated as a substitute for the Reliability Standard or viewed as additional Reliability Standard requirements. In all cases, the entity should rely on the language contained in the Reliability Standard itself, and not on the language contained in this presentation, to determine compliance with the CIP Reliability Standards.

Produced by Energy Central, 2821 S Parker Rd, Suite 1105, Aurora CO 80014, 800.459.2233
in conjunction with NERC.

Published By: 
Energy Central
Resource Author: 
Energy Central
Published: 
Sep 25, 2009
Pages: 
0

Share/Save