Program Governance Issues for CIP Compliance


Program Governance Issues

Developed in coordination with NERC (view NERC press release*), Energy Central's CIP Compliance webcasts provide unique insights on how to comply with the standards. NERC reviews all content to ensure accurate information is presented.

The second webcast, Program Governance Issues, you'll hear from industry veterans, Jerry Freese and Bart Thielbar, who are seasoned in the compliance process, allowing you to:

How to create and implement a cyber security policy that demonstrates your ability to track, secure, and document CCA.

The role of internal leadership in developing the accountability necessary to ensure organizational compliance with CIP standards.

The steps you need to take to create documentation that aligns with the six requirements defined in CIP-003. 

The components you'll need to build a good governance framework

Register Now

Title: Program Governance Issues
Cost: $147.00

   Jerry Freese, CISSO (full bio)
   Director Enterprise Information Security &

    IT Security Engineering, AEP

   Bart Thielbar, CISA (full bio)
   Senior Research Analyst, Sierra Energy Group 

1. Culture of Compliance/Tone at the Top — "The best interest of reliability"; simply meeting compliance standards is not necessarily indicative of a "Culture of Compliance"; review of VSLs and VRF's - as a portal to "culture of compliance discussion"
2. Leadership identification and responsibilities — Delegation of duties: requirements and responsibilities
3. Cyber security — Policy creation, maintenance and approval; policy accessibility for employees
4. Documentation and audit trail requirements — Technical Feasibility Exceptions: Internal documentation requirements (for those that qualify)
5. Guest Speaker — Jerry Freese, American Electric Power

* NERC press release link:

The CIP Compliance
Series of Webcasts

For comprehensive preparation, attend all six. The webcasts in the series include:


9/23/09 Identifying Critical Assets
(On Demand)

10/6/09 Program Governance Issues
(On Demand)

10/21/09 Change Management Systems
(On Demand)

11/11/09 Personnel Issues & Training
(On Demand)

12/2/09 Physical & Electronic Access Controls 

12/16/09 Testing Procedures & Recovery Plans

Register Now

To apply a previously purchased CIP webcast
to the cost of the series
or to upgrade to an
Unlimited Use License,
please call 800.459.2233
or follow this link for more information.


Speaker Biographies: Program Governance Issues 

Jerry Freese, CISSP
Director Enterprise Information Security & IT Security Engineering 
American Electric Power (AEP) 
Gerald Freese is the Director of IT Security Engineering at American Electric Power. He is responsible for defining, developing and executing all information security programs to effectively protect AEP data and systems, including critical digital control systems. He is responsible for regulatory compliance, enterprise data protection and critical infrastructure cyber security and is actively engaged in development of cyber security standards for the energy industry. Gerald Freese is a recognized security and infrastructure protection expert who brings a powerful combination of leadership, domain experience, technological vision and strategy development to American Electric Power. He is the company's primary data security architect, and a strong proponent of industry and government partnerships for critical infrastructure protection.

Prior to accepting a position at American Electric Power, Mr. Freese was the Director of Security Intelligence at Vigilinx, Inc., where he developed an early warning and data analysis process to identify computer-based threats and attack profiles. He has authored in depth analytical papers on cyber-activities relative to geopolitical and critical infrastructure threat environments and has testified before congress on critical infrastructure interdependencies and control system security. Mr. Freese is a retired naval Cryptologic Officer with extensive experience in computer security and information warfare. He has held other leadership positions in the information technology industry with Perot Systems and General Dynamics Advanced Information Systems. 

Mr Freese is a Certified Information Systems Security Professional (CISSP). He holds a bachelors degree from State University of New York (Albany), and a Masters degree in Information and Telecommunications Systems from Johns Hopkins University in Baltimore, Maryland. He is a member of the NERC Critical Infrastructure Protection Committee and the FERC Order 706 Standards Drafting Team. He also participated on the Infrastructure Working Group with the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency.

Bart Thielbar

Senior Research Analyst
Sierra Energy Group 
Bart Thielbar is a senior research analyst for Sierra Energy Group, the research and analysis division of Energy Central. Thielbar is also President of Itility Solutions, LLC, which he founded in early 2009. Itility provides executive advisory and consultative services regarding business process optimization and technology investments, including those related to the Smart Grid. Prior to forming Itility Solutions, LLC, Thielbar held various executive level positions, including serving as the Sr. Vice-President and CIO of NorthWestern Energy. 

Thielbar also is a former chair of the Edison Electric Institute's (EEI) and American Gas Association's (AGA) Technology Advisory Council (TAC). He holds his certified Information Systems Auditor (CISA) designation from the Information Systems Audit and Control Association (ISACA).

The information from this webcast is provided for informational purposes only. An entity's adherence to the examples contained within this presentation does not constitute compliance with the NERC Compliance Monitoring and Enforcement Program ("CMEP") requirements, NERC Critical Infrastructure Protection ("CIP") Reliability Standards, or any other NERC Reliability Standards or rules. While the information included in this material may provide some of the methodology that NERC has elected to use to assess compliance with the requirements of the Reliability Standard, this material should not be treated as a substitute for the Reliability Standard or viewed as additional Reliability Standard requirements. In all cases, the entity should rely on the language contained in the Reliability Standard itself, and not on the language contained in this presentation, to determine compliance with the CIP Reliability Standards.

Produced by Energy Central, 2821 S Parker Rd, Suite 1105, Aurora CO 80014, 800.459.2233
in conjunction with NERC.

Published By: 
Energy Central
Resource Author: 
Energy Central
Oct 07, 2009