CIP Compliance Training
Thursday, July 14, 2011 from 8:00 AM to 5:00 PM (PT)
Portland, OR
This event has ended!
View current events hosted by National Electric Sector Cyber Security Organization
Event Details
This course, taught by three former CIP auditors, will address cyber security solutions and methods to help secure the power grid and meet the CIP standard requirements. Combined, our instructors have nearly 20 years of utility cyber security experience. That knowledge, along with a keen understanding of what is needed to demonstrate compliance, has been distilled into a one day course.
Cyber security is constantly evolving. Consequently, the regulatory landscape needs to keep up with these changing tides in order to assure that there is a consistent and adequate measure of security discipline being applied to the power grid. Discovering ways to efficiently and effectively apply good security practice and meet regulatory obligations at the same time is not easy. This training program is designed to arm the attendees with the tools and knowledge necessary to build a security program that will help your organization achieve that goal.
Targeted audience
This course is for IT, security and compliance professionals working at an electric utility seeking to find ways to meet their compliance obligations, reduce their regulatory documentation burden and improve their security posture.
Prerequisites
None.
Content
- Security perimeter design
- Open source tools for security solutions
- Critical asset and critical cyber asset identification
- Mapping security practice to compliance regulations
|
Course Schedule | Thursday, July 14, 2011 |
||
|
TIME |
TOPIC |
INSTRUCTOR |
|
7:30AM – 8:00AM |
Registration and Networking |
|
|
8:00AM – 8:15AM |
Welcome and Opening Remarks |
Patrick Miller |
|
8:15AM - 8:45AM |
Terminology 101 |
Patrick Miller |
|
8:45AM- 9:30AM |
What are we trying to protect (CIP-002) |
Josh Axelrod |
|
9:30AM - 10:30AM |
Security perimeters - Logical and Physical (CIP-005 and CIP-006) |
Steve Parker |
|
10:30AM - 12:00AM |
Consolidating Efforts to Save Time and Money (CIP-008 and CIP-009; CIP-007 R1, R1 and CIP-003; CIP-007 R2, R8 and CIP-005 R4) |
Patrick Miller |
|
12:00AM - 1:00PM |
Break for Lunch |
|
|
1:00PM - 2:30PM |
Inventory for Success: Hardware, Software, People (CIP-002, CIP-004, CIP-005, CIP-007) |
Josh Axelrod |
|
2:30PM - 3:00PM |
Policies, Procedures and Processes (CIP-002 through CIP-009) |
Josh Axelrod |
|
3:00PM - 4:00PM |
Technical Feasibility Exceptions |
Steve Parker |
|
4:00PM - 4:30PM |
Useful OpenSource Security Tools (CIP-005/CIP-007) |
Steve Parker |
|
4:30PM - 5:00PM |
Compliance and Security Crystal Ball |
Patrick Miller |
Instructor Biographies
Patrick Miller - CISA, CRISC, CISSP-ISSAP, SSCP, CEH, NSA-IAM | National Electric Sector Cybersecurity Organization
Patrick Miller is a security executive who has dedicated his career to the protection and defense of the nation’s critical energy infrastructure. He is the founder of EnergySec, and currently its President and CEO. This nonprofit information sharing organization began as a few colleagues meeting for lunch and has grown into a nationwide effort to promote sound security principles in the energy industry.
One of his strengths is the diversity of his professional experience. In Energy, he has held positions with a utility, a regulator, and a private consulting firm. He has also held key positions in the Insurance, Internet and Telecommunications sectors.Among other credentials he holds the CISA, CRISC and CISSP certifications.Patrick is an active member of several critical infrastructure security working groups anda sought after speaker and industry expert on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy
Steven Parker - CISSP, CISA | National Electric Cybersecurity Organization
Steven Parker, CISA, CISSP, is the EnergySec Vice President of Technology Research and Projects.with the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.
Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.
Josh Axelrod - CISSP, CISA | AlertEnterprise
Josh Axelrod is a retired United States Naval Submarine Officer with over ten years experience in nuclear power generation, electrical distribution, mechanical systems, as well as the industrial control systems associated with operation, supervision and security. He brings with him extensive auditing experience with regards to infrastructure security, operations, nuclear reactor safety, and regulatory compliance with Department of Defense, Environmental Protection Agency, Occupational Safety and Health Administration, and Code of Federal Regulations directives and standards. For fifteen months Josh was with the Western Electricity Coordinating Council serving as the Critical Infrastructure Protection Audits and Investigations Team. In this role he championed strong, transparent and consistent audit approaches regarding the NERC CIP regulatory standards. Josh has conducted audits of 38 NERC registered entities spanning the WECC, SPP RE, MRO, and SERC regions and encompassing all three versions and 43 requirements of the NERC CIP Standards. Josh graduated Cum Laude from Oregon State University receiving a Bachelor of Science in Nuclear Engineering, with minors in Mathematics and Naval Science and he holds the Certified Information Systems Auditor (CISA) certification and Certified Information System Security Professional (CISSP). Joining AlertEnterprise in mid-January of 2011, Josh is the Director of Professional Services and the domain expert for NERC CIP as well as a domain expert for NEI 08-09.
When
Where
Hosted By
National Electric Sector Cyber Security Organization
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec program. NESCO is an independent industry owned and operated group that supports awareness of, and response to, sector-relevant security issues.
H.R. 3183 (2010 appropriations bill) required that “...the Secretary shall establish an independent national energy sector cyber security organization...” In response, the Department of Energy issued a Funding Opportunity Announcement (FOA) on March 31, 2010. Two organizations received awards under this FOA. EnergySec was selected to form the National Electric Sector Cybersecurity Organization (NESCO). The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to this organization.
The purpose of this award is to “establish a National Electric Sector Cybersecurity Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.” In addition, the organization “will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.”
 |
View other National Electric Sector Cyber Security Organization events |
 |
Contact the Host |
 |
|
This event organizer is using Eventbrite to provide
event ticketing and online event registration.
© 2012 Eventbrite. All Rights Reserved. Terms of Service. Privacy Policy.
event ticketing and online event registration.
© 2012 Eventbrite. All Rights Reserved. Terms of Service. Privacy Policy.