Bulk Electric System entities that establish accountability and
consistent data collection, retention, monitoring and reporting
practices, can successfully demonstrate that IT controls support a
sound internal control framework that meets the intent of the
Cyber-Security Reliability Standards and CIP reliability standards.
1.) Clearly Define the Control Environment
Identify the systems, services, devices, data, and personnel associated
with the day-to-day use and protection of critical information and
systems. When selecting controls, it is important to ensure that they
support the business processes of the organization and its affiliated
organizations, such as contractors and industry partners.
2.) Strictly Control Access
Not only protect the data, but the systems, services, and devices
within the organization. The entity must be able to demonstrate that it
knows which employees, contractors, and partners have physical and
logical access to the network, devices, applications, and data for
specific and authorized business purposes, and that unauthorized access
attempts – both physical and logical – can be identified and addressed.
3) Validate Security controls
Regularly monitor the environment for performance and effectiveness of
the controls n place. Establish baseline activity, study trend line
analysis, and ensure that unusual activity can be quickly identified
and corrected, as necessary.
4) Document All Corrective Actions
Demonstrate that the proper steps were taken to correct systems and adjust policy if a non-compliant situation is identified.
5) Study the Results of Testing and Reporting
Continuously manage and oversee the environment through reporting and
testing, while providing documented evidence of due diligence to
auditors.
6) Collect and Retain Data
Each organization should take reasonable steps to ensure that
sufficient data is collected to identify and respond to security
incidents and to monitor and enforce policies and service level
agreements. Automated data collection and retention allows many
indicators of security and performance across the network and critical
applications to be tracked on a continuous basis – as apposed to a
periodic review – helping to create a proactive risk management process.
7) Preserve Data in Its Purest Form
Preserve near-term and long-term data in its purest form for audit, forensics, and evidentiary presentation.
Katherine Janiszewski plays a crucial role as Marketing Manager of
netForensics. Founded in 1999, netForensics is based on a culture of
excellence and innovation. Their team of leading experts understands
the ever-evolving security threat and compliance needs of today’s
organizations, including NERC CIP standards. For more information, visit netForensics.com.
