In partnership with IOActive:
EnergySec is pleased to offer a two-day NERC CIP Compliance Bootcamp in Seattle, WA at the IOActive headquarters. SEATS ARE LIMITED TO THE FIRST 30 REGISTRATIONS
Day 1 – NERC CIP Complaince Overview Description | August 6, 2013
This full day interactive course, taught by former NERC CIP auditors and NERC Certified System Reliability Operators, will address cyber security solutions and methods to help secure the power grid and meet the NERC CIP standard requirements. Their hands-on utility experience, along with a keen understanding of what is needed to demonstrate compliance, has been distilled into a one day course.
Cyber security is constantly evolving. Consequently, the regulatory landscape needs to keep up with these changing tides in order to assure that there is a consistent and adequate measure of security discipline being applied to the power grid. Discovering ways to efficiently and effectively apply good security practice and meet regulatory obligations at the same time is not easy. This training program is designed to arm the attendees with the tools and knowledge necessary to build a security program that will help your organization achieve that goal.
The instructors will cover NERC CIP version 4 and 5 providing insight into how they are likely to impact your organization.
08:00am – 08:15am – Introduction
08:15am – 09:00am – Unit 1: Terminology 101
09:00am – 09:30am – Unit 2: CIP-002 – What are we trying to protect
09:30am – 10:00am – Unit 3: CIP-003 – Policy & Governance
10:00am – 10:15am BREAK
10:15am – 10:45am – Unit 4: CIP-004 – Personnel Security
10:45am – 12:00pm – Unit 5: CIP-005 – Electronic Perimeters
12:00pm – 12:30am LUNCH
12:30pm – 01:30pm – Unit 6: CIP-006 – Physical Perimeters
01:30pm – 02:30pm – Unit 7: CIP-007 – System Security
02:30pm – 02:45pm BREAK
02:45pm – 03:15pm – Unit 7: CIP-007 – System Security (continued)
03:15pm – 03:45pm – Unit 8: CIP-008 – Incident Response
03:45pm – 04:15pm – Unit 9: CIP-009 – Disaster Recovery
04:15pm – 04:45pm – Unit 10: Tips for Compliance Audit Success
04:45pm – 05:00pm – Parking Lot, Q&A
Day 2 – CIP-005/CIP-007 Course Description | August 7, 2013
This one day course focuses on CIP-005 and CIP-007, the two most technically oriented of the CIP standards. The requirements of these standards will be covered in depth with detailed technical discussions of tools, techniques, and approaches to both improve security and maintain compliance. The course instructor, Steve Parker, has extensive experience in cybersecurity and is a former NERC CIP auditor with significant practical experience in the field.
This course is designed for utility IT, security, compliance, and operations staff and other industry professionals seeking a detailed understanding of these two standards.
In addition to covering versions 3 and 4 of the CIP standards, this course will discuss changes in the proposed version 5 and offer approaches to future-proof compliance and security activities.
08:00 am – 08:15 am – Introduction
08:15 am – 09:00 am – Unit 1: The ESP – Design and Documentation
09:00 am – 09:30 am – Unit 2: Access Point Controls
09:30 am – 10:00 am – Unit 3: Access Control and Monitoring Devices
10:00 am – 10:15 am – BREAK
10:15 am – 10:45 am – Unit 4: Perimeter Monitoring
10:45 am – 11:15 pm – Unit 5: Cyber Vulnerability Assessments
11:15 pm – 12:00 pm – Unit 6: Remote Access
12:00 pm – 12:30 pm – LUNCH
12:30 pm – 01:30 pm – Unit 7: Security Testing
01:30 pm – 02:00 pm – Unit 8: Ports and Services
02:00 pm – 02:30 pm – Unit 9: Patch Management
02:30 pm – 02:45 pm – BREAK
02:45 pm – 03:15 pm – Unit 10: Malware Defenses
03:15 pm – 04:00 pm – Unit 11: Access Management
04:00 pm – 04:30 pm – Unit 12: Security Event Monitoring
04:30 pm – 05:00 pm – Q&A and Wrap-up
Steven Parker, CISA, CISSP, is the EnergySec Vice President of Technology Research and Projects.with the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.
Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.
Lisa has been working in the energy sector for over 10 years. Most recently she managed NERC reliability compliance, NERC CIP compliance and NERC certified system operator training for Chelan PUD, a public electric utility, in central Washington State.
She is a NERC certified system reliability operator and was integral in the formation and development of the Western Interconnection Compliance Forum (WICF), an all-volunteer information sharing organization focusing on NERC reliability compliance; which is now the largest forum of its kind in the country.
Any cancellations received more than one month before the start of the session will be refunded 50% of the tuition of the course registered. Any cancellations that are received less than one month before the start of the session, will not be eligible for a refund. The cancellation must be sent in writing to email@example.com or to EnergySec, 8440 SE Sunnybrook Blvd Suite 206, Clackamas OR 97015.
One postponement without a penalty fee is permitted. Any further request for postponement will receive a refund of 50% of the course tuition and new registration will be mandatory at a session date in the same calendar year.