NERC CIP Compliance Bootcamp – Seattle, WA – August 6-7, 2013

In partnership with IOActive:

ioactive

EnergySec is pleased to offer a two-day NERC CIP Compliance Bootcamp in Seattle, WA at the IOActive headquarters. SEATS ARE LIMITED TO THE FIRST 30 REGISTRATIONS

Logistics: IOACtive Headquarters. Located in the Columbia Tower, 701 5th, Suite 6850 Seattle, WA 98104

Day 1 – NERC CIP Complaince Overview Description | August 6, 2013

This full day interactive course, taught by former NERC CIP auditors and NERC Certified System Reliability Operators, will address cyber security solutions and methods to help secure the power grid and meet the NERC CIP standard requirements. Their hands-on utility experience, along with a keen understanding of what is needed to demonstrate compliance, has been distilled into a one day course.

Cyber security is constantly evolving. Consequently, the regulatory landscape needs to keep up with these changing tides in order to assure that there is a consistent and adequate measure of security discipline being applied to the power grid. Discovering ways to efficiently and effectively apply good security practice and meet regulatory obligations at the same time is not easy. This training program is designed to arm the attendees with the tools and knowledge necessary to build a security program that will help your organization achieve that goal.

The instructors will cover NERC CIP version 4 and 5 providing insight into how they are likely to impact your organization.

Agenda

08:00am – 08:15am – Introduction

08:15am – 09:00am – Unit 1: Terminology 101

09:00am – 09:30am – Unit 2: CIP-002 – What are we trying to protect

09:30am – 10:00am – Unit 3: CIP-003 – Policy & Governance

10:00am – 10:15am BREAK

10:15am – 10:45am – Unit 4: CIP-004 – Personnel Security

10:45am – 12:00pm – Unit 5: CIP-005 – Electronic Perimeters

12:00pm – 12:30am LUNCH

12:30pm – 01:30pm – Unit 6: CIP-006 – Physical Perimeters

01:30pm – 02:30pm – Unit 7: CIP-007 – System Security

02:30pm – 02:45pm BREAK

02:45pm – 03:15pm – Unit 7: CIP-007 – System Security (continued)

03:15pm – 03:45pm – Unit 8: CIP-008 – Incident Response

03:45pm – 04:15pm – Unit 9: CIP-009 – Disaster Recovery

04:15pm – 04:45pm – Unit 10: Tips for Compliance Audit Success

04:45pm – 05:00pm – Parking Lot, Q&A

Day 2 – CIP-005/CIP-007 Course Description | August 7, 2013

This one day course focuses on CIP-005 and CIP-007, the two most technically oriented of the CIP standards. The requirements of these standards will be covered in depth with detailed technical discussions of tools, techniques, and approaches to both improve security and maintain compliance. The course instructor, Steve Parker, has extensive experience in cybersecurity and is a former NERC CIP auditor with significant practical experience in the field.

This course is designed for utility IT, security, compliance, and operations staff and other industry professionals seeking a detailed understanding of these two standards.

In addition to covering versions 3 and 4 of the CIP standards, this course will discuss changes in the proposed version 5 and offer approaches to future-proof compliance and security activities.

 

Agenda

08:00 am – 08:15 am – Introduction

08:15 am – 09:00 am – Unit 1: The ESP – Design and Documentation

09:00 am – 09:30 am – Unit 2: Access Point Controls

09:30 am – 10:00 am – Unit 3: Access Control and Monitoring Devices

10:00 am – 10:15 am – BREAK

10:15 am – 10:45 am – Unit 4: Perimeter Monitoring

10:45 am – 11:15 pm – Unit 5: Cyber Vulnerability Assessments

11:15 pm – 12:00 pm – Unit 6: Remote Access

12:00 pm – 12:30 pm – LUNCH

12:30 pm – 01:30 pm – Unit 7: Security Testing

01:30 pm – 02:00 pm – Unit 8: Ports and Services

02:00 pm – 02:30 pm – Unit 9: Patch Management

02:30 pm – 02:45 pm – BREAK

02:45 pm – 03:15 pm – Unit 10: Malware Defenses

03:15 pm – 04:00 pm – Unit 11: Access Management

04:00 pm – 04:30 pm – Unit 12: Security Event Monitoring

04:30 pm – 05:00 pm – Q&A and Wrap-up

Instructor Biographies

Steve ParkerSteven  Parker – CISSP, CISA | EnergySec

Steven Parker, CISA, CISSP, is the EnergySec Vice President of Technology Research and Projects.with the Energy Sector Security Consortium (EnergySec).  He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.

Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank.  He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.

 

Lisa CarringtonLisa Carrington – NERC Certified System Reliability Operator | EnergySec

Lisa has been working in the energy sector for over 10 years. Most recently she managed NERC reliability compliance, NERC CIP compliance and NERC certified system operator training for Chelan PUD, a public electric utility, in central Washington State.

She is a NERC certified system reliability operator and was integral in the formation and development of the Western Interconnection Compliance Forum (WICF), an all-volunteer information sharing organization focusing on NERC reliability compliance; which is now the largest forum of its kind in the country.

 

 

CANCELLATION

Any cancellations received more than one month before the start of the session will be refunded 50% of the tuition of the course registered.  Any cancellations that are received less than one month before the start of the session, will not be eligible for a refund.   The cancellation must be sent in writing to info@energysec.org or to EnergySec, 8440 SE Sunnybrook Blvd Suite 206, Clackamas OR 97015.

POSTPONEMENT

One postponement without a penalty fee is permitted. Any further request for postponement will receive a refund of 50% of the course tuition and new registration will be mandatory at a session date in the same calendar year.

Tags: , , , , ,

Trackbacks/Pingbacks

  1. ICS-ISAC Week in Brief (21JUL13) | ICS ISACICS ISAC - July 27, 2013

    […] Designed for IT, security, compliance professionals and operations staff working at an electric utility seeking to find ways to meet their compliance obligations, reduce their regulatory documentation burden and improve their security posture and for those not in the industry who have an interest in learning more about electric sector cybersecurity solutions. Do more: […]

  2. ICS-ISAC Week in Brief (28JUL13) | ICS ISACICS ISAC - July 30, 2013

    […] August 6-7, 2013 – NERC CIP Compliance Bootcamp – Seattle, WA Designed for IT, security, compliance professionals and operations staff working at an electric utility seeking to find ways to meet their compliance obligations, reduce their regulatory documentation burden and improve their security posture and for those not in the industry who have an interest in learning more about electric sector cybersecurity solutions.  Do more […]

  3. ICS-ISAC Week in Brief (4AUG13) | ICS ISACICS ISAC - August 6, 2013

    […] Designed for IT, security, compliance professionals and operations staff working at an electric utility seeking to find ways to meet their compliance obligations, reduce their regulatory documentation burden and improve their security posture and for those not in the industry who have an interest in learning more about electric sector cybersecurity solutions.  Do more […]