How Much Effort to Maintain Cyber Security Compliance?
Back in 2005, I performed my first NERC CIP-002 thru CIP-009 gap assessment for a company expecting to comply with this upcoming cyber security standard for the power industry. This particular power...
View ArticleHow Can I Reduce Staffing for Compliance?
Hello Everyone! Welcome back (for those who took a break) and thanks for your patience (for those who did not!) We are into the new year and have a host of exciting and interesting topics, posts and...
View ArticleISA99 Patch Management Update
Industrial Automation & Control Systems (IACS) patch management continues to be a challenge for all organizations, and ISA99 is preparing guidance to address it. Sometime before 2007, the...
View ArticleRating Risk is Not the Same as Risk Management
Security professionals struggle to clearly communicate justification for cyber security spending, in the face of other organizational priorities. Think of the last time you identified, or were...
View ArticleImportance of People-Process-Technology to Cyber Security Effectiveness
Cyber security is not about firewalls and antivirus; it requires a lot more to be successful. A focus on only the technical security controls may leave you with a system that is not maintained that...
View ArticleThe Reviews are Coming In
A couple of weeks ago, Tom Alrich and I co-hosted a webinar with Steven Parker of the Energy Sector Security Consortium (EnergySec) about the transition from NERC CIP v3 to v4. The webinar generated...
View Article
