Keys,Meeting,Cyber-Security,Re computer 7 Keys to Meeting Cyber-Security Reliability Standards and C
----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc
Bulk Electric System entities that establish accountability andconsistent data collection, retention, monitoring and reportingpractices, can successfully demonstrate that IT controls support asound internal control framework that meets the intent of theCyber-Security Reliability Standards and CIP reliability standards.1.) Clearly Define the Control EnvironmentIdentify the systems, services, devices, data, and personnel associatedwith the day-to-day use and protection of critical information andsystems. When selecting controls, it is important to ensure that theysupport the business processes of the organization and its affiliatedorganizations, such as contractors and industry partners.2.) Strictly Control AccessNot only protect the data, but the systems, services, and deviceswithin the organization. The entity must be able to demonstrate that itknows which employees, contractors, and partners have physical andlogical access to the network, devices, applications, and data forspecific and authorized business purposes, and that unauthorized accessattempts both physical and logical can be identified and addressed.3) Validate Security controlsRegularly monitor the environment for performance and effectiveness ofthe controls n place. Establish baseline activity, study trend lineanalysis, and ensure that unusual activity can be quickly identifiedand corrected, as necessary.4) Document All Corrective ActionsDemonstrate that the proper steps were taken to correct systems and adjust policy if a non-compliant situation is identified. 5) Study the Results of Testing and ReportingContinuously manage and oversee the environment through reporting andtesting, while providing documented evidence of due diligence toauditors.6) Collect and Retain DataEach organization should take reasonable steps to ensure thatsufficient data is collected to identify and respond to securityincidents and to monitor and enforce policies and service levelagreements. Automated data collection and retention allows manyindicators of security and performance across the network and criticalapplications to be tracked on a continuous basis as apposed to aperiodic review helping to create a proactive risk management process.7) Preserve Data in Its Purest FormPreserve near-term and long-term data in its purest form for audit, forensics, and evidentiary presentation.
Keys,Meeting,Cyber-Security,Re