Security Guidelines Working Group Update - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Security Guidelines Working Group Update

Description:

Foil 5. SGWG. Changes to the Preamble ... Foil 6. SGWG. Prioritization of Guideline Updates: ... Foil 7. SGWG. Criteria for Prioritization: ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 17
Provided by: martine60
Category:

less

Transcript and Presenter's Notes

Title: Security Guidelines Working Group Update


1
Security Guidelines Working Group Update
CIPC Confidentiality Public Release
  • CIPC Meeting
  • Phoenix, AZ
  • Mar 16, 2006
  • Seiki Harada
  • SGWG Chair

2
Discussion Items
  • SGWG Roster
  • Change to the Guideline Preamble
  • 2006 Prioritization of the Guideline Updates
  • Regular Review Cycle for All Security Guidelines
  • Content Review of Guidelines by SGWG
  • Guideline Directions

3
(No Transcript)
4
SGWG Roster
  • As of March 10, 2006, the SGWG comprises
  • Scott McCoy (Physical)
  • Scott Webber (Physical)
  • Bruce Metruck (Physical)
  • Mike Paszynsky (Physical)
  • Larry Bugh (Cyber)
  • Joe Doetzl (Cyber)
  • David Baumken (Cyber)
  • Roger Lampila (Operations)
  • Tom Kropp (Research Institutions)
  • Ken Hall (Research Institutions)

5
Changes to the Preamble
A suggestion was made by a NERC legal staff to
adopt the following This
document addresses potential risks that can apply
to some electricity sector organizations and
provides practices that can help mitigate the
risks.  Each organization decides for itself the
risks it can accept and the practices it deems
appropriate to manage its risks.
6
Prioritization of Guideline Updates
  • Of the 18 Security Guidelines, 14 were assessed
    as needing updates.
  • The remainder, 4, are recent ones and deemed
    acceptable.
  • It is not reasonable to expect various working
    groups to re-draft all 14 of them and put through
    CIPC approvals in one year (9 months now!).
  • SGWG recommends 7 updates this year and 7 next
    year
  • (refer to the SGWG Reference Document No.1)

7
Criteria for Prioritization
  • Synchronization with, or in support of, the
    permanent cyber security guidelines
  • Importance/relevance of the subject matter today
  • How 'off' or 'dated' the content is
  • Subsumed by any new guidelines ( e.g.,
    elimination candidates)?

8
Prioritization of Guideline Updates
Recommended Updates for 2006
9
Prioritization of Guideline Updates
Recommended Updates for 2007
10
Guideline Updates Further Recommendations
  • The CIPC Executive Committee assign an owning
    working group for each security guideline.
  • The owning working group will accommodate
    identified updates in their 2006/2007 work
    schedule.
  • NERC CIPC support staff will follow up with
    respective working group re the timing of
    completion and CIPC reviews

11
Regular Guideline Reviews
  • Today, there is no fixed schedule for reviewing
    existing guidelines.
  • The Cyber Security Standard (CIP 003) asks for an
    annual review of policies.
  • SGWG Recommendation
  • Complete the identified updates for 2006 and 2007
  • After that, schedule reviews of the guidelines
    every two years or when there is a watershed
    event in the subject area. These bi-annual
    reviews may not necessarily result in updates.

12
Content Review of Security Guidelines
  • Background
  • Comments were made that SGWG should stay away
    from reviewing guideline contents.
  • The SGWG Terms of Reference states, in part
  • review existing CIPC guidelines, and other
    electric and non-electric industry reference
    material, for currency and relevance.

13
Content Review of Security Guidelines
  • What the SGWG guideline reviews entail today
  • Consistency and compatibility with security
    standards and other security guidelines
  • Consistency of parts within a specific guideline
  • Currency and relevance to the current
    threats/industry practices (e.g., against IEEE,
    ISO, NIST, ANSI, CSA, etc)

14
Content Review of Security Guidelines
  • Recommendation
  • SGWG will review content only in the sense of
    the above consistency checks not in value
    judgement.
  • SGWG will provide timely comments to the Owning
    working group.
  • The owning working group will consider the
    comments provided. They are not obliged to
    accommodate all comments.

15
Guideline Directions
  • Most new guidelines come from Working Groups or
    Task forces/Teams.
  • SGWG may from time identify the area where a new
    security guideline is appropriate.
  • The CIPC will have the final say in the
    generation of a new (or the elimination of an
    existing) security guidelines.

16
Thank you!
  • Thank you for working with me for the past two
    years. It has been a challenge and pleasure at
    the same time.
  • Please support Scott McCoy in the coming years!
Write a Comment
User Comments (0)
About PowerShow.com