NERC Critical Infrastructure Protection Security Awareness Training

Brought to you by EUCI

 

EUCI understands the value of your personnel’s time and that NERC Critical Infrastructure Protection (CIP) Security Awareness training is not a “one size fits all” proposition. Your company probably has some personnel who do not understand CIP-related data and equipment but must enter Physical Security Perimeters (PSPs) as part of their job duties.

On the other hand, your company probably has some very cyber-savvy personnel who hold “the keys to the kingdom.” Those folks understand networks, firewalls, ports and services, etc. Some training will be too little for those employees.

EUCI’s NERC CIP Security Awareness Training addresses all your company’s needs by using modules applicable to different categories of employees. The EUCI NERC CIP training will help your company comply with the NERC CIP Reliability Standards while also assisting employees to understand how to best protect your company’s sensitive data and equipment. It will do so with the least burden to employees and their valuable time.

EUCI also offers additional services to make complying with the NERC CIP standards easier. We will track your employees training and issue reports as evidence for compliance audits. At any time, you will be able to see who needs training, who has taken training and the overall status of your training program.

Request a Demo

Training Agenda

Plan Your NERC CIP Complaince

 

 

MODULE 1

NERC CIP Awareness

NERC CIP 004 Awareness training applies to employees with only the most basic need for NERC CIP awareness training – people with little or no “cyber knowledge” and no need to login to in-scope systems. After taking EUCI’s training, those people will understand the importance of protecting NERC in-scope data and facilities while avoiding the in-depth training needed by more sophisticated personnel. Level 1 training is easy to complete with little time away from day-to-day tasks.

 

MODULE 2

NERC CIP Physical Access

NERC CIP 004 Physical Access training applies to personnel with only physical access to NERC CIP-protected assets and data. While touching on the topic of electronic access, this training focuses primarily on personnel with physical access. Those people must understand the requirements of things like access control requirements (e.g. card key readers, bio-metric readers), handing sensitive in-scope information (e.g. network diagrams) and how to protect information in transit and at rest.

  

MODULE 3

NERC CIP Electronic Access

NERC CIP 004 Electronic Access Training applies to personnel with only electronic access to NERC CIP-protected assets and data. While touching on the topic of physical access, this training focuses primarily on personnel with cyber access. Those people must understand the requirements of things like two-factor authentication, using jump hosts to access in-scope systems, password protection, etc.

  

MODULE 4

NERC CIP System and Network Access

NERC System and Network Access training applies to “power users” – system administrators, network operations personnel and the like. Those people must understand the NERC CIP implications of firewall rules, change control, baselining devices, etc.

 

 

Your Learning Outcomes

Working Together to Build a Universal Culture of Compliance

Awareness

  • The reasons for the NERC CIP Standards
  • The importance of following policies and procedures
  • The requirements of the NERC standards regarding physical access to areas containing in-scope devices
  • How to handle BCSI they encounter

Physical Access

  • The reasons for the NERC CIP Standards
  • The importance of following policies and procedures
  • The requirements of the NERC standards regarding physical access to areas containing in-scope devices
  • How to handle BCSI they encounter

Electronic Access

  • The reasons for the NERC CIP Standards
  • The importance of following policies and procedures
  • The requirements of the NERC standards regarding electronic access to in-scope devices
  • How to handle BCSI
  • How to respond to Cyber Security Incidents
  • Cyber security risks associated with a BES Cyber System’s electronic interconnectivity and interoperability with other Cyber Assets, including Transient Cyber Assets and Removable Media

Network and System Access

  • The reasons for the NERC CIP Standards
  • The importance of following policies and procedures
  • The requirements of the NERC standards regarding electronic access to in-scope devices
  • How to handle BCSI
  • How to respond to Cyber Security Incidents
  • Cyber security risks associated with a BES Cyber System’s electronic interconnectivity and interoperability with other Cyber Assets, including Transient Cyber Assets and Removable Media
  • How to identify a Cyber Security Incident
  • Initial notifications in accordance with incident response
  • Recovery plans for BES Cyber Systems

Training Instructor

NERC Critical Infrastructure Protection Expert

Andrew Gallo

Compliance and Ethics Professional

Andrew Gallo is the Director of Corporate Compliance Programs for Austin Energy in Austin, Texas. He is also the current Chairman of the NERC Standards Committee and has served on the Standards Committee for many years. He previously served as Chair of the Texas Reliability Entity’s Regional Standards Committee. He served as the Chief Compliance Officer for Seattle City Light (SCL) from 2008 to 2010 and led SCL through its first on-site NERC Reliability Standards audit and Austin Energy through six Regional Entity (Texas RE) audits covering all of its registered functions (including CIP). Before Seattle, he was Assistant General Counsel for Electric Reliability Council of Texas, Inc. (ERCOT), where he worked on protocols compliance and other matters. Before becoming part of the electric industry, he worked in the oil and gas industry for approximately 17 years. He received a Juris Doctor degree from the College of William and Mary in Virginia in 1985 and a Bachelor of Arts degree from Hofstra University in New York in 1982.

Request a Demo

Compliance Starts Here

EUCI also offers additional services to make complying with the NERC CIP standards easier. We will track your employees training and issue reports as evidence for compliance audits. At any time, you will be able to see who needs training, who has taken training and the overall status of your training program.

Contact EUCI today at 303-770-8800 for more information, to schedule a demo and to obtain pricing. We can also tailor training to fit your company’s specific needs.