Are You Training Your Staff in Security Awareness of Cyber Security Measures for the Network Environment?
We all know that NERC CIP standards are detailed and in some instances quite specific when it comes to outlining management of critical cyber and infrastructure security within your utility.
We at The Saturn Partners have highly skilled training resources to offer utilities to assist with compliance of NERC CIP standards covering training of staff on General Security Awareness, CIP-004. Under current guidelines, the utility chooses the content, NOT NERC.
Some of the areas we examine include:
- Password usage, management, shoulder surfing, tailgating, etc.
- Unknown emails, attachments, spam and phishing
- Social engineering techniques
- Incident Response
- Access Controls
Training can be customized to fit several different delivery methods including emails, memos, computer based training; also through posters, intranet, classroom and brochures.
Utilities need to reinforce awareness training on QUARTERLY basis.
Of course, all of this requires MANAGEMENT SUPPORT AND REINFORCEMENT- training solutions can then be presented at staff meetings.
Unlike general security awareness training, we recommend these more specific guidelines for security awareness training under NERC CIP-004:
Content should include:
- Proper use of critical cyber assets
- Proper handling of cyber critical asset information
- Action plans/procedures for recovery of these assets following a security incident
- Clear concept of the physical and security perimeters
NOTE: UTILITIES MUST HAVE TRAINING MATERIALS ON HAND AT THEIR LOCATION FOR PROPER COMPLIANCE!
Job specific training courses have greater requirements to show proof such as attendance records, dates when training was provided, proof training was conducted at least annually and documented training materials.
Visit us for more information on our certification training as well as a wide variety of training options at www.saturnpartners.com, click on the “training” tab. You may also email us at firstname.lastname@example.org.