join us on facebook
The Saturn Partners, Inc. | We at The Saturn Partners have highly skilled training resources.
4622
single,single-post,postid-4622,single-format-standard,ajax_fade,page_not_loaded,smooth_scroll,,wpb-js-composer js-comp-ver-3.6.12,vc_responsive

Are You Training Your Staff in Security Awareness of Cyber Security Measures for the Network Environment?

We all know that NERC CIP standards are detailed and in some instances quite specific when it comes to outlining management of critical cyber and infrastructure security within your utility.
 
We at The Saturn Partners have highly skilled training resources to offer utilities to assist with compliance of NERC CIP standards covering training of staff on General Security Awareness, CIP-004.  Under current guidelines, the utility chooses the content, NOT NERC.
 
Some of the areas we examine include:
 

  • Password usage, management, shoulder surfing, tailgating, etc.
  • Unknown emails, attachments, spam and phishing
  • Social engineering techniques
  • Incident Response
  • Access Controls

 
Training can be customized to fit several different delivery methods including emails, memos, computer based training; also through posters, intranet, classroom and brochures.
 
Utilities need to reinforce awareness training on QUARTERLY basis.
 
Of course, all of this requires MANAGEMENT SUPPORT AND REINFORCEMENT- training solutions can then be presented at staff meetings.
 
Unlike general security awareness training, we recommend these more specific guidelines for security awareness training under NERC CIP-004:
 
Content should include:
 

  1. Proper use of critical cyber assets
  2. Proper handling of cyber critical asset information
  3. Action plans/procedures for recovery of these assets following a security incident
  4. Clear concept of the physical and security perimeters

 
NOTE:  UTILITIES MUST HAVE TRAINING MATERIALS ON HAND AT THEIR LOCATION FOR PROPER COMPLIANCE!
 
Job specific training courses have greater requirements to show proof such as attendance records, dates when training was provided, proof training was conducted at least annually and documented training materials.
 
Visit us for more information on our certification training as well as a wide variety of training options at www.saturnpartners.com, click on the “training” tab.  You may also email us at cacrawf@saturnpartners.com. 
 

Liked What You Just Read? Join the Highest Level Newsletter in the InfoSec Industry.

Carole Crawford

AUTHOR - Carole Crawford

I have been in the IT Security industry for over 10 years and have extensive experiences working with a wide variety of companies like banks, hospitals, utilities, and more. When it comes to IT Security, Auditing, penetration testing, vulnerability assessments, and HIPAA compliance, you'd be hard-pressed to find more value in any other company.

No Comment

0

Post A Comment

Google