SlideShare ist ein Scribd-Unternehmen logo

Technologies for Security and Compliance by Ken McIntyre, Ercot

Als PPTX, PDF herunterladen
T
TheAnfieldGroup
TechnologieBusiness
1 von 19
Page 1 Company Logo 2012 Technologies for Security and Compliance Summit August 2012 Austin, Texas Ken McIntyre Director Standards and Protocol Compliance Electric Reliability Council Of Texas
Page 2 Company Logo 2012 Technologies for Security and Compliance Summit Presentation: • Electric Reliability Council of Texas • The Regulatory Challenge • ERCOT Compliance Initiatives
Page 3 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Responsibilities • System Reliability • Open and Competitive Markets • Congestion Management • Network Modeling
Page 4 Company Logo Electric Reliability Council Of Texas (ERCOT) Key Features of the ERCOT Grid • Represents 85% of Texas Load • 74,000 MW of generation capacity • 40,530 miles of transmission lines • Electrical island with several DC Ties • RC, BA, TOP (CFR), PC, IC, RP, TSP ERCOT facilitates competitive markets to help achieve reliability.
Page 5 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Compliance Department • Centralized Compliance Program • Increased from two to thirteen employees • 693, CIP and all ERCOT Protocols • Standards Development (ballots etc.) • All things NERC e.g. CANs, TFEs, EA ERCOT Compliance Mission Statement: Promote ERCOT Reliability, Security and Compliance, through Collaboration, Leadership and Expertise.
Page 6 Company Logo The Regulatory Challenge ERCOT Public Utility Commission of Texas PUCT FERC / NERC SSAE16 / SOX ERCOT Board F&A (Internal Audits) Texas Reliability Entity (Regional Entity) DOE, DHS, EPA, NAESB
Page 7 Company Logo
Page 8 Company Logo
Page 9 Company Logo
Page 10 Company Logo The Regulatory Challenge cont. • Audits and Investigation Preparation • Compliance burden on organization • Standards Development • Compliance with new standards and versions • Internal Compliance and Monitoring Program • Event Analysis Reporting and Lessons Learned • Institutionalize recommendations • Critical Infrastructure Protection • Maintaining best practice / Defense in Depth • SCADA System integrity / Smart Grid information / Mobile Devices • CIP Standards and new versions
Page 11 Company Logo ERCOT Compliance Initiatives What should the Compliance Department do? • Compliance ‘promotes’ Reliability and Security • Allow Subject Matter Experts to focus on improving industry, while still meeting compliance obligations (daily activities) • Reduce duplication of regulatory efforts across the organization (one activity meets multiple regulatory requirements) • Active Policy Monitoring and Enforcement to allow early detection and mitigation of issues, and avoid unnecessary compliance burden • Minimize ‘Drift’ from stated expectations • Institutionalize Recommendations, ‘Normal Practice’
Page 12 Company Logo ERCOT Compliance Initiatives cont. What is the Compliance Department going to do? • Consolidate PUCT/FERC/NERC Compliance Data Repositories • Common regulatory evidence, sampling, reporting, event analysis, mitigation • Implement AlertEnterprise ‘GRC’ Solution for Compliance • NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16 • Automate RSAW development, and other compliance activities • Active Policy Monitoring and Enforcement (2013) • Map requirements between multiple regulatory environments • Provide Compliance Transparency • AlertEnterprise Dashboards for Executives and Managers • Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
Page 13 Company Logo ERCOT Compliance Initiatives cont. Additional detail on some initiatives....
Page 14 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT mapping requirements between multiple regulatory environments: - Map requirements between NERC – Protocols – Guides – Policy - Interactive display of Requirement and document associations with master & transaction data, - Displays Requirement association with transaction data (Assessments, Investigation, Mitigation, Self Report, Action Items, RSAW, Event Tracker) within a date range
Page 15 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT NERC RSAW functionality: - Developed for NERC RSAW creation, - Can be applied/formatted for other regulatory requirements - Templates with requirements and placeholders for compliance actions, SME and evidence tables NERC
Page 16 Company Logo ERCOT Compliance Initiatives cont.
Page 17 Company Logo ERCOT Compliance Initiatives cont.
Page 18 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT ‘Risk Engine’ concept : - Essentially a means to provide the association of a NERC ‘risk score’ or ‘risk categorization’ to framework items and controls - Based on VRF, compliance history, enforcement history, NERC ranking (Top 20), self reports, mitigation plans etc. - Benefits of assigning a ‘risk score’ to a standard and requirement will be the development of appropriate monitoring, reporting, dash-boarding, frequency of assessments, focused training, resource allocation etc. - ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are we compliant today and what is the confidence that our controls in place are adequate, how well are we prepared to demonstrate compliance?
Page 19 Company Logo Thank you - Questions?

Empfohlen

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 

Empfohlen

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Corporacion Colombia Digital
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIvanti
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppteyasinalimohammed
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...BAINIDA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIvanti
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 

Was ist angesagt? (20)

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better Together
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challenges
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, Secure
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 

Ähnlich wie Technologies for Security and Compliance by Ken McIntyre, Ercot

Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...BAINIDA
 
Simplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachSimplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachp6academy
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Artificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasArtificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasSparkCognition
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Canada
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0najuor
 
Carbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaCarbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaOcean Software
 
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)Eric Stephens
 
How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...Subex
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Oracle
 
ClearCost Introduction 2015
ClearCost Introduction 2015ClearCost Introduction 2015
ClearCost Introduction 2015Mark S. Mahre
 
Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Gautam Ahuja
 
Taming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicTaming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicAnn Kelly
 
Unified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationUnified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationEnnov
 

Ähnlich wie Technologies for Security and Compliance by Ken McIntyre, Ercot (20)

Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
Simplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachSimplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approach
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Artificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasArtificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and Gas
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with Virtualization
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0
 
Carbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaCarbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - Australia
 
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
 
How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
ClearCost Introduction 2015
ClearCost Introduction 2015ClearCost Introduction 2015
ClearCost Introduction 2015
 
Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0
 
Taming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicTaming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogic
 
Unified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationUnified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov Presentation
 

Mehr von TheAnfieldGroup

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixTheAnfieldGroup
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing SecurityTheAnfieldGroup
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 

Mehr von TheAnfieldGroup (6)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 

Kürzlich hochgeladen

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Kürzlich hochgeladen (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Technologies for Security and Compliance by Ken McIntyre, Ercot

  • 1. Page 1 Company Logo 2012 Technologies for Security and Compliance Summit August 2012 Austin, Texas Ken McIntyre Director Standards and Protocol Compliance Electric Reliability Council Of Texas
  • 2. Page 2 Company Logo 2012 Technologies for Security and Compliance Summit Presentation: • Electric Reliability Council of Texas • The Regulatory Challenge • ERCOT Compliance Initiatives
  • 3. Page 3 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Responsibilities • System Reliability • Open and Competitive Markets • Congestion Management • Network Modeling
  • 4. Page 4 Company Logo Electric Reliability Council Of Texas (ERCOT) Key Features of the ERCOT Grid • Represents 85% of Texas Load • 74,000 MW of generation capacity • 40,530 miles of transmission lines • Electrical island with several DC Ties • RC, BA, TOP (CFR), PC, IC, RP, TSP ERCOT facilitates competitive markets to help achieve reliability.
  • 5. Page 5 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Compliance Department • Centralized Compliance Program • Increased from two to thirteen employees • 693, CIP and all ERCOT Protocols • Standards Development (ballots etc.) • All things NERC e.g. CANs, TFEs, EA ERCOT Compliance Mission Statement: Promote ERCOT Reliability, Security and Compliance, through Collaboration, Leadership and Expertise.
  • 6. Page 6 Company Logo The Regulatory Challenge ERCOT Public Utility Commission of Texas PUCT FERC / NERC SSAE16 / SOX ERCOT Board F&A (Internal Audits) Texas Reliability Entity (Regional Entity) DOE, DHS, EPA, NAESB
  • 10. Page 10 Company Logo The Regulatory Challenge cont. • Audits and Investigation Preparation • Compliance burden on organization • Standards Development • Compliance with new standards and versions • Internal Compliance and Monitoring Program • Event Analysis Reporting and Lessons Learned • Institutionalize recommendations • Critical Infrastructure Protection • Maintaining best practice / Defense in Depth • SCADA System integrity / Smart Grid information / Mobile Devices • CIP Standards and new versions
  • 11. Page 11 Company Logo ERCOT Compliance Initiatives What should the Compliance Department do? • Compliance ‘promotes’ Reliability and Security • Allow Subject Matter Experts to focus on improving industry, while still meeting compliance obligations (daily activities) • Reduce duplication of regulatory efforts across the organization (one activity meets multiple regulatory requirements) • Active Policy Monitoring and Enforcement to allow early detection and mitigation of issues, and avoid unnecessary compliance burden • Minimize ‘Drift’ from stated expectations • Institutionalize Recommendations, ‘Normal Practice’
  • 12. Page 12 Company Logo ERCOT Compliance Initiatives cont. What is the Compliance Department going to do? • Consolidate PUCT/FERC/NERC Compliance Data Repositories • Common regulatory evidence, sampling, reporting, event analysis, mitigation • Implement AlertEnterprise ‘GRC’ Solution for Compliance • NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16 • Automate RSAW development, and other compliance activities • Active Policy Monitoring and Enforcement (2013) • Map requirements between multiple regulatory environments • Provide Compliance Transparency • AlertEnterprise Dashboards for Executives and Managers • Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
  • 13. Page 13 Company Logo ERCOT Compliance Initiatives cont. Additional detail on some initiatives....
  • 14. Page 14 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT mapping requirements between multiple regulatory environments: - Map requirements between NERC – Protocols – Guides – Policy - Interactive display of Requirement and document associations with master & transaction data, - Displays Requirement association with transaction data (Assessments, Investigation, Mitigation, Self Report, Action Items, RSAW, Event Tracker) within a date range
  • 15. Page 15 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT NERC RSAW functionality: - Developed for NERC RSAW creation, - Can be applied/formatted for other regulatory requirements - Templates with requirements and placeholders for compliance actions, SME and evidence tables NERC
  • 16. Page 16 Company Logo ERCOT Compliance Initiatives cont.
  • 17. Page 17 Company Logo ERCOT Compliance Initiatives cont.
  • 18. Page 18 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT ‘Risk Engine’ concept : - Essentially a means to provide the association of a NERC ‘risk score’ or ‘risk categorization’ to framework items and controls - Based on VRF, compliance history, enforcement history, NERC ranking (Top 20), self reports, mitigation plans etc. - Benefits of assigning a ‘risk score’ to a standard and requirement will be the development of appropriate monitoring, reporting, dash-boarding, frequency of assessments, focused training, resource allocation etc. - ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are we compliant today and what is the confidence that our controls in place are adequate, how well are we prepared to demonstrate compliance?
  • 19. Page 19 Company Logo Thank you - Questions?