NERC CIP

  • NERC CIP 2019 – Condensed Responsive Training Course 

     

    NERC CIP Micro Learning Titles:

    Access Management and Mismanagement
    Access States and Management
    Acronyms and Standards
    Asset Deep Dive
    Compliance Monitoring and Audits
    Control Center Communication
    Electronic Access Controls
    Exceptional Circumstances
    Incident Response
    Physical Access Controls
    Physical and Conceptual Assets
    Protecting and Classifying
    Rating Assets
    Recovery Plans
    Requirements and Coverage
    Risky Business
    Supply Chain Management
    Terms and Relationships
    Transient and Removable

    Cyber Security Micro Learning Titles:

    Tailgating
    Phishing
    HTTPS
    Spear Phishing
    Email
    Clean Desk
    Handling Passwords
    Pop Ups
    Removable Media
    Password Handling
    Open WiFi
    Printouts
    Malicious Attachments
    Spyware
    Handling Confidential Material
    Shoulder Surfing
    USB Key Drop
    Home WiFi
    Computer Installs
    Social Engineering
    Chain Mail
    Dumpster Diving
    CEO Scam
    Keylogger
    Lock Your Phone
    Privacy
    Ransomware
    Telephone Scams

    CIP V5 Titles:

    CIP V5 Base Training – Cyber Security
    CIP V5 Information Handling
    CIP V5 Electronic Access Controls
    CIP V5 Physical Access Controls Including Visitor Management
    CIP V5 Cyber Security Incidents, Response and Recovery
    CIP V5 Condensed Responsive Course

    Quarterly Security Safety Awareness Posters
    Quarterly Security Awareness Newsletters

     

NERC CIP SECURITY E-LEARNING AND AWARENESS SOLUTIONS

The primary objective of the NERC CIP training courses is to present contemporary and up-to-date security content in a new and exciting way which is critical to the success of any CIP security program. The courses provide an engaging learning experience that incorporates text, voice, video, animation, simulation, interactive sessions, testing and time-stamped reporting.

The NERC CIP Security E-Learning Series is a complete awareness and training program that promotes, maintains and reinforces critical security principles. The programs incorporate not only training, but also a variety of other security awareness aides such as company branded posters and newsletters.

All courses can be easily customized to include your organization’s unique policies, processes and procedures. Easily include graphics, links to your PDF’s, or intranet documents to present your procedures for compliance. Use as many slides as required. Courses can also be hosted on our LMS or your corporate LMS.

All courses can dynamically deliver training content based on an individual’s role, group or location. Courses can be delivered to address multiple processes for each CIP requirements at multiple sites. In addition, all courses will allow clients to tag their content pages based on whether the student needs to review the content according to their specific role requirements.

NERC CIP 2019 – CONDENSED RESPONSIVE TRAINING COURSE

This newly updated 50 minute CIP 2019 training course covers all requirements including Controlling Communications and Supply Chain Management. The module also incorporates text, voice, video, animation, simulation, interactive sessions, testing and reporting features. The course can be hosted on your organization’s LMS or our robust LiMS.

 
Topics:
  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery
  • Controlling Communications
  • Supply Chain Management
Features:
  • Runs on desktops, smart phones and tablets
  • Fully customizable to include your logo, policies, processes, procedures and links to internal and external documents
  • AICC and SCORM Compliant
  • Maintenance, Update and Support Program
  • Courses are hosted on our LiMS or self-hosted on your internal LMS
  • Customization support available
  • Time-stamped reporting
  • Bookmarking
  • Printable pages for future reference
  • Duration: approximately 50 minutes
  • Consists of interactive pop-ups throughout course
  • Interactive knowledge checks to reinforce presented content
  • Customizable test questions
  • Printable Certificate of Course Completion

NERC CIP MICRO LEARNING TRAINING SERIES

Educate by role using 19 micro learning courses, 2 minutes each. Now you can completely customize your training by determining which topics you wish to include and determine the duration of the course for your organization. Any or all of the courses can be added to a playlist which can be assigned to any individuals, creating a curriculum of courses that must be completed by the employee. Each course in the playlist is played in sequence until all mini courses have been completed. This simplifies training.

Our unique model allows organizations to create ONE course of all of the topics an individual needs to complete about CIPs or CIP policies. Certificates can be printed by the student and or by the Manager.

Features:
  • Purchase Total Seats Required
  • Activate any or all Courses
  • Create a Course Play List
  • Shuffle Sequence as needed
  • Assign Training per Role
  • Assign Training using Emails
  • Track Training Progress
  • Send Reminders
  • Print Certificates
  • Export Time Stamped Records
Titles:
  • Access Management and Mismanagement
  • Access States and Management
  • Acronyms and Standards
  • Asset Deep Dive
  • Compliance Monitoring and Audits
  • Control Center Communication
  • Electronic Access Controls
  • Exceptional Circumstances
  • Incident Response
  • Physical Access Controls
  • Physical and Conceptual Assets
  • Protecting and Classifying
  • Rating Assets
  • Recovery Plans
  • Requirements and Coverage
  • Risky Business
  • Supply Chain Management
  • Terms and Relationships
  • Transient and Removable
ACCESS MANAGEMENT AND MISMANAGEMENT

Managing access is part science and part psychology.
Management variables are considered and access types
are reviewed.

ACCESS STATES AND MANAGEMENT

Review the 9 states of access which Entities must
consider as well as the 2 steps in enabling access.

ACRONYMS AND STANDARDS

Review the Acronyms associated with the CIP
(Critical Infrastructure Protection) Standards and
consider why standards themselves are useful.

ASSET DEEP DIVE

Review the types of assets, asset groups and protection
systems. Consider BCA, BCS, EACMS, PACS and PCAS.
How are they rated?

COMPLIANCE MONITORING AND AUDITS

The issues of Compliance Monitoring and Enforcement
are reviewed as well as Violation Risk Factors, Violation
Severity Levels and Audit types.

CONTROL CENTER COMMUNICATIONS

CIP-012 addresses the protection of the confidentiality
and integrity of data transmitted between an Entity’s
own control centers or with another Entity’s control center.

ELECTRONIC ACCESS CONTROLS

CIP-005 requires companies to restrict and manage
electronic access to BES Cyber Systems by specifying
a controlled Electronic Security Perimeter (ESP).

EXCEPTIONAL CIRCUMSTANCES

The concept of the Exceptional Circumstance is discussed,
as to its’ definition, declaring, responding to and recovering
from one.

PHYSICAL ACCESS CONTROLS

Physical Security Perimeters are considered as well as
Controlled Access Points, Physical Access Control Systems,
escorted / unescorted access and access errors.

PHYSICAL AND CONCEPTUAL ASSETS

Perform a review of asset types and see how they impact
the BES. Knowledge, Documents, People and Equipment
are considered.

POLICY REQUIREMENTS AND COVERAGE

Specifically addressed in CIP-003, Responsible Entities
have the flexibility to develop cyber security policy or
policies to address security issues based on impact ratings.

PROTECTING AND CLASSIFYING INFORMATION

Self-identify BES Cyber System Information. Develop
& maintain information protection policies and procedures.

RATING ASSETS

Assets are rated based on their potential to impact the
BES. Entities assume the highest impact rating of their
known assets.

RECOVERY PLANS

CIP-009 requires companies to have a recovery plan
which supports the continued stability, operability, and
reliability of the BES.

RESPONDING TO INCIDENTS

Incident Response Plans are designed to mitigate any
risks to the BES. Three types – operational, physical
and cyber are considered.

RISKY BUSINESS

Risk is considered when referencing infrastructure
reliability, functions, noncompliance, supply chain and
personal risk assessment.

SUPPLY CHAIN MANAGEMENT

CIP-013 addresses cyber security risk management
Applies to your supply chain – your vendors and partners.
The four security objectives of Supply Chain Management
Controls are discussed.

TERMS AND RELATIONSHIPS

Review the types of Entities, U.S. and Canadian, the
concept of bright-line criteria, and the relationship of
assets, entities and the BES.

TRANSIENTS AND REMOVABLES

Transient Assets and Removable Media are different
based on their designation as Cyber Assets. What are
examples of each? What about cloud storage?

CYBER SECURITY MICRO LEARNING TRAINING SERIES

The Cyber Security Micro Learning Series reinforces safe business practices. Each video-based course targets a unique cyber security topic and delivers important awareness concepts in just 60 seconds. Well-designed scenarios highlight the do’s and don’ts of security behaviors, leaving informative impressions that support safety in both physical and cyber security practices. Two questions are included with each course; scores and completion status recorded; and saved for Managers to access at any time.

The site’s functionality allows easy access to quality training. Anyone can purchase, assign and manage courses directly from a secure website. Companies do not need their own infrastructure or tech support.

Features:
  • Each title is approximately 60 seconds
  • Operates on all devices including smart phones, desktops, ipads
  • 2 question test
  • Certificate of Completion
  • Managers will be able to purchase, assign, monitor, track and report on all users
  • User completions captured (printable report 24/7)
  • If student does not pass course, the course can be reassigned by manager until the student receives passing score
  • Courses delivered on a secure, modern delivery system
Tailgating

Sometimes it’s respectful of others to not hold the door open for someone. Don’t circumvent security protocols – even for people you know.

Phishing

Every day 8 million people open a fraudulent phishing email, don‘t add to that number.

HTTPS

A website starting with HTTPS is encrypted and much safer than HTTP. Be sure to “look for the lock”.

Spear Phishing

Knowing about people’s interests and hobbies, knowing about these interests is valuable and that’s how cybercriminals get you.

Email

Some email can be more than inappropriate, they could help spread viruses to friends & family.

Clean Desk

Sometimes the person leaking confidential information often doesn‘t realise he‘s the source of the leak. Don’t leave confidential documents on your desk – store them appropriately.

Handling Passwords

Writing down your passwords and hiding them by your desk, maybe under the keyboard, ISN’T a secure process.

Pop Ups

The unwanted popup. You didn’t close it correctly…and now there’s more of them to deal with….oh boy…

Removable Media

USB drives are convenient…and small…and easy to lose…and hold more information than ever before.

Password Handling

To create a strong password it‘s best to use a combination of lowercase, uppercase letters, symbols and numbers.

Open WiFi

Sometime free doesn’t mean secure. Consider the potential problems when using open public wifi.

Printouts

Dispose your documents properly. That doesn’t mean simply tossing them into the recycle bin.

Malicious Attachments

All mail is not necessarily good mail. When you’re not expecting a package, double check with the sender.

Spyware

Today it’s relatively simple for the cybercriminal to see everything you do on your computer, work related and personal.

Handling Confidential Material

Using your personal email to transmit confidential work materials can unique create opportunities for cyber criminals.

Shoulder Surfing

That person standing over your shoulder seems a little too interested. Check your surroundings while typing in your password.

USB Key Drop

Finding a USB drive on the ground might not be an accident. Plugging it into your computer might give a hacker complete control.

Home WiFi

Make sure your home WiFi is at least as secure as the rest of your house. You don’t leave your doors and windows unlocked, do you?

Computer Installs

Work computers are loaned to us, and “personalizing them” by installing your own software may expose you to hacking.

Social Engineering

Sharing confidential information, even with people you know, is never a good idea.

Chain Mail

You not only waste people’s time when you forward chain mail, you could be spreading viruses as well.

Dumpster Diving

Some people make money rummaging through your trash. Don’t discard sensitive materials without considering potential problems.

CEO Scam

Always double check unusual requests from your boss, especially regarding financial transfers.

Keylogger

Check your computer ports for unknown devices. Keyloggers capture your keystrokes for cybercriminals to decipher later.

Lock Your Phone

Your smartphone is now an extension of you, your life, and possibly your business. Photos, email addresses, phone numbers, contacts, documents and physical addresses.

Privacy

When personal or business information is leaked, even if by accident, the repercussions may be severe. It is best to tell someone in authority as soon as possible.

Ransomware

Crypto ransomware is a malicious software that infects a computer and restricts your access to it until a ransom is paid to unlock it. Consider not becoming a victim.

Telephone Scams

If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money.

CIP V5 TRAINING COURSES:
  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery
Features include:
  • Fully customizable to include your logo, policies, processes, procedures and links to internal and external documents
  • AICC and SCORM Compliant
  • Maintenance, Update and Support Program
  • Courses are hosted on our LiMS or self-hosted on your internal LMS
  • Customization support available
  • Time-stamped reporting
  • Deliver custom content to multiple sites, groups, individuals
  • Bookmarking
  • Printable pages for future reference
  • Interactive knowledge checks to reinforce presented content
  • Technical tips
  • Penalty level alerts
  • Customizable test questions
  • Printable Certificate of Course Completion
  • Full schematics provided for customization content
  • Role-based tagging capabilities
  • Training impact analysis capability to capture student training experience
  • Voice enabling or disabling feature
  • Capturing of multiple training experiences
  • Expanded administrator control for database changes
  • Capturing of students decision-making path
  • Student remediation and re-testing for topic retention

CIP V5 BASE TRAINING – CYBER SECURITY

Course Outline:
  • Cyber Security defined
  • The Risks and Rewards of Interconnectivity
  • “Entity” Policy Statement
  • Passive Access Points
  • Passwords
  • Internet Usage (Email Security; Social Media)
  • Smartphones
  • External Devices (Removable Media; Transient Devices; Cloud Storage)
  • Anti Virus
  • Event Handling
  • Assessment
  • Summary

CIP V5 INFORMATION HANDLING

Course Outline:
  • BES Cyber System Information (BESCSI)
  • “Entity” Policy Statement
  • Classification of BES Cyber System Information (BESCSI)
  • BESCSI vs Critical Energy Infrastructure Information (CEII)
  • Storage – Required Practices
  • In Transit – Required Practices (Transport; Transmission)
  • Active Use – Required Practices
  • Destruction – Required Practices
  • Redeployment– Required Practices
  • Event Handling & Logging
  • Assessment
  • Summary

CIP V5 ELECTRONIC ACCESS CONTROLS

Course Outline:
  • How is Electronic Access defined? (Onsite; Remote)
  • “Entity” Policy Statement
  • Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
  • Interactive Remote Access (Defined; Routable Protocols; Controls)
  • Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access Revocation)
  • Policy Reviews & Change Management
  • Assessment
  • Summary

CIP V5 PHYSICAL ACCESS CONTROLS INCLUDING VISITOR MANAGEMENT

Course Outline:
  • How is Physical Access defined?
  • Who is covered? (Employees; Contractors; Vendors; Visitors)
  • “Entity” Policy Statement
  • Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
  • Secured Areas (Defined; Identified; Controls)
  • Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access Revocation)
  • Policy Reviews & Change Management
  • Assessment
  • Summary

CIP V5 CYBER SECURITY INCIDENTS, RESPONSE AND RECOVERY

Course Outline:
  • Cyber vs. Physical (Internal; External)
  • “Entity” Policy Statement (Prevention; Monitoring; Minimization; Mitigation)
  • Incident Identification (Actual Vs Suspected; Vandalism; Willful Acts; Cybercrime)
  • Incident Classification (Response Plan and Process)
  • Reporting/Communication Requirements (Internal and External Resources)
  • Recovery Processes (Documentation; Review; Change Management; Validation)
  • Assessment
  • Summary

NERC CIP SECURITY AWARENESS POSTER PROGRAM

The NERC CIP Security Awareness Poster Program provides an eye-catching communications solution to satisfy the requirements of the CIP-004 R1 Compliance Standard for utilities, municipalities and cooperatives. Each electronic poster contains security based topics informing employees on various elements of proper security practices to help increase awareness and adoption of compliance with current standards.
Our team works closely with your organization to customize each poster’s message to meet your specific requirements for your environment and culture.
Customized general Security Awareness Posters are also available for all other organizations.

Benefits
  • Consistent message delivery to all employees
  • Message accessible 24/7 via company intranet access
  • Visible message can be displayed in high traffic areas in any office or plant environment
  • Demonstrates commitment to security
  • Year round awareness
  • Eye catching to increase awareness and compliance with current standards
  • Uniform and efficient presentation
  • Helps increase widespread adoption of security practices within any organization
  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery

NERC CIP SECURITY SAFETY AWARENESS NEWSLETTER PROGRAM

Each quarter a new DOWNLOADABLE Security Awareness Newsletter in PDF format is released. Each bulletin is branded with Customer company logo and is ready to print and distribute in any environment – electronically or in print format.

The NERC CIP Security Awareness Newsletter Program provides an eye-catching communications solution to satisfy the requirements of the CIP-004 R1 Compliance Standard for utilities, municipalities and cooperatives. Each electronic bulletin contains security based topics informing employees on various elements of proper security practices to help increase awareness and adoption of compliance with current standards.

Our team works closely with your organization to customize each newsletter’s message to meet your specific requirements and include a perfect fit for your environment and culture.

Customized general Security Awareness Newsletters are also available.

Features
  • Branded with company logo
  • Customizable to fit your environment and culture
  • Includes security based topics
  • Interesting and informative presentation
  • Full colour
  • High resolution
  • Alluring graphics
  • Downloadable as a PDF
  • Printable up to 11′ X 17″
  • Monthly and quarterly subscriptions available
Benefits
  • Consistent message delivery to all employees
  • Message accessible 24/7 through company intranet access
  • Visible message can be displayed in high traffic areas in any office or plant environment
  • Demonstrates commitment to security
  • Year round awareness
  • Eye catching to increase awareness and compliance with current standards
  • Uniform and efficient presentation
  • Helps increase widespread adoption of security practices within any organization

NERC CIP STANDARDS CLASSROOM TRAINING

Delivered on-site, a fully customized and comprehensive NERC CIP Standards Classroom Training Course, providing face-to-face instruction and support by our team of highly experienced Security Specialists. The comprehensive program covers all NERC CIP Standard requirements. The NERC CIP Information Security E-learning Series can be effectively utilized to supplement the instructor-led training program to reinforce all concepts learned in the classroom. Course Completion Certificates are also included in the program.