I’ve been doing process for longer than I care to mention, and one thing that has often frustrated me is the limitation in most products to deal with dynamic, contextual work assignments. In the BPM industry, these kinds of processes are typically termed “ad-hoc” or “situational” processes. They follow a rules-based pattern, but the pattern […]
So what’s the big deal about patch management? We’ve already been applying patches to our cyber assets for many years and there’s really not that much new about the actual activity of patching assets. It should be easy to address compliance requirements, right? Well, perhaps, but let’s look at some of the elements of the […]
Managing cyber asset baselines in a NERC CIP compliant manner is no simple task. While on the surface it can appear to be straightforward, that illusion quickly evaporates the closer you get to the challenge. To help with that, here’s my recipe for baselines management.
Guest blog from Steven Parker, President of EnergySec The noted humorist, Mark Twain, is quoted as saying, “Everybody talks about the weather, but nobody does anything about it.” These days, a similar assertion might be made regarding the NERC Critical Infrastructure Protection (CIP) Standards. In theory, at least, the NERC CIP standards are created by the […]
By now it should be obvious to everyone that it’s not good enough to cobble together a NERC CIP program and call it a day. That will keep you in compliance – well – about a day. It’s not just the fact that the NERC CIP Standards are changing. We’ve recently gone from version 3, […]
One of the areas I work on extensively with utilities is Change Management. What I find is that while most utilities have a process in place for actually making changes (implementation), the CIP compliance side of the equation is often far less formalized and structured. With the additional requirements in the version 5 and 6 […]