What is information protection?
At the simplest level, it is controlling the access to specific pieces of information based on each individual’s “need to know.” Why is it important? For NERC CIP, it is very important as much of the information retained in the CIP compliance practice is highly sensitive. This includes information that, in the wrong hands, could be used to successfully hack into critical cyber assets.
Documents must obviously be included in the information protection program. Protecting network diagrams, CCA lists, and other sensitive compliance evidence is why information protection is included in the CIP standards. Data also falls into this category, with the data being managed to produce reports like the CCA list and logical accounts requiring protection as well.
Tightly controlling access to this information can be a daunting task that often includes a lot of man-power expended to oversee and policy the program. Even so, if the program is too complicated it is a given that periodically things will slip through the cracks.
There is a better way.
The SigmaFlow closed-loop information protection control uses the attributes of documents and data to determine who will be given access to the information in the solution and the rights granted for each. With easy setup, this control eliminates all of the hard work behind enforcing the information protection program by automatically apply the organization’s information protection rules to all content as it enters the system. There is never a gap and nothing to manage or police. The control does the heavy lifting for you.
This is another example of how the SigmaFlow NERC compliance solution can drive a higher level of assurance while reducing the time and energy that Utilities spend on compliance oversight and management.