Corporate Risk Solutions Launches NERC Security Awareness Trial Program
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary and premier security consulting firm of Corporate Enterprise Security, Inc., is set to launch its computer-based Security Awareness Program. With the mindset of “Tell me and I forget; show me and I remember; involve me and I understand,” CRSI is aiming above and beyond traditional Security Awareness programs with its commitment to personalization, creativity, client satisfaction, and meeting NERC requirements.
CRSI would like to assist their utility partners with their Security Awareness Program and Cyber Security Training Program to meet the requirements for compliance to CIP-004 R1 and R2. CRSI will be launching their exciting new programs very soon. However, before these programs are fully deployed, they are releasing a sneak preview and free trial offer of their Security Awareness Posters and Email Blasts.
Until September 30, 2012, CRSI will be offering free use of their Security Awareness Posters. Companies can choose from a variety of colorful posters with timely security messages that can be downloaded, locally printed in full color, and displayed throughout the utility’s facilities. During the program introduction through September 30, 2012, CRSI is also offering free Security Awareness Email Blasts containing current security messages. Once launched, this service will provide a suite of reports for client super-users showing the security messages, date(s) delivered, and distribution list. These reports will provide detailed and highly-effective evidence of compliance. To try these Security Awareness Program materials at no cost, utilities are urged to Sign Up Now to take full advantage of the trial program.
Also, before the end of the year, CRSI will begin deploying a total of four Security Training programs that will meet the training requirements for CIP-004 R2 Annual Cyber Security Training and CIP-001 Sabotage Recognition and Reporting Training. The two additional programs will address Cyber Security Incident Response Team Training and Critical Cyber Asset Recovery Training. Then, in 2013, CRSI will begin offering certified 693 System Operator Training programs.
CRSI is very interested in participant feedback and comments regarding their initial free trial Security Awareness Program. This is a program they hope will benefit each utility’s compliance program, and in order to make it the best program possible for participants, CRSI encourages feedback and comments emailed to:trainingandawareness@corprisk.net.
Corporate Enterprise Security Launches New Website
Corporate Enterprise Security, Inc. (CESI) is proud to announce that it has finalized the implementation of a brand new website. Viewers can find the site at www.corpenterprisesec.com. The site will function as a one-stop news outlet for viewers to find out more about CESI, quickly identify which subsidiary can help serve them the best, and engage in industry tips and updates.
The new website features pages specific to the needs of the company’s clients and social media integration (Twitter addicts can rejoice!) When it came to designing the new website, the desire was for something engaging and attractive, but still functional and informative. With the achievement of this, the new site represents CESI’s commitment to developing creative opportunities for the success of clients, business subsidiaries, and employees.
With CESI’s website, visitors will be able to:
• Find out how CESI can help them with their security needs.
• Get in touch with one of CESI’s expert security consultants.
• Follow us on their favorite social networking sites like Facebook, Twitter, and LinkedIn for the latest news and information.
• View, register for, and share upcoming events.
• Use a Smartphone to view upcoming events, find a location, or contact.
Scott Roe, President of CESI, comments, “I am very excited about our new website because it allows viewers to quickly identify how CESI can help them with their security needs by viewing our Industry Solutions and Subsidiary pages.” Trisha Breckenridge, Marketing Associate, adds, “I am very pleased with the new site’s ability to allow visitors to truly engage with us. The overall look and functionality of the site embodies CESI’s commitment to developing creative opportunities for success.”
Corporate Enterprise Security is very excited to hear visitors’ feedback on the new website; leave them a comment on their Facebook page and let them know what you think! Don’t forget to Follow CESI on Twitter and LinkedIn for updates, news, and Security Tips.
CESI is a holding company for innovative security consulting and regulatory compliance firms providing services for critical infrastructure entities globally. Through its business partnerships and subsidiaries, CESI provides commitment and responsiveness to clients and high quality of services in each of the vertical security markets.
Corporate Risk Solutions’ NERC CIP Compliance Guide Addresses Version 4
The recent announcement of the Federal Energy Regulatory Commission (FERC) approving the final rule that updates certain reliability standards (www.ferc.gov/…/Files/20120419105338-summaries.pdf) may have some utilities shaken up. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC), and involves a change in the way Critical Assets are identified. These NERC CIP Reliability Standards provide a framework to identify and protect Critical Cyber Assets in association with Critical Assets that support the Bulk-Power System.
While those involved with NERC Compliance may be worried about what this means for previous version of the Standards, Corporate Risk Solutions, Inc. (CRSI) has a solution to help lessen the blow. CRSI has produced an extensive, holistic NERC CIP Compliance Guide that includes guidance for Version 4 as approved by the NERC Board of Trustees.
CRSI’s NERC CIP Compliance Guide includes narration of each of the NERC CIP Requirements and supporting information to assist with comprehension and compliance. Not only does the Guide provide detailed information as to what documentation is needed per Requirement and Sub-Requirement and details additional evidence that must be provided during an audit to achieve compliance, but it also provides best practice recommendations and problem areas to avoid.
So far, CRSI has sold 160 Guides to utilities across all eight NERC Regions. Clients have been providing CRSI with great feedback about the functionality and features of the Compliance Guide. The NERC CIP Compliance Guide is designed for all members of the company. Those that will benefit most from the Guide are Subject Matter Experts, members of the internal Compliance Team, Senior Executives, Management, employees dealing directly with NERC CIP on a daily basis. The Guide is designed as a reference source for all NERC CIP compliance questions.
For future versions of the Guide, a significant discount will be offered only to those who have previously purchased the first edition. It is intended that in future versions (Version 5), the Guide will be offered in a web format so it can operate within an Intranet platform for which a subscription service from CRSI will maintain the currency of and provide enhancements to the Guide and supporting templates. Significant discounts will also be offered for the web format only to those who have previously purchased the first edition. It is anticipated that the information contained in this Guide will be valid and applicable for a minimum of 18-24 months.
For information on how to order, request a sample, or get in contact with a fellow user of the NERC CIP Compliance Guide, contact Travis Emerson at temerson@corprisk.net or call 913-322-5404. Visit www.corprisk.net/services/nerc-cip-compliance-guide to find out how CRSI’s clients have found value in the Compliance Guide.
Corporate Risk Solutions’ NERC CIP Compliance Guide Addresses Version 4
FERC Approves Version 4
FERC approves final rule that updates certain reliability standards
E-6, Version 4 Critical Infrastructure Protection Reliability Standards, Docket No. RM11-11-000. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards. The CIP Reliability Standards provide a cyber-security framework for the identification and protection of “Critical Cyber Assets” associated with “Critical Assets” that support the reliable operation of the Bulk-Power System. The main difference between Version 3 and Version 4 is found in CIP-002-4 and involves a change in the way “Critical Assets” are identified. Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3. The final rule does not include any new substantive directives, but it does provide NERC with guidance regarding achieving full compliance with the directives contained in Order No. 706. The final rule also imposes a deadline of March 31, 2013 by which time NERC must submit the next version of the CIP Reliability Standards and further requires NERC to provide quarterly status reports on its CIP development efforts.
For your information, here is the item from FERC’s meeting summary: http://www.ferc.gov/EventCalendar/Files/20120419105338-summaries.pdf
Non-Compliance Is Not an Option
Non-Compliance Is Not an Option: Corporate Risk Solutions’ NERC CIP Compliance Guide Now Available
Failure to comply with NERC Standards can result in substantial penalties, negative publicity, and state regulatory actions. The adoption of more stringent standards means that utilities that passed audits in the past may not have the organizations and processes in place to ensure future compliance. Fines up to a million dollars a day and even criminal penalties are so significant that non-compliance is not an option.
If you are involved with NERC CIP Compliance, you know the frustration of trying to remember every single requirement, sub-requirement, document, reference, process, and procedure. In response to this frustration heard from our clients, Corporate Risk Solutions, Inc. (CRSI) has developed a collective location for all information you need to better maximize the efficiency of your compliance team.
In February, CRSI formally announced the launch of the fully-abridged NERC CIP Compliance Guide, complete with narration of each CIP Requirement and supporting information to assist with Requirement comprehension and compliance. The Guide provides detailed information as to what documentation is needed per Requirement and Sub-Requirement and details additional evidence that must be provided during an audit to achieve compliance. Finally, the Guide provides best practice recommendations and problem areas to avoid.
In its first production run alone, CRSI sold 127 Guides to utilities across all eight NERC Regions. So far, our clients have been providing us with great feedback about the functionality and features of the Compliance Guide. Instead of spending hours upon hours trying to find a reference or even being aware the reference exists, see for yourself how you can save an abundance of time and money in your NERC CIP Compliance Program.
Robert Hoopes, Senior Director of FERC/NERC Compliance, PPL Corporation, commented, “I strongly recommend CRSI’s NERC CIP Compliance Guide to peers responsible for compliance with the CIP standards. It is exceptionally well done and can be used as a reference to validate various aspects of a current CIP compliance program or as a problem solving tool to work through CIP compliance issue. Its use in preparing for a CIP audit will be a great benefit to those organizations using it.”
Check out our Compliance Guide page for an in-depth look at some of the features and further comments from users of the Guide. Leave a comment on the CRSI Facebook page and let us know what you think! Need more information? Contact Travis Emerson at temerson@corprisk.net or 913-322-5404 for a sample or how to get in contact with a fellow user of the NERC CIP Compliance Guide.
What do you predict will be the top security risk to your company in the next year?
Corporate Risk Solutions Expands Security and NERC CIP Consulting Team: Introducing Michael Taylor, Security/Compliance Analyst
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary and premier security consulting firm of Corporate Enterprise Security, Inc., is pleased to announce the addition of Mr. Michael S. Taylor as a Security/Compliance Analyst to its team of dedicated NERC (693 and 706) Compliance and security consulting experts. Mr. Taylor will assist in the growth and continued success of CRSI’s Managed Services Support (MSS) offerings.
“Michael’s experience in infrastructure security design reviews and various aspects of a security program will prove invaluable to our MSS and compliance programs,” says Susan Tibbs, Security Consultant, Managed Services Support Section, of the addition to CRSI’s team.
As a Security/Compliance Analyst, Mr. Taylor will work with senior consultants to develop policies and procedures for physical, information, and operations security, assist in the review of threat and vulnerability assessments and risk management tools, as well as mock audits, inspections, and compliance evaluations. Mr. Taylor comments, “I am excited and honored to be a part of the CRSI team. I look forward to the challenges and opportunities ahead of me, and feel my military experience and background in security has prepared me to provide exceptional services to our clients.”
Mr. Taylor has over 23 years’ experience working in multiple security disciplines while serving in the United States Army Military Police Corp. He started as a Physical Security Compliance Inspector and continued his professional training and development eventually working as a Security Program Manager for Army installations and facilities in North Carolina, Texas, Kansas, South Korea, Germany, and Iraq. Mr. Taylor also served as the Antiterrorism and Force Protection Officer and Emergency Response Coordinator at military bases in Landstuhl and Bamberg, Germany, and in support of military contingency operations in Iraq. His specialties included Threat and Vulnerability Assessments, Risk Analysis and Mitigation, Compliance Inspections, Physical and Electronic Security Systems design, Police Intelligence Operations, and developing plans, policies, procedures, and training packages for security programs aimed at protecting information, personnel, facilities, and critical assets.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by NERC Regional Entities for Audit Support. For more information, contact: Trisha Breckenridge, Marketing Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Corporate Risk Solutions Produces Fully Abridged NERC CIP Compliance Guide Book
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary and premier security consulting firm of Corporate Enterprise Security, Inc., has produced a definitive NERC CIP Compliance Guide for their utility partners. This “Guide Book” was developed as the first ever, holistic, abridged “Go-To” source for all NERC CIP Compliance questions. It provides insight from FERC Order 706 that was used as the basis for the development of each of the CIP Standards, as well as references applicable NERC documents published for guidance, interpretation, compliance application, and/or Frequently Asked Questions attributable to each CIP Standard, requirement, and/or sub-requirement.
The “Guide Book” also provides enhanced information such as potential auditors’ questions, evidence of compliance, and even best practices or common problem areas. The “Guide Book” was developed using Version 3 of the CIP Standards, as well as guidance for CIP-002 Version 4 as currently approved by the NERC Board of Trustees, and is presented in a easy-to-use “lay flat,” full color, tabbed handbook format.
Michael W. Tibbs, Senior Vice-President and Chief Operating Officer of CRSI, explains, “The NERC CIP Compliance Guide Book benefits all members of the utility company. Those that will benefit most from the Guide are Subject Matter Experts, members of the Internal Compliance Team, Management and Senior Executives, and literally any employees dealing directly with NERC CIP on a daily or periodic basis.”
The first edition of the “Guide Book” will only be available for purchase by CRSI’s utility partners and will be available in early/mid-March 2012. CRSI has plans to distribute future version of the “Guide Book” in a web-based resource process with a subscription service keeping the information current on changes in the NERC CIP regulatory environment.
Click here to download your order form.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by NERC Regional Entities for Audit Support. For more information, contact: Trisha Breckenridge, Marketing Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Corporate Risk Solutions Welcomes Chris Pfister as Manager of Consulting Services
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary and premier security consulting firm of Corporate Enterprise Security, Inc., has named Chris Pfister as its new Manager of Consulting Services for its team of NERC (693 and 706) Compliance and security consulting experts.
Mr. Pfister, a former United States Naval Officer, has 20 years of project/program management experience with physical and cyber security, as well as executing Continuity of Operations Plans. Mr. Pfister will provide his knowledge and support to and lead projects for CRSI clients, including project implementation plans, budgets, work schedules, and deliverables.
“The expansion of our consulting team in the energy and government sectors further strengthens our ability to meet the needs of utilities across North America,” says Joe Doetzl, Director of Consulting Services. “Chris Pfister’s comprehensive experience managing physical and cyber security projects is a tremendous addition to CRSI and a valuable resource to our clients.”
“I look forward to starting a new challenge with CRSI and to working with the team to further develop their dedication to security and compliance,” says Mr. Pfister. Chris, who is also a graduate of the United States Army Command and General Staff College will aid in the continued growth of CRSI as Manager of Consulting Services. Chris, who earned his Master’s Degree in Business and Organizational Security Management, managed physical security/anti-terrorism measures in demanding and hazardous overseas environments during his twenty years as a U.S. Naval Officer. He has in-depth experience with cyber security as project manager for a global targeting software program and as Deputy of Current Operations in the Global Operations Center of United States Strategic Command.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by NERC Regional Entities for Audit Support. For more information, contact: Trisha Breckenridge, Marketing Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Corporate Risk Solutions Hires Security/Compliance Analyst
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary and premier security consulting firm of Corporate Enterprise Security, Inc., is pleased to announce the addition of Ms. Dana M. Bradshaw as a Security/Compliance Analyst to its team of dedicated NERC (693 and 706) Compliance and security consulting experts. Based upon the success of its Managed Services Support (MSS) offerings, CRSI has added a professional consulting analyst group to focus exclusively on the MSS work.
“Dana brings a client-focused approach to Corporate Risk Solutions. Her professional services experience and attention-to-detail will provide CRSI with an outstanding proven track record for each of our clients,” says Susan Tibbs, Senior Consultant, Managed Services Support Section, of the addition to CRSI’s team.
As a Security/Compliance Analyst, Ms. Bradshaw will work with senior consultants to develop and support client training needs, policy and procedural development, and compliance training initiatives. She is responsible for researching current industry best practices, analyzing regulatory and security initiatives, and providing technical writing services and formulating solutions for reporting and presentations. Ms. Bradshaw reveals, “I am happy to work with such as dynamic organization as CRSI and to be involved with such outstanding co-workers. I look forward to the regulatory and security challenges going forward and working with really terrific clients of CRSI.”
Ms. Bradshaw earned a Bachelor’s Degree in Business Administration from the University of Missouri-Kansas City, and a Master’s of Business Administration from Indiana Wesleyan University with a concentration in accounting. Her graduate studies included accounting and auditing, business analysis and technology, and organizational development and change.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by multiple NERC Regional Entities for Audit Support.