San Francisco, California
London, United Kingdom
NERC CIP Bootcamp
All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.
Day 1 - NERC CIP Foundations and Low Impact Requirements
Day 1 of the NERC CIP Bootcamp provides foundational and background information on the standards with a focus on the low impact requirements and related compliance responsibilities for entities with only low impact assets. The course materials are nearly identical to those used for the 1-day stand-alone low impact course, when offered.
Day 2 and 3 - NERC CIP Deep Dive - Medium and High Impact Requirements
Days 2 and 3 of the NERC CIP Bootcamp provide a comprehensive look at the latest versions of standards CIP-002 through CIP-011. Each requirement will be discussed in detail along with a summary of evidence required to demonstrate compliance.
NERC CIP Audit Workshop
Compliance with the NERC CIP standards is only half the battle. Once compliance programs are in place, it is necessary to collect documentation and evidence of that compliance, and prepare to provide such evidence to auditors. EnergySec’s team of experts has developed a 2-day workshop that prepares entity personnel to successfully navigate the audit process from preparation, to execution, to post-audit negotiations. Attendees will obtain an understanding of the NERC Rules of Procedures (RoP), Compliance Monitoring and Enforcement Program (CMEP), Inherent Risk Assessments (IRA), Internal Controls Evaluation (ICE), and the audit process as documented in the ERO Auditors Handbook. The class, taught by a team of former regional entity auditors, will feature live exercises that build participant skills, and provide experience in a simulated audit environment.
NERC CIP for Low Impact Entities
This one-day course is designed for individuals working at utilities which have only low impact systems subject to the NERC CIP standards. This course will provide the detailed knowledge and understanding you need to achieve compliance with NERC CIP version 6.
Reducing Cybersecurity Risk: Tactics and Strategies
EnergySec’s “Reducing Cybersecurity Risk: Tactics and Strategies” course is designed to provide participants with the cybersecurity, framework, and communication theory required to get a grip on cyber security risk management and reduction. Rather than walk you through the same tired old risk management principles, this class will decompose the causes, sources, and nature of the problem and teach approaches and techniques which can be, together, applied to this difficult (and still poorly understood) problem. While utilizing existing tools and models, the class will go far beyond them and focus on fundamentally missing or underrepresented topics. Some of these include:
- The Essentials of Cyber Security (How it is important and Why it is so difficult)
- Framework Skills Development (How can we build and use focused, practical frameworks)
- “Cyber” Management Skills Development (Concepts such as metrics and organizational behavior that are necessary to get a grip on your environment”
- Filling out the NISTCSF and C2M2 gaps
- Understanding and applying Risk Management practices