CyberSecurityPlanTemplate-U1 - Cyber...

Info icon This preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
<< Name of Co-op>> Cyber Security Plan <<date>> Prepared by: 1 of 68
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
<<Name  of Co-op>> Cyber Security Plan Table of Contents Preface ..................................................................................................................................... 4 Purpose ................................................................................................................................ 4 Scope ................................................................................................................................... 4 Target Audience ................................................................................................................... 4 Contacts ............................................................................................................................... 4 Using the Template ................................................................................................................... 5 Executive Summary ............................................................................................................... 10 Building a Risk Management Program ................................................................................... 11 Risk Management Program Plan ........................................................................................ 12 Addressing People and Policy Risks ...................................................................................... 14 Cyber Security Policy ........................................................................................................ 14 Cyber Security Policy Plan ................................................................................................ 16 Personnel and Training ...................................................................................................... 16 Personnel and Training Plan .............................................................................................. 19 Addressing Process Risks ....................................................................................................... 20 Operational Risks ............................................................................................................... 20 Operational Risk Plan ........................................................................................................ 22 Insecure Software Development Life Cycle (SDLC) Risks ............................................... 24 Secure Software Development Life Cycle Plan ................................................................. 25 Physical Security Risks ...................................................................................................... 26 Physical Security Plan ....................................................................................................... 27 Third-Party Relationship Risks .......................................................................................... 27 Third-Party Relationship Plan ............................................................................................ 30 Addressing Technology Risks ................................................................................................ 31 Network Risks ............................................................................................................... 31 Network Security Plan ....................................................................................................... 36 Platform Risks ............................................................................................................... 37 Platform Security Plan ....................................................................................................... 39 Application Layer Risks ................................................................................................ 40 Application Security Plan .................................................................................................. 40 Security Requirements and Controls for Each Smart Grid Activity Type ............................... 42 2 of 68
Image of page 2
Advanced Metering Infrastructure (AMI) .......................................................................... 42 Advanced Metering Infrastructure Plan ............................................................................. 44 Meter Data Management (MDM) ...................................................................................... 35 Meter Data Management Plan ............................................................................................ 46 Communication Systems (COMM) ................................................................................... 46 Communication Systems Plan ........................................................................................... 48 Supervisory Control and Data Acquisition (SCADA) ........................................................ 48 Supervisory Control and Data Acquisition (SCADA) Plan ................................................ 50 In-Home Display (IHD) / Web Portal Pilots ...................................................................... 51 In-Home Display (IHD) / Web Portal Pilots Plan .............................................................. 52 Demand Response over Advanced Metering Infrastructure (AMI) Networks .................... 52 Demand Response over Advanced Metering Infrastructure (AMI) Networks Plan ............ 53 Interactive Thermal Storage ............................................................................................... 54 Interactive Thermal Storage Plan ....................................................................................... 55 Smart Feeder Switching ..................................................................................................... 55 Smart Feeder Switching Plan ............................................................................................. 56 Advanced Volt / VAR Control ............................................................................................ 57 Advanced Volt / VAR Control Plan .................................................................................... 58 Conservation Voltage Reduction (CVR) ............................................................................ 58 Conservation Voltage Reduction (CVR) Plan .................................................................... 59 Appendix A: Reference Documentation ................................................................................. 60 Security Standards ............................................................................................................. 60 National Institute of Standards and Technology Special Publications ................................ 60 Other Guidance Documents ............................................................................................... 62 Appendix B: Glossary ............................................................................................................ 64 Appendix C: Acronyms .......................................................................................................... 70 Appendix D: Minimum Security Requirements ..................................................................... 71 3 of 68
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
<<Name of Co-op>> Cyber Security Plan Table of Contents Preface Purpose This plan baselines existing cyber security–related activities and controls at our organization against the Guide to Developing a Cyber Security and Risk Mitigation Plan . For areas covered by existing processes and / or technologies, the plan briefly documents how and where this is accomplished. For identified gaps, the plan documents current deviation from the recommended security controls and specifies whether to accept or mitigate the risk, the actions needed to close the gaps, the responsible party, and the implementation timeline. Scope This plan goes through the cyber security controls that our organization already has in place or plans to implement in order to mitigate the risks introduced by smart grid technologies.
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern