Top Security Threats and Management Issues Facing Corporate America

Total Page:16

File Type:pdf, Size:1020Kb

Top Security Threats and Management Issues Facing Corporate America Top Security Threats and Management Issues Facing Corporate America 2016 Survey of Fortune 1000 Companies Introduction......................................................................4 Survey background and overview of results. Top Security Threats ......................................................6 Ranking of the most important security concerns for 2016, and an overview of threats and their rankings since 2000. Threat Rankings Within Industry Sectors ..................8 Top security threats segmented by major industries. Security Management Issues ..................................... 14 Management issues, pre-employment selection processes, and staffing the security organization. Organizational Structure and Strategy .................... 16 Review of security directors’ reporting relationships and interaction of security with other functions. Budget and Funding ..................................................... 16 Discussion of security funding trends and review of factors influencing budget decisions. Methodology and Sample Distribution .................... 17 Survey methodology and profile of respondents by industry and geography. Emerging Trends ................................................19 2 A Message From: Bill Barthelemy CHIEF OPERATING OFFICER – SECURITAS SECURITY SERVICES USA, INC. William Barthelemy, Securitas Security Services USA, Inc. has completed its 2016 “Top Security the Chief Operating Officer of Securitas Security Services USA, Threats and Management Issues Facing Corporate America” survey. Inc., brings nearly 40 years of industry experience to the We are pleased to publish the findings of the survey in this report. organization. With a Criminology degree from Indiana University of PA, he began his career as Over the years, this survey has become an industry 2) Promoting Employee Awareness, and an investigator, moving to the Security Division after two years. standard and is often used by corporate security 3) Implementing Best Practices/Standards/Key He has worked in many field managers in numerous markets for security-related Performance Indicators. An interesting observation capacities including Scheduling, data when making decisions relative to security about these rankings is that Budget/Maximizing Operations Manager, Branch Manager, Regional Operations planning. I want to thank all of our respondents ROI (ranked #1 in 2012 and #3 in 2014) dropped Director and Region President. who participated, generating an excellent response to 8th place in the 2016 survey. He brings further client service rate from security executives in 39 states, Canada focus to the management team, As you will read, the survey results also outline and Mexico. Your input is critical to our report and and he is an active member of the top security threats as reported by security ASIS International, as well as has revealed that the top five security threats for executives in various vertical markets. Additionally, the National Association of 2016 are as follows: Chiefs of Police. it provides information on the reporting relationships 1. Cyber/Communications Security: of those participating in the survey as well as Internet/Intranet Security projected future budgets and funding for security departments. 2. Workplace Violence Prevention/Response We extend a special thanks to the security practi- 3. Active Shooter Threats tioners who contributed editorial commentary for 4. Business Continuity Planning/ this report, namely: Organizational Resilience • Tom Ridge, Chairman, Ridge Global 5. Cyber/Communications Security: • Timothy Williams, CPP, Chief Security Officer, Mobile Security Caterpillar Inc. • Charles Baley, Chief Security Officer, It comes as no surprise that Cyber/Communica- Farmers Group, Inc. tions Security retained its #1 ranking from our • Michael Howard, Chief Security Officer, three previous surveys, and Workplace Violence Microsoft Corporation Prevention/Response rose in ranking to again be • Gail Essen, CPP, PSP, CEO, Professional the #2 threat. What is surprising is that two threats Security Advisors never before listed in our survey—Active Shooter • Richard Avery, CPP, Northeast Region Threats and Cyber/Communications Security: President, Securitas Security Services USA, Inc. Mobile Security—are #3 and #5, respectively. The high ranking of these new threats is undoubt- On behalf of the entire management team at edly an indicator of current events, both in the Securitas USA, I hope you find the information con- U.S. and globally. tained in this report to be of value in assisting your The top security management challenges organization to achieve its security objectives. that were identified are: 1) Security Staffing Effectiveness: Training Effectiveness Methods, Top Security Threats and Management Issues Facing Corporate America 3 A Message From: Don Walker, CPP CHAIRMAN – SECURITAS SECURITY SERVICES USA, INC. Thank you to our customers and friends for Therefore, it may be useful for anyone concerned Don W. Walker, CPP, participating in the 2016 Securitas Top Security with the insider threat to refer to the “Common is Chairman of Securitas Security Services USA, Inc. He is an inter- Threats Survey. Also, thank you to our guest Sense Guide to Mitigating Insider Threats,” nationally recognized expert in the authors who contributed their thoughts regarding published by Carnegie Mellon University’s security field, with an extensive current risks, threats or issues of concern to them Software Engineering Institute. Many of the background in all areas of security. and their organizations. We are grateful for their lessons learned in its case studies validate the The Securitas Group acquired insights regarding strategy, use of technology, need for a comprehensive physical security Pinkerton’s Inc. in 1999. Walker training and operating procedures. As risks change program working in concert with a proactive joined Pinkerton in 1991, when it acquired Business Risks Interna- and new threats emerge, we hope you agree that information security program. Our Pinkerton tional (BRI), a security consulting the survey and the analysis of the data can be very subsidiary and its partners are working closely and investigations company useful tools in assisting organizations develop with our customers to eliminate or mitigate the with global operations. After joining Pinkerton, he held various security prevention, detection, response and/or insider threat by using the data, strategies and management positions, including mitigation strategies and procedures. tools addressed by the guest authors in this Chairman, CEO, President, Execu- survey report. tive Vice President of the Ameri- One of the things that struck me in analyzing cas and Executive Vice President the data is that of the 29 threat categories, of International Operations. approximately one half can be caused or Walker is a co-founder of the ASIS committed by insiders (current or former International CSO Roundtable, a employees or trusted business partners/guests). life member of the International Security Management Association Therefore, it is no surprise that Employee Selec- (ISMA), the Society of Interna- tion/Screening and Rescreening always ranks in tional Business Fellows (SIBF) the top ten threats or issues concerning security and Leadership Nashville. He is a former member of the Board executives. This year, we included “Insider Threats” of Directors of the Ripon Society as part of the overall category. Many of the and a member of the National Law incidents we see in the headlines are categorized Enforcement Museum’s Chief Se- curity Officer Leadership Commit- as workplace violence, cyber-crimes, information tee. He is past president of ASIS compromise, identity theft or major frauds. Many International, former treasurer of those incidents were, in fact, the direct result of of the International Association of Credit Card Investigators and a malicious insider or someone who circumvented a member of the original Bank adequate vetting. Administration Institute Security Committee. He has served on numerous civic task forces, commissions and committees. Walker is a Certified Protec- tion Professional. He received his Bachelor’s degree from the University of Louisville and his Juris Doctorate from the Nashville School of Law. Top Security Threats and Management Issues Facing Corporate America 4 Introduction Securitas Security Services USA, Inc. has completed the 2016 “Top Security Threats and Management Issues Facing Corporate America” survey. This survey has become an industry standard and is often used by corporate security management in a wide range of industry sectors for security-related data when making decisions relative to security planning. Securitas USA surveyed a wide range of security managers and position from 2010-2012, and briefly moving to 3rd place in 2014. directors from Fortune 1000 companies, facilities managers and Active Shooter Threats, a new attribute in 2016, holds 3rd place, others responsible for the safety and security of corporate America’s while Business Continuity Planning, including Organizational Resil- people, property and information. The objective was to identify ience, falls 2 spots to 4th place after a 2nd place ranking in 2014. emerging trends related to perceived security threats, manage- A new breakout of Cyber/Communications Security, Mobile ment challenges, and operational issues. This survey has created Technology, holds 5th place, while another new threat, Crisis a reliable, data-driven tool for security
Recommended publications
  • Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, Was Chosen to Appropriately Convey
    NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS MICHAEL McEVILLEY JANET CARRIER OREN This publication contains systems security engineering considerations for ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes. It provides security-related implementation guidance for the standard and should be used in conjunction with and as a complement to the standard. This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology MICHAEL McEVILLEY The MITRE Corporation JANET CARRIER OREN Legg Mason This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director Special Publication 800-160 Systems Security Engineering A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems ________________________________________________________________________________________________ Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems.
    [Show full text]
  • An Article About Security Management
    Cite as www.jha.ac/articles/a060.pdf BEYOND SECURITY PLANNING: TOWARDS A MODEL OF SECURITY MANAGEMENT COPING WITH THE SECURITY CHALLENGES OF THE HUMANITARIAN WORK Luis Enrique Eguren © July 2000 SUMMARY The challenges faced by humanitarian agencies working in violent scenarios pose the need for comprehensive and dynamic systems to cope with the security requirements. Security planning cannot answer all the questions: we must take a step further and discuss a model for security management. In this paper we propose an overall framework for a security management process and an incremental approach to security management. Both topics should allow agencies and practitioners to better undertake strategies for coping with the security challenges of humanitarian work. SECURITY MANAGEMENT VERSUS SECURITY PLANNING Some of the most effective humanitarian agencies have a Security Plan carefully stored in the fifth drawer of the senior manager desk (of course in many agencies that fifth drawer is full with other documents, and there is no a drawer for security plans). Even that Security Plan may consist of a series of protective measures, contingency plans and safety rules, which may be useful as security guidelines but do not grasp the fact that that security requires an adequate overall management, and it means much more than a security plan. Security cuts through all aspects of an agency´s work in a conflict scenario: it has to do with operations (as any targeting the agency may suffer can be consequence of its operations), with assessing a changing context (and conflict scenarios can change quickly), with flows of information (recording and assessing security incidents), with personnel (from recruiting to training and team building), with budgeting and funding and so on (for an in depth analysis of security management see Koenraad van Brabant´s manual1 and other relevant initiatives2).
    [Show full text]
  • Chief Security Officer
    Chief Security Officer Chief Security Office, Information and Knowledge Services The Chief Security Officer (CSO) is a new role and will develop and lead a cross-Departmental approach for all aspects of protective security, covering Security Governance, Personnel Security, Physical Security and Information Security (including Information and Information Communication Technology (ICT) security). The CSO is a transformational change leader, responsible for leading and building a strong security culture where people have a high degree of security awareness and good security practises become an integral part of how we do things around here. The CSO also assumes the function of Incident Controller in major and emergency situations, in line with DIA’s Incident Management Framework. Reporting to: Deputy Chief Executive, Information and Knowledge Services Location: Wellington Salary range: Corporate Band L What we do matters – our purpose Our purpose is to serve and connect people, communities and government to build a safe, prosperous and respected nation. In other words, it’s all about helping to make New Zealand better for New Zealanders. How we do things around here – our principles We make it easy, we make it work Customer centred Make things even better We’re stronger together Work as a team Value each other We take pride in what we do Make a positive difference Strive for excellence Working effectively with Māori Te Aka Taiwhenua – our Māori Strategic Framework – enables us to work effectively with Māori. We accept our privileged role and responsibility of holding and protecting the Treaty of Waitangi / Te Tiriti o Waitangi. The Department of Internal Affairs Te Tari Taiwhenua What you will do to contribute As a result we will see Strategic Leadership DIA has a security strategy and Lead the development and execution of a clear framework that is well positioned protective security strategy, framework and security and fit for purpose.
    [Show full text]
  • The Chief Information Security Officer: an Exploratory Study
    Journal of International Technology and Information Management Volume 26 Issue 2 Article 2 6-1-2017 The Chief Information Security Officer: An Exploratory Study Erastus Karanja North Carolina Central University, [email protected] Mark A. Rosso North Carolina Central University, [email protected] Follow this and additional works at: https://scholarworks.lib.csusb.edu/jitim Part of the Management Information Systems Commons Recommended Citation Karanja, Erastus and Rosso, Mark A. (2017) "The Chief Information Security Officer: An Exploratory Study," Journal of International Technology and Information Management: Vol. 26 : Iss. 2 , Article 2. Available at: https://scholarworks.lib.csusb.edu/jitim/vol26/iss2/2 This Article is brought to you for free and open access by CSUSB ScholarWorks. It has been accepted for inclusion in Journal of International Technology and Information Management by an authorized editor of CSUSB ScholarWorks. For more information, please contact [email protected]. Journal of International Technology and Information Management Volume 26, Number 2 2017 THE CHIEF INFORMATION SECURITY OFFICER: AN EXPLORATORY STUDY Erastus Karanja [email protected] Mark A. Rosso [email protected] Department of Computer Information Systems School of Business North Carolina Central University USA ABSTRACT The proliferation and embeddedness of Information Technology (IT) resources into many organizations’ business processes continues unabated. The security of these IT resources is essential to operational and strategic business continuity. However, as the large number of recent security breaches at various organizations illustrate, there is more that needs to be done in securing IT resources. Firms, through organizational structures, usually delegate the management and control of IT security activities and policies to the Chief Information Security Officer (CISO).
    [Show full text]
  • Civilian Market Analysis DHS Strategic Industry Conversation
    dlt.com WHITE PAPER REPORT Civilian Market Analysis DHS Strategic Industry Conversation Louis Dorsey Senior Director, Civilian Strategic Markets Accelerating Public Sector Growth for Technology Companies November 2018 DLT 2411 Dulles Corner Park, Suite 800, Herndon, VA 20171 Main 800.262.4358 eFax 703.709.8450 Civilian Market Analysis DHS Strategic Some of the mission-focused topics discussed by these Industry DHS leaders included: Conversation Keynote Address Nov 1, 2018 o Claire Grady, DHS, Acting Deputy Secretary Lessons Learned from an Unprecedented Disaster Season o Brock Long, FEMA, Administrator Soraya Correa, DHS Chief Procurement DHS Leadership Insights on Challenges Confronting DHS Officer o Kathleen Fox, FEMA, Assistant Administrator o Jeanette Manfra, CISA, Assistant Secretary o Robert Perez, CBP, Deputy Commissioner o Patricia Cogswell, TSA, Deputy Administrator DHS Security Operations Center Optimization—Crawl Phase o Paul Backman, DHS, CISO o Alma Cole, CBP, CISO o Kevin Graber, USSS, CISO o Vu Nguyen, Cyber Operations, Director o Rob Thorne, ICE, CISO How Management Directorate is Enabling the Mission o Chip Fulghum, DHS, Deputy Under Secretary for Management Claire Grady, DHS CXO Partnerships: Addressing the Needs of Tomorrow Acting Deputy Secretary o Chip Fulghum (Moderator) o Soraya Correa, DHS, Chief Procurement Officer o Tom Chaleki, DHS, Chief Readiness Officer o Debra Cox, Office of Program Accountability & Risk Management, Executive Director o Roland Edwards, DHS, Deputy Chief Human Capital Officer o Stacy Marcott,
    [Show full text]
  • Information Security Management Accounting
    7 Information Security Management Accounting Diego Abbo Candidate School of Systems Enginireering SSE- University of Reading (UK), Italy 1. Introduction Increased computer interconnectivity and the popularity of Internet are offering organizations of all types unprecedented opportunities to improve operations by reducing paper processing, cutting costs, and sharing information. However, the success of many of these efforts depends, in part, of an organization’ ability to protect the integrity, confidentiality of the data and systems it relies on. Many people seem to be looking for a silver bullet when it comes to information security. They often hope that buying the latest tool or piece of technology will solve their problems. Few organisations stop to evaluate what they are actually trying to protect (and why) from an organizational perspective before selecting solutions. In the field of information security the security issues tend to be complex and are rarely solved simply by applying a piece of technology. Furthermore the growing of interdependency of the complex integrated information systems will continue and accelerate and more technologies are integrated to deliver rich services. Today there is no way to model, understand, monitor and manage the risks presented by the growth of these systems. That also means that the investments in information security can’t have the appropriate accuracy and follow the common principle of redundancy increasing the non-productive costs of the businesses and/or services that are supporting by the above mentioned systems. On the other hand the failure of information security during the past decade are nothing short of spectacular. The inability of organisations to prevent increasingly dramatic compromises has led to huge financial losses, produced a great deal of embarrassment, and put every sector of the global economy at risk.
    [Show full text]
  • Architecture of Network Management Tools for Heterogeneous System
    (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 3, 2009 Architecture of Network Management Tools for Heterogeneous System Rosilah Hassan, Rozilawati Razali, Shima Mohseni, Ola Mohamad and Zahian Ismail Department of Computer Science, Faculty of Information Science and Technology Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia . Human: where human manager defines the policy and organization approaches. Abstract— Managing heterogeneous network systems is Methodology: defines the architectural a difficult task because each of these networks has its own curious management system. These networks framework and the functions to be usually are constructed on independent management performed. protocols which are not compatible with each other. Instrumentation: the actual operational This results in the coexistence of many management aspects that establish the procedures, systems with different managing functions and services methods and algorithms for data collection, across enterprises. Incompatibility of different processing and reporting, and analysis of management systems makes management of whole problems, their repair, prediction or system a very complex and often complicated job. forecasting of service levels and probable Ideally, it is necessary to implement centralized meta- level management across distributed heterogeneous improvements to enhance performance. systems and their underlying supporting network systems where the information flow and guidance is S&NM aims to provide network
    [Show full text]
  • BNY Mellon Corporate Social Responsibility 2019 Report
    2020CSR Report-cover.pdf 1 6/17/20 4:24 PM C M Y CM MY CY CMY K About This Report About This Report This is BNY Mellon’s 13th report covering corporate social responsibility (CSR) and environmental, social and governance (ESG) topics. Our annual updates in this report are not just about our company’s social and environmental impact, but also about how we view and integrate ESG considerations throughout our operations, leveraging opportunities and mitigating risks cross-functionally and across our lines of business. We publish our CSR report annually in the second quarter on www.bnymellon.com/CSR. Unless otherwise noted, this report includes data and activities from BNY Mellon’s global operations for the calendar year 2019. Unless otherwise noted, all data is as of 12/31/2019 and covers The Bank of New York Mellon Corporation and its subsidiaries. The report provides select data from past years in order to facilitate year-over-year analysis. This is our 11th report using the Global Reporting Initiative’s (GRI) framework, the world’s most widely used sustainability reporting framework. We prepared the report according to GRI Standards Comprehensive option. View the GRI Index on page 80. 2019 CSR and ESG Awards and Recognition Dow Jones Sustainability World Index (DJSI) 6 consecutive years CDP A List for climate management leadership 7 consecutive years FTSE4Good Global Benchmark Index 8 consecutive years Perfect score on the Corporate Equality Index for LGBTQ workplace equality, Human Rights Campaign Foundation 13 consecutive years Bloomberg Gender-Equality Index 5 consecutive years See a full list of our awards.
    [Show full text]
  • COMPLAINT TIKTOK INC. and BYTEDANCE LTD. Against
    TIKTOK INC. et al v. TRUMP et al Doc. 1 Case 1:20-cv-02658 Document 1 Filed 09/18/20 Page 1 of 46 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA TIKTOK INC., 5800 Bristol Parkway Culver City, CA 90230 BYTEDANCE LTD., c/o Vistra (Cayman) Ltd. P.O. Box 31119 Grand Pavilion, Hibiscus Way Civil Case No. 20-cv-2658 George Town, KY1-1205 Cayman Islands COMPLAINT FOR INJUNCTIVE AND Plaintiffs, DECLARATORY RELIEF v. DONALD J. TRUMP, in his official capacity as President of the United States, 1600 Pennsylvania Avenue, N.W. Washington, DC 20500 WILBUR L. ROSS, JR., in his official capacity as Secretary of Commerce, 1401 Constitution Avenue, N.W. Washington, DC 20230 U.S. DEPARTMENT OF COMMERCE, 1401 Constitution Avenue, N.W. Washington, DC 20230 Defendants. Plaintiffs TikTok Inc. and ByteDance Ltd., for their Complaint against Defendants DONALD J. TRUMP, in his official capacity as President of the United States; WILBUR L. ROSS, JR., in his official capacity as Secretary of Commerce; and the U.S. DEPARTMENT OF COMMERCE; allege as follows: Dockets.Justia.com Case 1:20-cv-02658 Document 1 Filed 09/18/20 Page 2 of 46 INTRODUCTION 1. This action seeks to prevent the government from impermissibly banning TikTok, a mobile software application that 100 million Americans use to create and share short videos composed of expressive content. On September 18, 2020, the U.S. Department of Commerce identified the prohibited transactions (the “Prohibitions”) covered by President Trump’s August 6, 2020 executive order purportedly “Addressing the Threat Posed by TikTok” (the “August 6 order” and, together with the Prohibitions, the “TikTok ban”).
    [Show full text]
  • Chailease Holding Company Limited. Guidelines for Information Security Management I. Purpose 1. the Company Sets Forth These
    Chailease Holding Company Limited. Guidelines for Information Security Management Date: 2019/11/13 Approved by Chairman of the board I. Purpose 1. The Company sets forth these Guidelines in order to strengthen the information security management and establish a reliable information operating environment to ensure the Company's rights and interests. II. General Rule 2. The “Company” in the Guidelines, is referring to Chailease Holding and its affiliates. 3. The Company may conduct information security risk assessment in accordance with relevant laws and regulations to determine the level of information security requirements, and adopt appropriate measures to ensure the security of the Company's data operation. 4. Regarding the “appropriate measures” in the Guidelines, the risk level of each information asset and the degree of impact or harm to the Company's operation shall be comprehensively considered, and adopt commensurate and cost-effective information security measures. 5. The Company shall set relevant regulations and regularly evaluate the implementation results for the following information security measures: (1) The formulation of information security policy. (2) The responsibility division of information security. (3) The security management of computer system. (4) The security management of network. (5) The management of system access control. (6) The security management of system development and maintenance. (7) The security management of information assets. (8) Physical and environmental security management. (9) Sustainable business operation program. (10) Laws and operations compliance. III. The Formulation of the Information Security Policy 6. The Company shall set relevant information security policy in accordance with actual business needs, and notify relevant personnel to comply with the policy in writing, electronically or otherwise.
    [Show full text]
  • Security Management
    BACHELOR OF SCIENCE IN MAJOR SECURITY MANAGEMENT DEPARTMENT OF SECURITY, FIRE, AND EMERGENCY MANAGEMENT 524 West 59th Street, New York, NY 10019 n Haaren Hall, Room 433.08 n 212-237-8599 www.jjay.cuny.edu/department-security-fire-and-emergency-management See further major requirements at: www.jjay.cuny.edu/security-management-major-resources WHAT WILL YOU LEARN IN THIS MAJOR? Every significant public institution and private corporation has a security function associated with its mission to mitigate losses and risks. They need managers. The Bachelor of Science in Security Management focuses on the analysis of security risks and vulnerabilities, along with the administration of programs designed to reduce loss in both the public and private sectors. The major provides a comprehensive understanding of the principles, practices, technology and law within the security field. This enables managers to better safeguard persons, property, and privacy both inside and outside of the work environment. The major also prepares students for advanced study in John Jay’s unique graduate program in Protection Management and the new graduate online degrees in Security Management and Emergency Management. IN THIS MAJOR YOU WILL nnn FIRST COURSES IN THE MAJOR nnn Discover what is most important in reducing risks and SEC 101: Introduction to Security losses to organizations SEC 210: Methods of Security Identify emerging career opportunities in the private SEC 211: Security Management security industry and within proprietary workplaces Interpret and analyze laws, codes, standards, Students in the major will have a choice of the and practices pertinent to private security following categories of study: Learn the roles of cybersecurity and technology in the A.
    [Show full text]
  • Guide to Developing a Cyber Security and Risk Mitigation Plan
    NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan DOE Award No: DE-OE0000222 National Rural Electric Cooperative Association, Copyright 2011 1 NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan Prepared by Evgeny Lebanidze Cigital 21351 Ridgetop Circle Suite 400 Dulles, VA 20166-6503 [email protected] 703-585-5047 for The National Rural Electric Cooperative Association’s Cooperative Research Network 4301 Wilson Boulevard Arlington, VA 22203 National Rural Electric Cooperative Association, Copyright 2011 2 The National Rural Electric Cooperative Association The National Rural Electric Cooperative Association (NRECA), founded in 1942, is the national service organization supporting more than 900 electric cooperatives and public power districts in 47 states. Electric cooperatives own and operate more than 42 percent of the distribution lines in the nation and provide power to 40 million people (12 percent of the population). The Cooperative Research Network (CRN) is the technology research arm of NRECA. ©Guide to Developing a Cyber Security and Risk Mitigation Plan Copyright © 2011 by National Rural Electric Cooperative Association. Legal Notice This work contains findings that are general in nature. Readers are reminded to perform due diligence in applying these findings to their specific needs as it is not possible for NRECA to have sufficient understanding of any specific situation to ensure applicability of the findings in all cases. Neither the authors nor NRECA assumes liability for how readers may use, interpret, or apply the information, analysis, templates, and guidance herein or with respect to the use of, or damages resulting from the use of, any information, apparatus, method, or process contained herein.
    [Show full text]