NERC CIP for Low Impact Entities – Oklahoma City

Course syllabus

Background

Terminology

Asset identification

How do you know you have only low impact systems?

Low Impact versus Out of Scope, what’s the difference?

What does CIP-002 require?

How do you document and defend your CIP-002 BES Cyber System Categorization process

Policy and management requirements

CIP Senior Manager

Cybersecurity Policies

Security plans for Low Impact systems

Low Impact requirements

Incident Response planning

Physical Security requirements

Electronic security, LERC and LEAP

Security Awareness programs

Documenting compliance

What type of evidence is required

What to expect in an audit

Writing effective RSAW narratives

NERC’s Compliance Monitoring and Enforcement program

What you need to know

Inherent Risk Assessments

Internal Controls Evaluations

Internal Compliance Program reviews

Self-reporting and Self-certification

The audit process