Frameworks, Standards, Guidelines, and Best Practices

1. Frameworks, Standards, Guidelines, and Best Practices Dan Wagner, B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber SecurityWECC Reliability & Security Workshop San Diego, CA – October 23–24, 2018 Western Electricity Coordinating Council

2. What frameworks teach us Western Electricity Coordinating Council

3. Early Stages Western Electricity Coordinating Council

4. Each of the above voluntary Frameworks present standards, guidelines, and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. NIST, DRII, BCI, CSA, ISO, COBIT,VRMMM, SCRM, DAMA, ITIL, SDLC Western Electricity Coordinating Council

5. Western Electricity Coordinating Council

6. Western Electricity Coordinating Council

7. Constantly learning? Western Electricity Coordinating Council

8. Industry Advice

9. Each of the above voluntary Frameworks integrate standards, guidelines, maturity models and best practices for managing cybersecurity-related risks. The NIST Cybersecurity Framework’s prioritized and flexible approach promotes the protection and resilience of critical infrastructure and other sectors important to the economy and national security. NIST, DRII, BCI, CSA, ISO, COBIT,VRMMM, SCRM, DAMA, ITIL, SDLC Western Electricity Coordinating Council

10. Disaster Recovery Institute International (DRII) • https://drii.org/ • The Business Continuity Institute (BCI) • https://www.thebci.org/ • The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK) • https://dama.org/content/body-knowledge • VENDOR RISK MANAGEMENT MATURITY MODEL (VRMMM) • https://sharedassessments.org/vrmmm/ • Supply-Chain Risk Management (SCRM) • http://www.scrlc.com/ Frameworks, Standards, Guidelines, and Best Practice - Examples Western Electricity Coordinating Council

11. Frameworks, Standards, Guidelines, and Best Practice - Examples • Framework for Improving Critical Infrastructure Cybersecurity and related news, information: • www.nist.gov/cyberframework • Additional cybersecurity resources: http://csrc.nist.gov/ • Questions, comments, ideas: cyberframework@nist.gov • COBIT (Control Objectives for Information and Related Technologies) • http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx • Capability Maturity Model Integration (CMMI) • https://cmmiinstitute.com/ Western Electricity Coordinating Council

12. Disaster Recovery Institute Intl (DRII)

13. The Business Continuity Institute (BCI)

14. The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK)

15. Vendor Risk Management Maturity Model (VRMMM)

16. Supply Chain Risk Management (SRCM) Maturity Model

17. Framework for Analyzing the Pace of Technology Substitution

18. Professional Advice CannotPredict

19. What is significant to your role Western Electricity Coordinating Council

20. The Business Continuity Institute (BCI)

21. The Business Continuity Institute (BCI)

22. BCI – PP1

23. BCI – PP1 (Policy and Program Management)

24. BCI – PP2

25. BCI – PP2 (Embedding Business Continuity)

26. BCI – PP3

27. BCI – PP3 (Analysis)

28. BCI – PP4

29. BCI – PP4 (Design)

30. BCI – PP5

31. BCI – PP5 (Implementation)

32. BCI – PP6

33. BCI – PP6 (Validation)

34. Questions? Dan Wagner B.S., CISSP, CRISC, CISA, VCE-CIA Compliance Auditor, Cyber Security Audits Western Electricity Coordinating Council 155 N 400 West Suite 200, Salt Lake City, UT 84103 dwagner@wecc.biz Western Electricity Coordinating Council