low impact focus group
play

Low Impact Focus Group Monthly Meeting October 24, 2017 Opening - PowerPoint PPT Presentation

Sep 21, 2022 •221 likes •490 views

Low Impact Focus Group Monthly Meeting October 24, 2017 Opening Comments This meeting is being recorded All lines are open in order to facilitate discussion Please mute your line when not speaking Please do not put this call on

  1. Low Impact Focus Group Monthly Meeting October 24, 2017

  2. Opening Comments  This meeting is being recorded  All lines are open in order to facilitate discussion  Please mute your line when not speaking  Please do not put this call on hold – many systems play music on hold • If you need to answer another call, please disconnect and call back in 2 Forward Together • ReliabilityFirst

  3. Announcements  NERC’s Antitrust Guidelines are available at: • http://www.nerc.com/pa/Stand/Resources/Documents/NER C_Antitrust_Compliances_Guidelines.pdf  This is a public call. RF cannot pre-screen the attendees. 3 Forward Together • ReliabilityFirst

  4. Mailing List  ciplifg@lists.rfirst.org  This list is intended as a discussion forum.  List changes, such as additions or removals, should be sent to: lew.folkerth@rfirst.org 4 Forward Together • ReliabilityFirst

  5. Survey Results  Lew conducted an informal on-line survey  Results are anonymous  There were 49 survey visits, 43 completed responses, and 2 partial responses 5 Forward Together • ReliabilityFirst

  6. Survey Results Somewhat Special Topics Not Important Important Score Rank Important 27.27% 22.73% 50.00% Introduction to CIP Low Impact Requirements and 282 7 Compliance 12 10 22 0.00% 20.45% 81.82% Low Impact Electronic Access Controls 405 1 0 9 36 4.55% 25.00% 70.45% Low Impact Physical Access Controls 367 3 2 11 31 6.82% 13.64% 79.55% Low Impact Compliance Documentation and Evidence 383 2 3 6 35 4.55% 34.09% 61.36% Field Experience with Low Impact Implementation (Notes 347 4 and experiences from a CIPLIFG member) 2 15 27 9.30% 32.56% 58.14% What Happens During an Audit? 324 6 4 14 25 11.36% 27.27% 61.36% In-depth Discussion of Emerging Standards Applicable to 335 5 Low Impact 5 12 27 6 Forward Together • ReliabilityFirst

  7. Survey Results  Please suggest additional topics: • the key thing for all topics discussed is that RF needs to present only the facts and not speculate on what could or could not be needed for compliance with the Standard. For example, if RF does not know how what the audit expectations are, then the answer is TBD. Providing any speculative answers that go beyond the language of the Standard will create unintended expectations that Registered Entities may expend considerable resources to achieve. 7 Forward Together • ReliabilityFirst

  8. Survey Results  Please suggest additional topics: • I'm fairly new to compliance. All the suggested information would be very welcome. Thanks. • I am sure they are all important. Those I marked as important should be covered first in my opinion. • An IT101 focus might be good for the group. Where I struggle is understanding some of the technical terminology and applying the Standards to the actual equipment we have on site. Example; routable dial up connectivity, DMZ, etc. • Discussion relative to the Reference Models in CIP 003 8 Forward Together • ReliabilityFirst

  9. Survey Results  Please suggest additional topics: • In general, whatever is presented needs to be based on facts and not speculation. There is very little low impact guidance available and any information provided by a regulator should be based on what will be done and not what could be done. Entities need to have a clear understanding of RF expectations in order to provide the proper focus and resources in developing a low impact program. The existing published Attachment C includes a Tab and evidence sampling questions that based on the current and pending Standard language, would not be applicable (i.e. LI Cyber Assets list). RF personnel have indicated this information is not required and optional, however, because it is a regulator published document, entities could interpret this as something RF is expecting to see now or in the future. Being a regulator, only the actual information required and expectations should be published in official documents. If an entity wants to provide something optional, then it should be their choice and not included as part of the primary tool used by RF to audit compliance. This type of miss information could lead an entity to apply significant resources to address an unintended expectation rather than focusing those resources on concerns that have a more significant reliability impact. The same approach should be used by NERC/RF when making any public statements regarding compliance expectations (i.e. facts only and not speculation). In the absence of clear expectations, every word from a regulator can make a difference in how a program is developed. 9 Forward Together • ReliabilityFirst

  10. Survey Results  Do the monthly CIPLIFG meetings provide value to your organization? • Yes: 39 (92.9%) • No: 3 (7.1%)  Should the CIPLIFG monthly meetings be continued? • Yes: 43 (100%) • No: 0 (0%) 10 Forward Together • ReliabilityFirst

  11. Survey Results  Additional comments or feedback • Since I am new to the Compliance side of the business, I appreciate any and all extra information I can learn about the subject. We are a low impact, or even below that level, entity. Thanks in advance for all the time and assistance in this area. • It seems like this group is slow in starting up. I do believe with the subjects noted in this survey that it should take off and be more vital to an organization. It would also be nice to have the presentation available a few days ahead of time so that entities may review it and note any questions they may have before the meeting or presentation. 11 Forward Together • ReliabilityFirst

  12. Survey Results  Additional comments or feedback • This group can be a very key part in providing valuable information to the industry on the compliance expectations of RF. There has been a lot of speculation and miss information about what is needed by a Registered Entity to demonstrate compliance for low impact systems (e.g. a published Attachment C with a Low Impact Cyber Asset tab to be used for sampling during an audit.). These monthly meetings could be used to clarify and establish clear expectations based on facts and the language of the Standard. Please continue them! 12 Forward Together • ReliabilityFirst

  13. Survey Results  Additional comments or feedback • The CIPLIFG has been understandably geared towards entities with no Medium or High-Impact BCS so far. Entities that already have these types of BCS would get more value in discussing types of cyber assets at low impact sites, implementing the reference models from CIP-003-6, and details on what type of evidence will be expected for access (physical keyholder lists? drawings of LEAP/LERC/Physical boundaries, awareness, etc.) 13 Forward Together • ReliabilityFirst

  14. Survey Results  Additional comments or feedback • Would like to see presentations from entities on how the are implementing their low impact compliance program. In particular any challenges or redesigns involving electronic access controls. 14 Forward Together • ReliabilityFirst

  15. Survey Results  Additional comments or feedback • may want to reevaluate periodicity to determine if monthly is too frequent. • Frequency of meetings could probably be stretched to bi- monthly. 15 Forward Together • ReliabilityFirst

  16. Survey Results  Additional comments or feedback • There is much potential for the meeting and I would like to see it continue. • We attend as possible. • None at this time • no additional requests. • I would like to say thanks for having this group. • Thanks for doing this!!! 16 Forward Together • ReliabilityFirst

  17. Survey Results  Key take-aways • There is significant interest in all suggested topics. Possible additional topics: IT-101 (Intro to information technology and cyber security language and concepts) • When covering access controls, ensure the CIP-003 reference models are covered. • Include recommended evidence where possible. • RF’s presentations and documents must clearly differentiate between actions required by a Standard and recommended practice. • Regular meetings should continue, although possibly on a bi-monthly schedule. 17 Forward Together • ReliabilityFirst

  18. Standards Update  CIP-003-7 NOPR • FERC issued a Notice of Proposed Rulemaking (NOPR) at its October 19, 2017, open meeting. • The NOPR is located at: https://www.ferc.gov/whats- new/comm-meet/2017/101917/E-1.pdf. 18 Forward Together • ReliabilityFirst

  19. Standards Update  CIP-003-7 NOPR • P31,32: Electronic Access Controls ‒ “CIP-003-7 does not provide clear, objective criteria or measures to assess compliance by independently confirming that the access control strategy adopted by a responsible entity would reasonably meet the security objective of permitting only ‘necessary inbound and outbound electronic access’ to its low impact BES Cyber Systems.” (P28) • Four proposed criteria: ‒ Electronic access granted through an authorized and monitored electronic access point (CIP-005-5 R1) ‒ Electronic access granted based on need (CIP-005-5 R1 Part 1.3) ‒ Methods to enforce authentication of users (CIP-007-6 R5) ‒ Strong passwords, password change intervals (CIP-007-6 R5) 19 Forward Together • ReliabilityFirst

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Low Impact Focus Group Monthly Meeting January 23, 2018 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting January 23, 2018 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting January 23, 2018 Opening Comments This meeting is being recorded All lines will be muted. In order to comment, you may: Use the WebEx Raise Hand feature. Send a message to the

445 views • 17 slides
Low Impact Focus Group August 16, 2018 Opening Comments This meeting is being recorded

Low Impact Focus Group August 16, 2018 Opening Comments This meeting is being recorded

Low Impact Focus Group August 16, 2018 Opening Comments This meeting is being recorded All lines will be muted. In order to comment, you may: Use the WebEx Raise Hand feature. Send a message to the presenter via WebEx

301 views • 26 slides
Low Impact Focus Group Monthly Meeting November 14, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting November 14, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting November 14, 2017 Opening Comments This meeting is being recorded All lines will be muted. In order to comment, you may: Use the WebEx Raise Hand feature. Send a message to the

350 views • 15 slides
Low Impact Focus Group Kickoff Meeting July 18, 2017 Opening Comments This meeting is being

Low Impact Focus Group Kickoff Meeting July 18, 2017 Opening Comments This meeting is being

Low Impact Focus Group Kickoff Meeting July 18, 2017 Opening Comments This meeting is being recorded All lines are open in order to facilitate discussion Please mute your line when not speaking Please do not put this call on hold

292 views • 11 slides
Low Impact Focus Group April 20, 2018 Opening Comments This meeting is being recorded All

Low Impact Focus Group April 20, 2018 Opening Comments This meeting is being recorded All

Low Impact Focus Group April 20, 2018 Opening Comments This meeting is being recorded All lines will be muted. In order to comment, you may: Use the WebEx Raise Hand feature. Send a message to the presenter via WebEx

275 views • 13 slides
Low Impact Focus Group Monthly Meeting September 19, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting September 19, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting September 19, 2017 Opening Comments This meeting is being recorded All lines are open in order to facilitate discussion Please mute your line when not speaking Please do not put this call on

239 views • 13 slides
Low Impact Focus Group Monthly Meeting August 15, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting August 15, 2017 Opening Comments This meeting is

Low Impact Focus Group Monthly Meeting August 15, 2017 Opening Comments This meeting is being recorded All lines are open in order to facilitate discussion Please mute your line when not speaking Please do not put this call on

264 views • 10 slides
SECOND FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE Improving work-life

SECOND FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE Improving work-life

TUNED - Trade Union ' s National and European Delegation EUPAE - European Public Administration Employers SECOND FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE Improving work-life balance: opportunities and risks coming from

366 views • 12 slides
FIRST FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE IMPROVING WORK-LIFE

FIRST FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE IMPROVING WORK-LIFE

TUNED - Trade Union ' s National and European Delegation EUPAE - European Public Administration Employers FIRST FOCUS GROUP: THE IMPACT OF DIGITALISATION ON WORK-LIFE BALANCE IMPROVING WORK-LIFE BALANCE: OPPORTUNITIES AND RISKS COMING FROM

227 views • 20 slides
Focus Groups A Focus Group Is . . . What A carefully planned discussion To obtain

Focus Groups A Focus Group Is . . . What A carefully planned discussion To obtain

Focus Groups A Focus Group Is . . . What A carefully planned discussion To obtain perceptions of a defined interest area 2 A Focus Group Is . . . Where In a permissive, non-threatening environment 3 A Focus Group Is . . .

422 views • 16 slides
Focus Group and Parent Survey Feedback Focus Group Feedback Intro Focus group comprised of:

Focus Group and Parent Survey Feedback Focus Group Feedback Intro Focus group comprised of:

Focus Group and Parent Survey Feedback Focus Group Feedback Intro Focus group comprised of: 31 community parent and staff participants Three meetings: Meeting one : Overview of the issue Meeting two : Investigate further with

288 views • 14 slides
DRAFT Hall School Culture and Student Conduct Focus Group June 15, 2016 Focus Group Planning

DRAFT Hall School Culture and Student Conduct Focus Group June 15, 2016 Focus Group Planning

DRAFT Hall School Culture and Student Conduct Focus Group June 15, 2016 Focus Group Planning The purpose of the Focus Group is to collaborate as stakeholders to give input and recommendations to establish, revise and communicate clear,

695 views • 20 slides
stakeholders: focus on pharmacovigilance Impact of Pharmacovigilance/Effectiveness of Risk

stakeholders: focus on pharmacovigilance Impact of Pharmacovigilance/Effectiveness of Risk

Demonstrating impact for public health and stakeholders: focus on pharmacovigilance Impact of Pharmacovigilance/Effectiveness of Risk Minimisation/Best evidence Joint meeting: Patients and Consumers and Healthcare Professionals working parties

795 views • 28 slides
Focusing in Focus Groups Faisal Islam July 8, 2016 Funded by: 1. Orient ourselves to Focus

Focusing in Focus Groups Faisal Islam July 8, 2016 Funded by: 1. Orient ourselves to Focus

Focusing in Focus Groups Faisal Islam July 8, 2016 Funded by: 1. Orient ourselves to Focus Group Discussion 2. Understand when to use (or not use) Focus Group 3. Learn how to conduct Focus Group 4. Explore how to analyze data from

701 views • 34 slides
Apicultural NZ Technical Focus Group Apiculture NZ Technical Focus Group Submission Supports

Apicultural NZ Technical Focus Group Apiculture NZ Technical Focus Group Submission Supports

Submission APP202349 Apicultural NZ Technical Focus Group Apiculture NZ Technical Focus Group Submission Supports the reassessment where it is based on the human health risk assessment. Chlorothalinol is a widely used fungicide that

447 views • 6 slides
Focus Groups with DC Employers, Employees, and Brokers Focus Group Findings September 12, 2018

Focus Groups with DC Employers, Employees, and Brokers Focus Group Findings September 12, 2018

Focus Groups with DC Employers, Employees, and Brokers Focus Group Findings September 12, 2018 1 Background. PerryUndem conducted three focus groups to hear feedback on DC Health Link (DCHL). 1 group with 12 employers, or decision makers

323 views • 13 slides
Global Consumer Spending on Media Content & Technology Forecast 2014-18 Most Credible,

Global Consumer Spending on Media Content & Technology Forecast 2014-18 Most Credible,

Global Consumer Spending on Media Content & Technology Forecast 2014-18 Most Credible, Consistent, Actionable Intelligence on Consumer Buying Patterns Report #3 of 3 in PQ Medias Global Media & Technology Forecast Series 2014

221 views • 11 slides
CDSS Web Chat #1: Boosting AttenDANCE Having trouble with your computer audio? Dial in - +1 (571)

CDSS Web Chat #1: Boosting AttenDANCE Having trouble with your computer audio? Dial in - +1 (571)

CDSS Web Chat #1: Boosting AttenDANCE Having trouble with your computer audio? Dial in - +1 (571) 371-3122 - Access Code 591-540-485 Webchat Format Noon ET Introduction: Katy German & Linda Henry 12:05 First guest: Jo Mortland

338 views • 7 slides
Link Layer and LANs CMPS 4750/6750: Computer Networks 1 Outline overview (6.1) multiple

Link Layer and LANs CMPS 4750/6750: Computer Networks 1 Outline overview (6.1) multiple

Link Layer and LANs CMPS 4750/6750: Computer Networks 1 Outline overview (6.1) multiple access (6.3) link addressing: ARP (6.4.1) a day in the life of a web request (6.7) 2 Link layer: introduction terminology: hosts, switches,

602 views • 39 slides
Welcome to the Technology Competencies for Libraries Webinar If you can hear us, click the

Welcome to the Technology Competencies for Libraries Webinar If you can hear us, click the

Welcome to the Technology Competencies for Libraries Webinar If you can hear us, click the button below If you cant hear us, click the button below and we will troubleshoot Phone access also available as alternative to

1.1k views • 51 slides
Usage in the Visible Internet Xue Cai and John Heidemann USC/Information Sciences Institute Aug.

Usage in the Visible Internet Xue Cai and John Heidemann USC/Information Sciences Institute Aug.

Understanding Block-level Address Usage in the Visible Internet Xue Cai and John Heidemann USC/Information Sciences Institute Aug. 31, 2010, SIGCOMM10 xuecai@isi.edu 1 The Discovery of Halley's Comet xuecai@isi.edu 2 The Discovery of

502 views • 34 slides
Motivation Internet in Pakistan Motivation Internet in Pakistan Developed Developing Facts

Motivation Internet in Pakistan Motivation Internet in Pakistan Developed Developing Facts

Overview Overview Information Access and Information Access and Poor Mans Broadband Communication Networks in the Communication Networks in the Poor Mans Cache Developing- -world world Developing Packet Containment TEK

351 views • 6 slides
ConnectHome Nation Webinar Running Your ConnectHomeUSA Program: Securing Funding & Engaging

ConnectHome Nation Webinar Running Your ConnectHomeUSA Program: Securing Funding & Engaging

ConnectHome Nation Webinar Running Your ConnectHomeUSA Program: Securing Funding & Engaging Residents April 30, 2019 1 Agenda Agenda Albany HA 1. WebEx Instructions Wilson HA 2. Introductions North Little 3. Wilson Housing Authority

519 views • 25 slides
Countdown to VISTA Service Dial: 866-609-4997 Connecting to Audio Dial: 866-609-4997 Audio

Countdown to VISTA Service Dial: 866-609-4997 Connecting to Audio Dial: 866-609-4997 Audio

The webinar will begin soon. While you wait, please share in the chat box: What motivated you to apply to your VISTA position? Countdown to VISTA Service Dial: 866-609-4997 Connecting to Audio Dial: 866-609-4997 Audio resource tools

414 views • 15 slides

More recommend