Business911 Regulatory Compliance and Audit services include:
Sarbanes-Oxley (SOX) IT process reviews, mitigation strategies, complance review and testing
We provide independent audit assistance or mitigation of IT controls to insure compliance with SOX.
NERC/CIP services include assessment, mitigation, of CIP-002 thru CIP-009 Critical Infrastructure Protection
Our extensive background in information security, network analysis, IT governance, and organizational resiliency provides a solid foundation to provide best of class NERC/CIP consultation. Our experience includes process control, manufacturing, and SCADA systems.
The North American Electric Reliability Corporation (NERC) is responsible for ensuring North America's bulk electric system is secure, adequate and reliable. To meet this challenge, NERC developed the Critical Infrastructure Protection (CIP) Cyber Security Standards.
Those eight standards are:
* CIP-002 Cyber Asset Identification
* CIP-003 Security Management Controls
* CIP-004 Personnel & Training
* CIP-005 Electronic Security Perimeters
* CIP-006 Physical Security
* CIP-007 System Security Management
* CIP-008 Incident Reporting and Response
* CIP-009 Recovery Plan for Critical Cyber Assets
NERC requirements stress accountability and auditability at multiple layers of security and on an end-to-end basis. Especially wherever IP and Ethernet protocols are used, end-to-end accountability includes being able to monitor and assure secure communications with no weak links.
Resources related to NERC/CIP:
