North American Electric Reliability Corporation- Critical Infrastructure Protection.
The Risk Analysis and Risk Management process provided by Sentryx completely satisfies annual federal and state audits.
CIP Standards Subject to Enforcement
CIP-002-3 Critical Cyber Asset Identification
CIP-003-3 Security Management Controls
CIP-004-3a Personnel and Training
CIP-005-3a Electronic Security Perimeters
CIP-006-3c Physical Security of Critical
CIP-007-3a Systems Security Management
CIP-008-3 Incident Reporting and Response
CIP-009-3 Recovery Plans for Critical
Top 5 Reasons to Undertake Risk Analysis and Risk Management:
1. Avoid security incidents
and /or breaches.
2. Ensure that high priority risks are
aggressively managed and that all
risks are cost-effectively managed
throughout the project.
3. Become a “best in class” practice.
4. Provide management at all levels with
the information required to make
informed decisions on issues critical to
5. Tremendous educational and
NERC-CIP Compliance and Risk Management
Who is required to comply with NERC-CIP regulations?
All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards.
What are the Penalties for Violating NERC-CIP?
Sanctioning of confirmed violations is determined pursuant to the NERC Sanction Guidelines and is based heavily upon the Violation Risk Factors and Violation Severity Levels of the standards requirements violated and the violations’ duration. Entities found in violation of any standard must submit a mitigation plan for approval by NERC and, once approved, must execute this plan as submitted.
Sentryx Solution for NERC-CIP Compliance and Risk Management
Sentryx provides expert guidance and effective software technology called SPARTAN to address the entirety of NERC-CIP compliance and risk management. Our solution consistently addresses the seven elements of an effective compliance program. Our risk assessment process includes an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of confidential information.
• Spartan provides an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic information, whether it be client or company data.
• Definitions and default text aid in understanding of each topic and provide proper vernacular for attestation.
• Spartan solutions risk access, develop mitigation plans, and write reports.
• Spartan provides operational compliance through a mature, repeatable, complete, accurate and sustainable process and can become your on-going compliance assessment and monitoring tool.
• Spartan SaaS is an Enterprise Class platform providing Information Technology, Governance Risk and Compliance (IT GRC). Modules include HIPAA, FISMA, PCI-DSS, FERPA, NERC-CIP, Business Continuity Planning.
• Modules can be used individually or in combination when unique compliance requirements share common security controls and help us efficiently keep up with hundreds of tasks associated with each regulatory requirement.
• Spartan provides an auditable, password protected, logged documentation tool that meets requirements of internal and external audit standards.
Sentry Cybersecurity Solutions provides a methodology and software that is proactive, adaptable, and consistent with industry best standards.
The risk analysis and risk management process includes an accurate and
thorough assessment of the potential
risks and vulnerabilities to the confidentiality, integrity, and availability
of critical information and sensitive data.
An Ongoing Effort that
Requires Process Maturity
Peace of Mind
There is a Right Way and
Many Wrong Ways
Checklist and Spreadsheets
Will Not Pass Audit
Copyright 2013 - 2015 Sentryx Cybersecurity Solutions. All rights reserved.