SlideShare una empresa de Scribd logo

Technologies for Security and Compliance by Ken McIntyre, Ercot

Descargar como PPTX, PDF
T
TheAnfieldGroup
TecnologíaEmpresariales
1 de 19
Page 1 Company Logo 2012 Technologies for Security and Compliance Summit August 2012 Austin, Texas Ken McIntyre Director Standards and Protocol Compliance Electric Reliability Council Of Texas
Page 2 Company Logo 2012 Technologies for Security and Compliance Summit Presentation: • Electric Reliability Council of Texas • The Regulatory Challenge • ERCOT Compliance Initiatives
Page 3 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Responsibilities • System Reliability • Open and Competitive Markets • Congestion Management • Network Modeling
Page 4 Company Logo Electric Reliability Council Of Texas (ERCOT) Key Features of the ERCOT Grid • Represents 85% of Texas Load • 74,000 MW of generation capacity • 40,530 miles of transmission lines • Electrical island with several DC Ties • RC, BA, TOP (CFR), PC, IC, RP, TSP ERCOT facilitates competitive markets to help achieve reliability.
Page 5 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Compliance Department • Centralized Compliance Program • Increased from two to thirteen employees • 693, CIP and all ERCOT Protocols • Standards Development (ballots etc.) • All things NERC e.g. CANs, TFEs, EA ERCOT Compliance Mission Statement: Promote ERCOT Reliability, Security and Compliance, through Collaboration, Leadership and Expertise.
Page 6 Company Logo The Regulatory Challenge ERCOT Public Utility Commission of Texas PUCT FERC / NERC SSAE16 / SOX ERCOT Board F&A (Internal Audits) Texas Reliability Entity (Regional Entity) DOE, DHS, EPA, NAESB
Page 7 Company Logo
Page 8 Company Logo
Page 9 Company Logo
Page 10 Company Logo The Regulatory Challenge cont. • Audits and Investigation Preparation • Compliance burden on organization • Standards Development • Compliance with new standards and versions • Internal Compliance and Monitoring Program • Event Analysis Reporting and Lessons Learned • Institutionalize recommendations • Critical Infrastructure Protection • Maintaining best practice / Defense in Depth • SCADA System integrity / Smart Grid information / Mobile Devices • CIP Standards and new versions
Page 11 Company Logo ERCOT Compliance Initiatives What should the Compliance Department do? • Compliance ‘promotes’ Reliability and Security • Allow Subject Matter Experts to focus on improving industry, while still meeting compliance obligations (daily activities) • Reduce duplication of regulatory efforts across the organization (one activity meets multiple regulatory requirements) • Active Policy Monitoring and Enforcement to allow early detection and mitigation of issues, and avoid unnecessary compliance burden • Minimize ‘Drift’ from stated expectations • Institutionalize Recommendations, ‘Normal Practice’
Page 12 Company Logo ERCOT Compliance Initiatives cont. What is the Compliance Department going to do? • Consolidate PUCT/FERC/NERC Compliance Data Repositories • Common regulatory evidence, sampling, reporting, event analysis, mitigation • Implement AlertEnterprise ‘GRC’ Solution for Compliance • NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16 • Automate RSAW development, and other compliance activities • Active Policy Monitoring and Enforcement (2013) • Map requirements between multiple regulatory environments • Provide Compliance Transparency • AlertEnterprise Dashboards for Executives and Managers • Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
Page 13 Company Logo ERCOT Compliance Initiatives cont. Additional detail on some initiatives....
Page 14 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT mapping requirements between multiple regulatory environments: - Map requirements between NERC – Protocols – Guides – Policy - Interactive display of Requirement and document associations with master & transaction data, - Displays Requirement association with transaction data (Assessments, Investigation, Mitigation, Self Report, Action Items, RSAW, Event Tracker) within a date range
Page 15 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT NERC RSAW functionality: - Developed for NERC RSAW creation, - Can be applied/formatted for other regulatory requirements - Templates with requirements and placeholders for compliance actions, SME and evidence tables NERC
Page 16 Company Logo ERCOT Compliance Initiatives cont.
Page 17 Company Logo ERCOT Compliance Initiatives cont.
Page 18 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT ‘Risk Engine’ concept : - Essentially a means to provide the association of a NERC ‘risk score’ or ‘risk categorization’ to framework items and controls - Based on VRF, compliance history, enforcement history, NERC ranking (Top 20), self reports, mitigation plans etc. - Benefits of assigning a ‘risk score’ to a standard and requirement will be the development of appropriate monitoring, reporting, dash-boarding, frequency of assessments, focused training, resource allocation etc. - ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are we compliant today and what is the confidence that our controls in place are adequate, how well are we prepared to demonstrate compliance?
Page 19 Company Logo Thank you - Questions?

Recomendados

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 

Recomendados

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Corporacion Colombia Digital
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIvanti
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppteyasinalimohammed
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...BAINIDA
 

Más contenido relacionado

La actualidad más candente

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIvanti
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 

La actualidad más candente (20)

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better Together
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challenges
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, Secure
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 

Similar a Technologies for Security and Compliance by Ken McIntyre, Ercot

Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...BAINIDA
 
Simplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachSimplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachp6academy
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Artificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasArtificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasSparkCognition
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Canada
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0najuor
 
Carbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaCarbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaOcean Software
 
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)Eric Stephens
 
How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...Subex
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Oracle
 
ClearCost Introduction 2015
ClearCost Introduction 2015ClearCost Introduction 2015
ClearCost Introduction 2015Mark S. Mahre
 
Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Gautam Ahuja
 
Taming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicTaming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicAnn Kelly
 
Unified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationUnified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationEnnov
 

Similar a Technologies for Security and Compliance by Ken McIntyre, Ercot (20)

Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
cybersecurity regulation for thai capital market ดร.กำพล ศรธนะรัตน์ ผู้อำนวย...
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
Simplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approachSimplifying it using a disciplined portfolio governance approach
Simplifying it using a disciplined portfolio governance approach
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Artificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and GasArtificial Intelligence Application in Oil and Gas
Artificial Intelligence Application in Oil and Gas
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with Virtualization
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0
 
Carbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - AustraliaCarbon Footprinting Compliance Schemes - Australia
Carbon Footprinting Compliance Schemes - Australia
 
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
EA Governance as IT Sustainability (NY IT Leadership Academy Apr 2013)
 
How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...How to manage and reduce network Capex and Opex while maintaining profitabil...
How to manage and reduce network Capex and Opex while maintaining profitabil...
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
ClearCost Introduction 2015
ClearCost Introduction 2015ClearCost Introduction 2015
ClearCost Introduction 2015
 
Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0Role of Connectivity - IoT - Cloud in Industry 4.0
Role of Connectivity - IoT - Cloud in Industry 4.0
 
Taming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogicTaming the regulatory tiger with jwg and smartlogic
Taming the regulatory tiger with jwg and smartlogic
 
Unified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov PresentationUnified Clinical Operations - Ennov Presentation
Unified Clinical Operations - Ennov Presentation
 

Más de TheAnfieldGroup

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixTheAnfieldGroup
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing SecurityTheAnfieldGroup
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 

Más de TheAnfieldGroup (6)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 

Último

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Último (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Technologies for Security and Compliance by Ken McIntyre, Ercot

  • 1. Page 1 Company Logo 2012 Technologies for Security and Compliance Summit August 2012 Austin, Texas Ken McIntyre Director Standards and Protocol Compliance Electric Reliability Council Of Texas
  • 2. Page 2 Company Logo 2012 Technologies for Security and Compliance Summit Presentation: • Electric Reliability Council of Texas • The Regulatory Challenge • ERCOT Compliance Initiatives
  • 3. Page 3 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Responsibilities • System Reliability • Open and Competitive Markets • Congestion Management • Network Modeling
  • 4. Page 4 Company Logo Electric Reliability Council Of Texas (ERCOT) Key Features of the ERCOT Grid • Represents 85% of Texas Load • 74,000 MW of generation capacity • 40,530 miles of transmission lines • Electrical island with several DC Ties • RC, BA, TOP (CFR), PC, IC, RP, TSP ERCOT facilitates competitive markets to help achieve reliability.
  • 5. Page 5 Company Logo Electric Reliability Council Of Texas (ERCOT) ERCOT Compliance Department • Centralized Compliance Program • Increased from two to thirteen employees • 693, CIP and all ERCOT Protocols • Standards Development (ballots etc.) • All things NERC e.g. CANs, TFEs, EA ERCOT Compliance Mission Statement: Promote ERCOT Reliability, Security and Compliance, through Collaboration, Leadership and Expertise.
  • 6. Page 6 Company Logo The Regulatory Challenge ERCOT Public Utility Commission of Texas PUCT FERC / NERC SSAE16 / SOX ERCOT Board F&A (Internal Audits) Texas Reliability Entity (Regional Entity) DOE, DHS, EPA, NAESB
  • 10. Page 10 Company Logo The Regulatory Challenge cont. • Audits and Investigation Preparation • Compliance burden on organization • Standards Development • Compliance with new standards and versions • Internal Compliance and Monitoring Program • Event Analysis Reporting and Lessons Learned • Institutionalize recommendations • Critical Infrastructure Protection • Maintaining best practice / Defense in Depth • SCADA System integrity / Smart Grid information / Mobile Devices • CIP Standards and new versions
  • 11. Page 11 Company Logo ERCOT Compliance Initiatives What should the Compliance Department do? • Compliance ‘promotes’ Reliability and Security • Allow Subject Matter Experts to focus on improving industry, while still meeting compliance obligations (daily activities) • Reduce duplication of regulatory efforts across the organization (one activity meets multiple regulatory requirements) • Active Policy Monitoring and Enforcement to allow early detection and mitigation of issues, and avoid unnecessary compliance burden • Minimize ‘Drift’ from stated expectations • Institutionalize Recommendations, ‘Normal Practice’
  • 12. Page 12 Company Logo ERCOT Compliance Initiatives cont. What is the Compliance Department going to do? • Consolidate PUCT/FERC/NERC Compliance Data Repositories • Common regulatory evidence, sampling, reporting, event analysis, mitigation • Implement AlertEnterprise ‘GRC’ Solution for Compliance • NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16 • Automate RSAW development, and other compliance activities • Active Policy Monitoring and Enforcement (2013) • Map requirements between multiple regulatory environments • Provide Compliance Transparency • AlertEnterprise Dashboards for Executives and Managers • Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
  • 13. Page 13 Company Logo ERCOT Compliance Initiatives cont. Additional detail on some initiatives....
  • 14. Page 14 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT mapping requirements between multiple regulatory environments: - Map requirements between NERC – Protocols – Guides – Policy - Interactive display of Requirement and document associations with master & transaction data, - Displays Requirement association with transaction data (Assessments, Investigation, Mitigation, Self Report, Action Items, RSAW, Event Tracker) within a date range
  • 15. Page 15 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT NERC RSAW functionality: - Developed for NERC RSAW creation, - Can be applied/formatted for other regulatory requirements - Templates with requirements and placeholders for compliance actions, SME and evidence tables NERC
  • 16. Page 16 Company Logo ERCOT Compliance Initiatives cont.
  • 17. Page 17 Company Logo ERCOT Compliance Initiatives cont.
  • 18. Page 18 Company Logo ERCOT Compliance Initiatives cont. AlertEnterprise/ERCOT ‘Risk Engine’ concept : - Essentially a means to provide the association of a NERC ‘risk score’ or ‘risk categorization’ to framework items and controls - Based on VRF, compliance history, enforcement history, NERC ranking (Top 20), self reports, mitigation plans etc. - Benefits of assigning a ‘risk score’ to a standard and requirement will be the development of appropriate monitoring, reporting, dash-boarding, frequency of assessments, focused training, resource allocation etc. - ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are we compliant today and what is the confidence that our controls in place are adequate, how well are we prepared to demonstrate compliance?
  • 19. Page 19 Company Logo Thank you - Questions?