Security Services

Security Assessment and Roadmap
UTC Security Assessments and Roadmaps:

  • Identify security goals based on requirements, environment and risk appetite
  • Establish the current security status using relevant standards and guidelines
  • Capture supply chain risks which may be obscure
  • Design a tailored implementation plan based on goals and available resources
  • Follow a well-honed and methodical approach:
hand drawing a security plan for a firewall system (selective focus)

Policy
Guidelines
Network Diagrams
Architecture
Asset Inventories
Operating Procedures

High-level Review of Main Facility
Interview Functional Mangers
Interview Security Team
Interview Senior Leadership

Validate document review findings with interview responses
Correlate findings with industry standards and models

Identify Security Gaps
Identify Resiliency Gaps
Identify Baseline
Identify Desired Security Postures
Determine Areas of Improvement

Develop Recommendations
Use Standards, Best Practices, Expertise
Organize/Prioritize Recommendations
Deliver Results

Standards-based assessments

Security Assessments and Roadmaps work best when based upon well-known standards. Your auditors will use those same standards, so why not get ahead of the game and build in compliance?

UTC Security Assessments and Roadmaps are based on the following standards:

  • ES-C2M2: DoE Electricity Subsector Cybersecurity Capability & Maturity Model
  • NIST Cybersecurity Framework
  • NERC CIP v6: Reliability Standards for North American Bulk Energy Systems
  • ISO/IEC 27001 and 27002: Information Security Management Systems
  • ISO/IEC 27036: Information Security in Supplier Relationships
  • NIST SP 800-53: Security and Privacy Controls for Federal Information Systems
  • NIST SP 800-82: Guide to Industrial Control Systems (ICS) Security
  • NIST IR 7628: Guidelines for Smart Grid Cybersecurity
  • Clients and assessment experts work together to determine the most appropriate standard for any given project.

Technical Assistance

UTC members can engage UTC experts on a variety of cybersecurity challenges.

The UTC Security Team is always available to answer questions, discuss sticky issues, and suggest courses of action.  We also offer policy development, tailored training, and Business Intelligence Reports that show what information about your utility is readily available on the Internet, either in free or paid sites.  Contact UTC cybersecurity team to learn more.