Security Assessment and Roadmap
UTC Security Assessments and Roadmaps:
- Identify security goals based on requirements, environment and risk appetite
- Establish the current security status using relevant standards and guidelines
- Capture supply chain risks which may be obscure
- Design a tailored implementation plan based on goals and available resources
- Follow a well-honed and methodical approach:
High-level Review of Main Facility
Interview Functional Mangers
Interview Security Team
Interview Senior Leadership
Validate document review findings with interview responses
Correlate findings with industry standards and models
Identify Security Gaps
Identify Resiliency Gaps
Identify Desired Security Postures
Determine Areas of Improvement
Use Standards, Best Practices, Expertise
Security Assessments and Roadmaps work best when based upon well-known standards. Your auditors will use those same standards, so why not get ahead of the game and build in compliance?
UTC Security Assessments and Roadmaps are based on the following standards:
- ES-C2M2: DoE Electricity Subsector Cybersecurity Capability & Maturity Model
- NIST Cybersecurity Framework
- NERC CIP v6: Reliability Standards for North American Bulk Energy Systems
- ISO/IEC 27001 and 27002: Information Security Management Systems
- ISO/IEC 27036: Information Security in Supplier Relationships
- NIST SP 800-53: Security and Privacy Controls for Federal Information Systems
- NIST SP 800-82: Guide to Industrial Control Systems (ICS) Security
- NIST IR 7628: Guidelines for Smart Grid Cybersecurity
- Clients and assessment experts work together to determine the most appropriate standard for any given project.
UTC members can engage UTC experts on a variety of cybersecurity challenges.
The UTC Security Team is always available to answer questions, discuss sticky issues, and suggest courses of action. We also offer policy development, tailored training, and Business Intelligence Reports that show what information about your utility is readily available on the Internet, either in free or paid sites. Contact UTC cybersecurity team to learn more.