SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

Addressing NERC Cyber Security Standards Using a Frameworks-Based Approach

2008-08-13 00:00:00 by Paul Davilman in Speaking of Security, the RSA Blog and Podcast
 
...NERC Cyber-Security Standards ( http://www.nerc.com/files/CIP-002-1.pdf ) are applicable only in the US, I think there's no doubt that cyber security is fast becoming a major concern of electric utility companies worldwide. In addition, other US critical infrastructure industry segments, such as water and chemical companies are also coming...
 
Tags: nerc, nerc cyber-security standards, cyber security, utility companies, federal pressure, chemical companies, major concern, cyber-security efforts, guidance
 
 
 
 
Expand article

NERC CIP Rules Out - Logs In!

2008-01-24 13:06:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
NERC security rules [PDF], that were updated and became mandatory last week, might well become "a new PCI DSS " and trigger "a golden age " of security in the energy industry: the rules are mandatory, they are specific (more specific than a lot of other regulatory security guidance) and there is an enforcement body (NERC) that can make life...
 
Tags: logs, review logs, preserve computer logs, responsible entity, security, cyber security, regulatory security guidance, guidance, review
 
 
 
 
Expand article

NERC Critical Infrastructure Protection Will Always Change with the Evolution of Technology

2008-10-10 00:00:00 by Paul Davilman in Speaking of Security, the RSA Blog and Podcast
 
As Stewart Brand once said "Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road". I think this quote describes perfectly the role in which IT departments are playing in implementing security programs, specifically those attributed to the NERC Cyber Security Standards
 
Tags: quote describes perfectly, security programs, technology rolls, stewart brand, steamroller, departments, road, role
 
 
 
 
Expand article

Some Burning Logging Questions - Answered!

2008-04-23 16:20:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...NERC since it mandates 1 year of log retention vs NERC 90 days, so: 1 year worth of logs is = 365 days x 24 hours x 3600 seconds x 1 (one!!!) busy firewall with 100 log messages each second x 200 bytes per message average (e.g. valid for PIX and ASA devices) = 588 gigabytes / year of raw log data uncompressed (assuming 10x compression you'd...
 
Tags: data, raw log data, logs compress, logs, analyze unknown logs, unknown, data retrieval commands, measure logs, log data
 
 
 
 
Expand article

Links for 2008-01-25 [del.icio.us]

2008-01-26 00:00:00 by Editor in Anton Chuvakin Blog -
 
...NERC regulations might well trigger a golden age of security in the energy industry," said Anton Chuvakin, "chief logging evangelist" with LogLogic (San Jose Employee's silent rampage wipes out $2.5m worth of data | The Register Cooley was charged with damage in excess of $1,000 to computers and was released on bail 2008: The year of the...
 
Tags: security, payment card security, scada, scada security, sets practical guidelines, sans director confirms, intel rosi paper, silent rampage wipes, apple hack news
 
 
 
 
Expand article

Power Outages Are A Major Risk That Most Companies Overlook

The Article has images
2008-07-10 17:31:34 by Stephanie Balaouras in Security & Risk Management
...NERC), long-term capacity margins are still inadequate and significant investment in transmission is still required So businesses must not only invest in preventative measures such as backup power generators, they must think about where they locate their data centers. You must avoid areas that have clearly identified congestion issues and...
 
Tags: prevent power failures, failures, data center, recovery data center, backup power, backup power generators, power failures, power failure, rackspace power failure
 
 
 
 
Expand article

Speaking of Security Podcast #119

The Article has audio podcast
2008-08-25 00:00:00 by Podcast Producers in Speaking of Security, the RSA Blog and Podcast
 
...NERC) Cyber Security Standards and how these standards will impact IT security in the utility industries. Please note that due to the U.S. Labor Day holiday, we'll be back in two weeks (on September 8) with a new show
 
Tags: security, cyber security standards, standards, labor day holiday, solutions team sits, utility industries, amanda van, rsas compliance, paul davilman
 
 
 
 
 
Showing 1-7 of 7 records
1
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia