Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Seven Keys to Meeting Cyber-Security Reliability Standards

By Katherine Janiszewski

Organizations that establish accountability and consistent data collection, retention, monitoring and reporting practices, can successfully demonstrate that IT controls support a sound internal control framework that meets the intent of the Cyber-Security Reliability Standards and CIP (Critical Infrastructure Protection) reliability standards.

1. Clearly Define the Control Environment

Identify the systems, services, devices, data, and personnel associated with the day-to-day use and protection of critical information and systems. When selecting controls, it is important to ensure that they support the business processes of the organization and its affiliated organizations, such as contractors and industry partners.

2. Strictly Control Access

Not only protect the data, but the systems, services, and devices within the organization. The entity must be able to demonstrate that it knows which employees, contractors, and partners have physical and logical access to the network, devices, applications, and data for specific and authorized business purposes, and that unauthorized access attempts - both physical and logical - can be identified and addressed.

3. Validate Security controls

Regularly monitor the environment for performance and effectiveness of the controls n place. Establish baseline activity, study trend line analysis, and ensure that unusual activity can be quickly identified and corrected, as necessary.

4. Document All Corrective Actions

Demonstrate that the proper steps were taken to correct systems and adjust policy if a noncompliant situation is identified.

5. Study the Results of Testing and Reporting

Continuously manage and oversee the environment through reporting and testing, while providing documented evidence of due diligence to auditors.

6. Collect and Retain Data

Each organization should take reasonable steps to ensure that sufficient data is collected to identify and respond to security incidents and to monitor and enforce policies and service level agreements. Automated data collection and retention allows many indicators of security and performance across the network and critical applications to be tracked on a continuous basis - as apposed to a periodic review - helping to create a proactive risk management process.

7. Preserve Data in Its Purest Form

Preserve near-term and long-term data in its purest form for audit, forensics, and evidentiary presentation.

Katherine Janiszewski plays a crucial role as Marketing Manager of BlackStratus. Founded in 1999, BlackStratus is based on a culture of excellence and innovation. Their team of leading experts understands the ever-evolving security threat and compliance needs of today's organizations. For more information, visit BlackStratus.

More Network Security Articles:
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• Public Key Infrastructure
• Data Encryption
• NMAP (Network Mapper) Port Scanner
• Firewall Perimeter Network (DMZ)
• What is Network AAA (Authentication, Authorization, and Accounting)?
• Use of Taps and Span Ports in Cyber Intelligence Applications
• Secure, Network Compliant BYOD (Bring Your Own Device) Solutions
• Wireless Network Security
• ARP, MAC, Poisoning, and WiFi Security
Menu - More
Network Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268