Last Day to Save $400 on 4-6 Day Courses at SANS Cyber Defense Initiative 2017!

Press


SANS Institute to Offer Computer-based NERC Critical Infrastructure Protection Training

Helps electric utilities address the security awareness and cyber security training program requirements of the NERC CIP Standards and reinforce good security practices

  • Bethesda, MD
  • July 6, 2015

SANS Institute, the global leader in information security training, has joined forces with industry leaders to develop training that helps ensure the reliability of the North American bulk electric system. The complimentary SANS webcast, taking place July15, 2015, will discuss the Challenges and Strategies for Addressing the NERC CIP Version 5 Training Requirements.

The NERC Critical Infrastructure Protection (CIP) Version 5 standards which address the security of cyber assets essential to the reliable operation of the North American bulk electric system become enforceable on April 1, 2016. Compared to previous versions, the Version 5 standards include significantly increased training requirements for persons with authorized access to those cyber assets. The new standards which increase the number of facilities subject to the CIP requirements also result in an increase in the number of personnel requiring training. However developing, deploying, and maintaining the needed training content can be a challenge for most entities. The CIP standards are complex and in the case of the training standards, identifying the topics that must be covered is not necessarily obvious and getting it wrong can result in security gaps and penalties. Adding to the challenge, entities subject to earlier versions of the standards often had difficulty dedicating the internal resources needed to keep their custom training materials current. Those choosing to outsource their training efforts were quickly confronted with the high cost of custom training development.

To help the electric industry address the challenges of NERC CIP training, SANS has developed the CIP Version 5 CBT program consisting of thirteen individual modules addressing forty-nine topic areas. The training was developed by SANS team members experienced in developing and supporting NERC CIP compliance programs. The development team also worked with an Advisory Board consisting of fifteen CIP practitioners from electric utilities, Independent System Operators and a former NERC auditor. The Advisory Board participated throughout the development process beginning with defining what the training should include, and provided feedback on module scripts, video imagery, and end-of-module quiz questions. The result is an affordable training program that is consistent, technically accurate, highly engaging, and backed by the SANS reputation for quality.

The CIP Version 5 CBT program includes training on the role of the regulatory agencies, the requirements of the NERC CIP Version 5 standards, physical and cyber access controls, and the cyber-risks associated with operating interconnected computer systems. By also providing the ability to link to custom content, each module gives North American bulk power system owners and operators an opportunity to incorporate their internal cyber security policies and procedures that correspond to the module topic.

To learn more about the SANS CIP Version 5 CBT program, including an overview of each module and a full-length example, and to register for the NERC CIP Version 5 Webinar visit: securingthehuman.sans.org/u/66P

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)