Objective
The objective of this handbook is to introduce the latest concepts and technologies of cybersecurity and offer guidance for protecting modern electric cooperatives.
Cybersecurity is a cyclic risk-management process for protecting information systems in four dimensions: confidentiality, integrity, availability, and nonrepudiation. A robust security program integrates technical, operational, and managerial controls to create layered defenses for an information system.
Background
Electric cooperatives face a range of information security threats, from computer criminals seeking social security numbers (SSNs) on corporate networks to cyber terrorists aiming to take down the power grid by attacking a control network. Defending against such threats means building a cybersecurity program that mitigates risks, addresses compliance and regulatory requirements, and results in streamlined operations and increased productivity.
Proper IT security is a constantly evolving process. This update to the current IT security handbook identifies the new standard for IT security. Since perfect IT security is impossible, it is crucial that co-ops stay up-to-date in this rapidly developing area and keep one step ahead of the others.
Approach
Cybersecurity is an exercise in risk management that should harmonize with other business processes in the enterprise. The cybersecurity risk-management process is actually a never-ending cycle of assessment, planning, and implementation. Risk assessment—which drives planning and implementation—must be repeated as technology, threat, and mission change. A comprehensive cybersecurity plan complements technical solutions with policies, procedures, and training. The security plan combines the system-development process with the integration of security engineering principles and practices. The implementation of a cybersecurity plan should incorporate metrics or rules that quantitatively and periodically measure the performance of the plan.
This guide features:
Overview of the “why” and “how” of cybersecurity
Modern security framework and standards for cooperatives
Guidelines for SCADA protection
Strategies for defending business systems
Methods to safeguarding workstations
“How to” cope with annoyances—spyware, adware, and spam
Audience
Directors, CEOs, communicators, CFOs, senior managers, engineers, managers, financial officers, public relations personnel, and IT managers
Keywords
Security, IT, terrorism, sabotage, disaster recovery, cybersecurity
