The first requirement of the NERC CIP Reliability Standard CIP-004 succinctly states: your organization needs to “document, implement and maintain a security awareness program to ensure personnel having authorized cyber or authorized unescorted physical access receive on-going reinforcement in sound security practices.”  How do you plan on complying with this requirement?  Encari can help you in two ways:

First, starting on July 30, 2009 Encari is providing several complimentary services, to all NERC registered entities, to help with CIP-004 R1 compliance.  These services include:

1. Quarterly security awareness Webinars focusing on security challenges commonly encountered at electric power market participant organizations.  The Webinars address both security best practices and recent incidents and regulatory developments.  We encourage you to forward the Webinar invitation to as many of your fellow employees, contractors, and peers as you would like.
2. Bi-monthly emailed security awareness bulletins that you can distribute to your employees, contractors, and peers.  Topics addressed include proven information security best practices and recent incidents and regulatory updates.
3. Periodic emailed templates for posters, intranet pages, and brochures (CIP-004, R1 requires security awareness programs to consist of both indirect and direct communications).

Secondly, Encari can provide customized versions of these Webinars, bulletins and templates for your organization.  These highlight your organization’s own security policies and procedures, based on the configuration of your own SCADA and process control networks.  They are branded as official content from your organization.