NERC CIP Information Security E-Learning Series

An interactive, self-paced, fully customized training program that helps organizations comply with Critical Infrastructure Protection (CIP) requirements. The series is based on open web standards, SCORM compliance and advanced technical concepts.

The primary objective of this education series is to present contemporary security content in a new and exciting way. The courses are NOT merely a PowerPoint slide show on the web. It is a true learning experience that incorporates text, voice, video, animation, simulation, interactive sessions, testing and reporting.

The NERC CIP Information Security E-Learning Series is a complete awareness and training program that promotes, maintains and reinforces critical security principles. The program incorporates not only training, but also a variety of other security awareness aides such as posters, calendars, brochures, newsletters and e-mail tips.

Also available is a fully customized NERC CIP Standards Classroom Training Program, providing face-to-face instruction and support by our team of highly experienced Security Specialists. The comprehensive program covers any individual or all NERC CIP Standards 001 – 009, depending on your specific requirements. Student Workbooks and Course Completion Certificates are also included in the program. The NERC CIP Information Security E-learning Series can be effectively utilized to supplement the instructor-led training program to reinforce all concepts learned in the classroom.

Titles Available:

NERC CIP Awareness & Training Course

NERC CIP Standards Overview Course (comprehensive module covering all standards 002 through 009)

CIP – 001: Sabotage Reporting Course

CIP – 002: Critical Cyber Asset Identification Course

CIP – 003: Security Management Controls Course

CIP – 004: Personnel and Training Course

CIP – 005: Electronic Security Perimeter Course

CIP – 006: Physical Security Controls Course

CIP – 007: Security Systems Management Course

CIP – 008: Incident Reporting & Response Planning Course

CIP – 009: Recovery Planning Course

NERC CIP Security Awareness: Poster & Newsletter Program

Features include:

1.0 CEH accreditation for System Operators

Fully customizable to include your logo, policies, processes, procedures and links to internal and external documents

AICC, SCORM 1.2 and SCORM 2004 Compliant

Maintenance, Update and Support Program

Materials available to support instructor-led training

Courses are hosted on our LMS or self-hosted on your internal LMS

Customization support available

Role-based format

Courses:

nerc cip awareness and training

NERC CIP Standard CIP-004-1 R2 requires that personnel having authorized cyber access or unescorted physical access to critical cyber assets must have annual cyber security training that addresses policies, access controls, and procedures appropriate to personnel roles and responsibilities.

This training includes the proper use of Critical Cyber Assets, physical and electronic access controls to Critical Cyber Assets, proper handling of Critical Cyber Asset information, and action plans and procedures to recover or re-establish Critical Cyber Assets and access thereto following a Cyber Security Incident.

The available course content can be configured for you in a variety of ways. Some examples are as follows:

Sample 1:

CIP 004 – R2.2.1 – Proper Use of CCA
Course Objectives
Introduction
Definitions
Critical Cyber Assets
Physical and Electronic Security Perimeters
The Physical Security Perimeter
Acceptable Use Policy
Cyber Security Policy
Security Management
CIP 004 – R2.2.2 – Access Control
Access Controls to Critical Cyber Assets
Physical Access Controls
Physical Access Controls - Tailgating
Visitors and Escorting Visitors
Photographic Device Policy
Electronic Access Control
Threats
Threats – Malware and Viruses
Threats – Social Engineering
CIP 004 – R2.2.3 – Proper Handling
Proper Handling of CCA
Classifying, Labeling, and Handling CCA
CIP 004 – R2.2.4 – Cyber Security Incident
Recognizing, Reacting, and Reporting an Incident
Incident Response
Recovery Planning
Security and You

Sample 2:

Course Introduction
Security Message
Course Objectives
The NERC Challenge
Information Security Defined
Elements of Information Security
Security Program
Security Management
Security and You
Information Security Policy
Protection and Controls
Understanding Risks and Threats
Risk Management Model
The Threats - Who or What?
Viruses, Worms, Trojan Horses
Social Engineering
Handling Suspicious Requests
Critical Cyber Asset Identification
Classification and Handling
Proper Handling of Critical Cyber Asset Information
Proper Use of Critical Cyber Asset Information
Logical Access Controls
Electronic Security Perimeter
Computer Access Policy
System Authentication
Physical Access Controls
Physical Security Overview
ID Cards and Escorts
Tailgating and Piggybacking
Secure Work Space
Portable Media
Incident Response and Recovery Planning
Incident Response
Recognizing and Reporting a Security Incident
Recovery Planning

Sample 3:

Course Introduction
Security Message
NERC CIP Cyber Security Standards
Cyber Security Defined
Course Objectives
Security Program
Security Program Overview
Required Controls
The Threat
Administrative Controls
Administrative Controls Overview
Administrative Control Mechanisms
Technical Controls
Technical Controls Overview
System Authentication
Password Selection
Malware Prevention
Physical Access Controls
Physical Security Overview
Security Badges and Escorts
Tailgating and Piggybacking
Physical Access Logging
Proper Use of Critical Cyber Assets
Proper Use Guidelines
Information Protection
Information Protection Overview
Data Classification and Labeling
Handling Sensitive Information
Incident Response and Recovery
Incident Response Overview
Recognizing and Reporting a Security Incident
Incident Recovery
Security is Everyone's Responsibility
Sample Interactions

nerc cip standards overview

A comprehensive overview of NERC CIP Standards 002 – 009.

NERC CIP Overview
NERC Overview
NERC Challenges
Definitions
Critical Cyber Assets
Technical Feasibility Exception
CIP-002 - Critical Cyber Asset Identification
CIP-002 Overview
Asset Identification Overview
Understanding Risks
Risk Assessment
Asset Identification and Evaluation
Critical Assets Levels of Non-Compliance
CIP-003 - Security Management Controls
Security Management Controls Overview
Cyber Security Policy
Information Protection Program
Classifying, Labeling, and Handling CCA
Corporate Identity
Security Management Access Policy
Access Controls to Critical Cyber Assets
Security Management Access Controls
Change Management
SMC Levels of Non-Compliance
CIP-004 - Personnel and Training
Personnel and Training Overview
Cyber Security Training
Personnel Risk Assessment
Personnel and Training Levels of Non-Compliance
CIP-005 - Electronic Security Perimeter
Electronic Security Perimeter Overview
Electronic Access Controls
Log and Monitoring Controls
ESP Vulnerability Assessment
Access Log Security
ESP Levels of Non-Compliance
CIP-006 - Physical Security Controls
Physical Security Overview
Visitors and Escorting Visitors
Physical Security Plan
Physical Access Controls
Physical Access Monitoring
Phyical Access Logging
Maintenance and Testing
PSP Levels of Non-Compliance
CIP-007 - Security Systems Management
CIP-007 SSM Overview
Documented Security Test Procedures
Ports and Services
Patch Management
Account Management Program
Security Status Monitoring
Cyber Asset Disposal and Re-deployment
Cyber Vulnerability Assessment
Documentation Review
SSM Levels of Non-Compliance
CIP-008 - Incident and Response Planning
Incident Response Overview
The Need for an Incident Response Plan
Incident Response Goals
Detection and Initial Response
Incident and Response Planning Levels of Non-Compliance
CIP-009 - Recovery Planning for CCAs
Recovery Planning Overview
Recovery Planning Levels of Non-Compliance

nerc cip security awareness: poster & newsletter program

Satisfies CIP-004 R1 NERC Standard