NERC CIP SECURITY E-LEARNING AND AWARENESS SOLUTIONS
The primary objective of the NERC CIP training
courses is to present contemporary and up-to-date
security content in a new and exciting way which is
critical to the success of any CIP security program.
The courses provide an engaging learning
experience that incorporates text, voice, video,
animation, simulation, interactive sessions, testing
and time-stamped reporting.
The NERC CIP Security E-Learning Series is a
complete awareness and training program that
promotes, maintains and reinforces critical security principles. The programs incorporate not only training, but
also a variety of other security awareness aides such as company branded posters and newsletters.
All courses can be easily customized to include your organization’s unique policies, processes and
procedures. Easily include graphics, links to your PDF’s, or intranet documents to present your procedures for
compliance. Use as many slides as required. Courses are available for hosting on any corporate LMS.
All courses can dynamically deliver training content based on an individual’s role, group or location. Courses
can be delivered to address multiple processes for each CIP requirements at multiple sites. In addition, all
courses will allow clients to tag their content pages based on whether the student needs to review the
content according to their specific role requirements.
Search….
NERC CIP
The NERC CIP Security E-Learning Series is a highly
interactive, self-paced, fully customized, role-based training
program that assists organizations comply with CIP
requirements. The courses are based on open web
standards, SCORM compliance and advanced technical
concepts.
NERC CIP TITLES
NERC CIP 2021 – Condensed
Responsive Training Course
NERC CIP Micro Learning Titles:
Access Management and
Mismanagement
Access States and Management
Acronyms and Standards
Asset Deep Dive
Compliance Monitoring and Audits
Control Center Communication
Electronic Access Controls
Exceptional Circumstances
Incident Response
Physical Access Controls
Physical and Conceptual Assets
Protecting and Classifying
Rating Assets
Recovery Plans
Requirements and Coverage
Risky Business
Supply Chain Management
Terms and Relationships
Transient and Removable
Cyber Security Micro Learning
Titles:
Tailgating
Phishing
HTTPS
Spear Phishing
Email
Clean Desk
Handling Passwords
Pop Ups
Removable Media
Password Handling
Open WiFi
Printouts
Malicious Attachments
Spyware
Handling Confidential Material
Shoulder Surfing
USB Key Drop
Home WiFi
Computer Installs
Social Engineering
Chain Mail
Dumpster Diving
CEO Scam
Keylogger
Lock Your Phone
Privacy
Ransomware
Telephone Scams
CIP V5 Titles:
CIP V5 Base Training – Cyber Security
CIP V5 Information Handling
CIP V5 Electronic Access Controls
CIP V5 Physical Access Controls
Including Visitor Management
CIP V5 Cyber Security Incidents,
Response and Recovery
Quarterly Security Safety
Awareness Posters
Quarterly Security Awareness
Newsletters
NERC CIP 2021 – CONDENSED RESPONSIVE TRAINING COURSE
This newly updated 50 minute CIP 2021 training course
covers all requirements including Controlling
Communications and Supply Chain Management. The
module also incorporates text, voice, video, animation,
simulation, interactive sessions, testing and reporting
features. The course is available for hosting on any
corporate LMS.
Topics:
Runs on desktops, smart phones and tablets
Fully customizable to include your logo, policies, processes, procedures and links to internal and
external documents
AICC and SCORM Compliant
Maintenance, Update and Support Program
Courses are hosted on our LiMS or self-hosted on your internal LMS
Customization support available
Time-stamped reporting
Bookmarking
Printable pages for future reference
Duration: approximately 50 minutes
Consists of interactive pop-ups throughout course
Interactive knowledge checks to reinforce presented content
Customizable test questions
Printable Certificate of Course Completion
Features:
NERC CIP MICRO LEARNING TRAINING SERIES
Educate by role using 19 micro learning courses, 2 minutes each. Now you can completely customize your
training by determining which topics you wish to include and determine the duration of the course for your
organization. Any or all of the courses can be added to a playlist which can be assigned to any individuals,
creating a curriculum of courses that must be completed by the employee. Each course in the playlist is
played in sequence until all mini courses have been completed. This simplifies training.
Our unique model allows organizations to create ONE course of all of the topics an individual needs to
complete about CIPs or CIP policies. Certificates can be printed by the student and or by the Manager.
Purchase Total Seats Required
Activate any or all Courses
Create a Course Play List
Shuffle Sequence as needed
Assign Training per Role
Assign Training using Emails
Track Training Progress
Send Reminders
Print Certificates
Export Time Stamped Records
Features:
Access Management and Mismanagement
Access States and Management
Acronyms and Standards
Asset Deep Dive
Compliance Monitoring and Audits
Control Center Communication
Electronic Access Controls
Exceptional Circumstances
Incident Response
Physical Access Controls
Physical and Conceptual Assets
Protecting and Classifying
Rating Assets
Recovery Plans
Requirements and Coverage
Risky Business
Supply Chain Management
Terms and Relationships
Transient and Removable
Titles:
Access Management And Mismanagement
Managing access is part science and part
psychology. Management variables are considered
and access types are reviewed.
Access States And Management
Review the 9 states of access which Entities
must consider as well as the 2 steps in
enabling access.
Acronyms And Standards
Review the Acronyms associated with the CIP (Critical
Infrastructure Protection) Standards and consider why
standards themselves are useful.
Asset Deep Dive
Review the types of assets, asset groups and
protection systems. Consider BCA, BCS, EACMS,
PACS and PCAS. How are they rated?
Compliance Monitoring And Audits
The issues of Compliance Monitoring and
Enforcement are reviewed as well as Violation Risk
Factors, Violation Severity Levels and Audit types.
Control Center Communications
CIP-012 addresses the protection of the confidentiality
and integrity of data transmitted between an Entity’s own
control centers or with another Entity’s control center.
Electronic Access Controls
CIP-005 requires companies to restrict and manage
electronic access to BES Cyber Systems by specifying
a controlled Electronic Security Perimeter (ESP).
Exceptional Circumstances
The concept of the Exceptional Circumstance
is discussed, as to its’ definition, declaring,
responding to and recovering from one.
ABOUT US
Global Training Solutions Inc. provides compliance,
workforce training programs and classroom
instruction aimed at the development, training and
safety of employees in many diverse industries
worldwide.
© 2020 Global Training Solutions
Physical Access Controls
Physical Security Perimeters are considered as well
as Controlled Access Points, Physical Access Control
Systems, escorted / unescorted access and access
errors.
Physical And Conceptual Assets
Perform a review of asset types and see how
they impact the BES. Knowledge, Documents,
People and Equipment are considered.
Policy Requirements And Coverage
Specifically addressed in CIP-003, Responsible Entities have
the flexibility to develop cyber security policy or policies to
address security issues based on impact ratings.
Protecting And Classifying Information
Self-identify BES Cyber System Information.
Develop & maintain information protection
policies and procedures.
Rating Assets
Assets are rated based on their potential to impact
the BES. Entities assume the highest impact rating
of their known assets.
Recovery Plans
CIP-009 requires companies to have a recovery
plan which supports the continued stability,
operability, and reliability of the BES.
Responding To Incidents
Incident Response Plans are designed to mitigate
any risks to the BES. Three types – operational,
physical and cyber are considered.
Risky Business
Risk is considered when referencing infrastructure
reliability, functions, noncompliance, supply chain
and personal risk assessment.
Supply Chain Management
CIP-013 addresses cyber security risk management
Applies to your supply chain – your vendors and
partners. The four security objectives of Supply Chain
Management Controls are discussed.
Terms And Relationships
Review the types of Entities, U.S. and Canadian, the
concept of bright-line criteria, and the relationship of
assets, entities and the BES.
Transients And Removables
Transient Assets and Removable Media are different
based on their designation as Cyber Assets. What are
examples of each? What about cloud storage?
CYBER SECURITY MICRO LEARNING TRAINING SERIES
The Cyber Security Micro Learning Series reinforces safe business practices. Each video-based course
targets a unique cyber security topic and delivers important awareness concepts in just 60 seconds. Well-
designed scenarios highlight the do’s and don’ts of security behaviors, leaving informative impressions that
support safety in both physical and cyber security practices. Two questions are included with each course;
scores and completion status recorded; and saved for Managers to access at any time.
The site’s functionality allows easy access to quality training. Anyone can purchase, assign and manage
courses directly from a secure website. Companies do not need their own infrastructure or tech support.
Each title is approximately 60 seconds
Operates on all devices including smart phones, desktops, ipads
2 question test
Certificate of Completion
Managers will be able to purchase, assign, monitor, track and report on all users
User completions captured (printable report 24/7)
If student does not pass course, the course can be reassigned by manager until the
student receives passing score
Courses delivered on a secure, modern delivery system
Features:
Tailgating
Sometimes it’s respectful of others to not hold the door open
for someone. Don’t circumvent security protocols – even for
people you know.
Https
A website starting with HTTPS is encrypted
and much safer than HTTP. Be sure to “look
for the lock”.
Phishing
Every day 8 million people open a fraudulent
phishing email, don‘t add to that number.
Spear Phishing
Knowing about people’s interests and hobbies,
knowing about these interests is valuable and
that’s how cybercriminals get you.
Email
Some email can be more than
inappropriate, they could help spread
viruses to friends & family.
Handling Passwords
Writing down your passwords and hiding them by
your desk, maybe under the keyboard, ISN’T a
secure process.
Clean Desk
Sometimes the person leaking confidential information
often doesn‘t realise he‘s the source of the leak. Don’t
leave confidential documents on your desk – store them
appropriately.
Pop Ups
The unwanted popup. You didn’t close it
correctly…and now there’s more of them to
deal with….oh boy…
Removable Media
USB drives are convenient…and small…and
easy to lose…and hold more information than
ever before.
Open Wifi
Sometime free doesn’t mean secure. Consider the
potential problems when using open public wifi.
Password Handling
To create a strong password it‘s best to use
a combination of lowercase, uppercase
letters, symbols and numbers.
Printouts
Dispose your documents properly. That
doesn’t mean simply tossing them into the
recycle bin.
Spyware
Today it’s relatively simple for the
cybercriminal to see everything you do on
your computer, work related and personal.
Handling Confidential Material
Using your personal email to transmit confidential
work materials can unique create opportunities
for cyber criminals.
Malicious Attachments
All mail is not necessarily good mail. When you’re not
expecting a package, double check with the sender.
Shoulder Surfing
That person standing over your shoulder
seems a little too interested. Check your
surroundings while typing in your password.
Base Training – Cyber Security
Information Handling
Electronic Access Controls
Physical Access Controls (Includes Visitor Management)
Cyber Security Incidents, Response and Recovery
Controlling Communications
Supply Chain Management
Usb Key Drop
Finding a USB drive on the ground might not be
an accident. Plugging it into your computer might
give a hacker complete control.
Home Wifi
Make sure your home WiFi is at least as secure
as the rest of your house. You don’t leave your
doors and windows unlocked, do you?
Computer Installs
Work computers are loaned to us, and
“personalizing them” by installing your own
software may expose you to hacking.
Chain Mail
You not only waste people’s time when you
forward chain mail, you could be spreading
viruses as well.
Social Engineering
Sharing confidential information, even with
people you know, is never a good idea.
Dumpster Diving
Some people make money rummaging through
your trash. Don’t discard sensitive materials
without considering potential problems.
Keylogger
Check your computer ports for unknown
devices. Keyloggers capture your keystrokes
for cybercriminals to decipher later.
Lock Your Phone
Your smartphone is now an extension of you, your
life, and possibly your business. Photos, email
addresses, phone numbers, contacts, documents
and physical addresses.
Ceo Scam
Always double check unusual requests from
your boss, especially regarding financial
transfers.
Privacy
When personal or business information is
leaked, even if by accident, the repercussions
may be severe. It is best to tell someone in
authority as soon as possible.
Ransomware
Crypto ransomware is a malicious software that
infects a computer and restricts your access to it
until a ransom is paid to unlock it. Consider not
becoming a victim.
Telephone Scams
If you get an unexpected pop-up, call, spam email or
other urgent message about problems with your
computer, stop. Don’t click on any links, don’t give
control of your computer and don’t send any money.
CIP V5 TRAINING COURSES:
Base Training – Cyber Security
Information Handling
Electronic Access Controls
Physical Access Controls (Includes Visitor Management)
Cyber Security Incidents, Response and Recovery
Fully customizable to include your logo, policies, processes, procedures and links to internal
and external documents
AICC and SCORM Compliant
Maintenance, Update and Support Program
Courses are hosted on our LiMS or self-hosted on your internal LMS
Customization support available
Time-stamped reporting
Deliver custom content to multiple sites, groups, individuals
Bookmarking
Printable pages for future reference
Interactive knowledge checks to reinforce presented content
Technical tips
Penalty level alerts
Customizable test questions
Printable Certificate of Course Completion
Full schematics provided for customization content
Role-based tagging capabilities
Training impact analysis capability to capture student training experience
Voice enabling or disabling feature
Capturing of multiple training experiences
Expanded administrator control for database changes
Capturing of students decision-making path
Student remediation and re-testing for topic retention
Features:
Cyber Security defined
The Risks and Rewards of Interconnectivity
“Entity” Policy Statement
Passive Access Points
Passwords
Internet Usage (Email Security; Social Media)
Smartphones
External Devices (Removable Media; Transient Devices; Cloud Storage)
Anti Virus
Event Handling
Assessment
Summary
Course Outline:
CIP V5 BASE TRAINING - CYBER SECURITY
CIP V5 INFORMATION HANDLING
BES Cyber System Information (BESCSI)
“Entity” Policy Statement
Classification of BES Cyber System Information (BESCSI)
BESCSI vs Critical Energy Infrastructure Information (CEII)
Storage – Required Practices
In Transit – Required Practices (Transport; Transmission)
Active Use – Required Practices
Destruction – Required Practices
Redeployment– Required Practices
Event Handling & Logging
Assessment
Summary
Course Outline:
CIP V5 ELECTRONIC ACCESS CONTROLS
How is Electronic Access defined? (Onsite; Remote)
“Entity” Policy Statement
Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
Interactive Remote Access (Defined; Routable Protocols; Controls)
Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access
Revocation)
Policy Reviews & Change Management
Assessment
Summary
Course Outline:
CIP V5 PHYSICAL ACCESS CONTROLS INCLUDING VISITOR
MANAGEMENT
How is Physical Access defined?
Who is covered? (Employees; Contractors; Vendors; Visitors)
“Entity” Policy Statement
Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
Secured Areas (Defined; Identified; Controls)
Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access
Revocation)
Policy Reviews & Change Management
Assessment
Summary
Course Outline:
CIP V5 CYBER SECURITY INCIDENTS, RESPONSE AND RECOVERY
Cyber vs. Physical (Internal; External)
“Entity” Policy Statement (Prevention; Monitoring; Minimization; Mitigation)
Incident Identification (Actual Vs Suspected; Vandalism; Willful Acts; Cybercrime)
Incident Classification (Response Plan and Process)
Reporting/Communication Requirements (Internal and External Resources)
Recovery Processes (Documentation; Review; Change Management; Validation)
Assessment
Summary
Course Outline:
NERC CIP SECURITY AWARENESS POSTER PROGRAM
The NERC CIP Security Awareness Poster Program provides an eye-catching communications
solution to satisfy the requirements of the CIP-004 R1 Compliance Standard for utilities,
municipalities and cooperatives. Each electronic poster contains security based topics
informing employees on various elements of proper security practices to help increase
awareness and adoption of compliance with current standards.
Our team works closely with your organization to customize each poster’s message to meet
your specific requirements for your environment and culture.
Customized general Security Awareness Posters are also available for all other organizations.
Consistent message delivery to all employees
Message accessible 24/7 via company intranet access
Visible message can be displayed in high traffic areas in any office or plant environment
Demonstrates commitment to security
Year round awareness
Eye catching to increase awareness and compliance with current standards
Uniform and efficient presentation
Helps increase widespread adoption of security practices within any organization
Benefits:
NERC CIP SECURITY SAFETY AWARENESS NEWSLETTER PROGRAM
Branded with company logo
Customizable to fit your environment and culture
Includes security based topics
Interesting and informative presentation
Full colour
High resolution
Alluring graphics
Downloadable as a PDF
Printable up to 11′ X 17″
Monthly and quarterly subscriptions available
Features:
Each quarter a new DOWNLOADABLE Security Awareness Newsletter in PDF format is released. Each
bulletin is branded with Customer company logo and is ready to print and distribute in any environment –
electronically or in print format.
The NERC CIP Security Awareness Newsletter Program provides an
eye-catching communications solution to satisfy the requirements
of the CIP-004 R1 Compliance Standard for utilities, municipalities
and cooperatives. Each electronic bulletin contains security based
topics informing employees on various elements of proper security
practices to help increase awareness and adoption of compliance
with current standards.
Our team works closely with your organization to customize each
newsletter’s message to meet your specific requirements and
include a perfect fit for your environment and culture.
Customized general Security Awareness Newsletters are also available.
NERC CIP STANDARDS CLASSROOM TRAINING
Consistent message delivery to all employees
Message accessible 24/7 through company intranet access
Visible message can be displayed in high traffic areas in any office or plant environment
Demonstrates commitment to security
Year round awareness
Eye catching to increase awareness and compliance with current standards
Uniform and efficient presentation
Helps increase widespread adoption of security practices within any organization
Benefits:
Delivered on-site, a fully customized and comprehensive NERC
CIP Standards Classroom Training Course, providing face-to-face
instruction and support by our team of highly experienced
Security Specialists. The comprehensive program covers all
NERC CIP Standard requirements. The NERC CIP Information
Security E-learning Series can be effectively utilized to
supplement the instructor-led training program to reinforce all
concepts learned in the classroom. Course Completion
Certificates are also included in the program.