Risk Management in Practice: A Guide for the Electric Sector (co-author)
This report provides guidance for risk management in practice in the electric sector. This present work builds upon the technical update, Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology, 3002001181 that was published in 2013; the DOE Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2); the National Institute of Standards and Technology Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security, the National Rural Electric Cooperative Association (NRECA) Guidance, and other documents.
The focus of this document is to provide guidance on applying the diverse existing cyber security guidance that is applicable to the electric sector. The goal of this document is to provide a framework and comparative analyses of existing guidance that may be used by cyber security practitioners in addressing cyber security.
This document was developed jointly by several organizations, including EPRI, DOE, NRECA, Carnegie Mellon University, and several utilities. This document is a companion document to the EPRI technical update, Security Posture Using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), Technical Update 3002003332, also published in 2014.