NERC CIP Course Catalog - CMMC Training for Federal ...

Toll Free: 1-888-560-9280 [email protected]

https://captivasolutions.com

NERC CIPCourse Catalog

04

05

06

07

08

ContentsBackground

Security Awareness Training

NERC CIP Cybersecurity Training

NERC CIP Audit Prep Training

Program Benefits

Dear Course Participant,

Congratulations on taking this first step. Not only are you are embarking on an exciting journey, you are taking a critical step in your career and taking an active role in ensuring a safer and more secure cyber world.

The material in our courses was developed by our expert instructors who are seasoned industry practitioners. It is based on the information found in the NERC Critical Infrastructure Protection Reliability Standards and is supplemented as necessary with relevant industry best practices.

Successful completion of this course will help you achieve your career goals and qualify you to earn Continuing Professional Education (CPE) credits if you are eligi-ble. However, passing the relevant exam, if applicable, depends on your mastery of the domains covered during the course and your ability to apply those concepts in the real-world.

I wish you much success during the course and as you continue your journey to become a certified cybersecurity professional.

Sincerely, Eberechi Ugwu-AmoleVice President, CybersecurityNERCIPher

BACKGROUNDThe North American Bulk Electric System (BES) is at the top of the list of critical infrastructures maintained by the Department of Homeland Security. Without a reliable supply of electricity, other critical infrastructures will not function. As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the United States.

To address these risks, the North American Electric Reliability Corporation (NERC) developed and maintains a set of Critical Infrastructure Protection (CIP) standards that are mandatory and enforceable. These standards have undergone significant change since they were first adopted in Federal Energy Regulatory Commission (FERC) Order No. 706 and have been extended to include all BES Assets, as well as Regional and registered entities.

NERC takes compliance very seriously. Failure by utility companies to comply with the NERC CIP standards can result in substantial penalties. It is believed that these fines can run as high as $1 million a day per infraction.

To meet this need, NERCIPher offers comprehensive NERC CIP Training for Security Awareness, Cyber Security Education, and Audit Preparation. Our programs provide the complete training and education solution you need to equip your staff to confront the security threats that uniquely affect electrical utilities and meet NERC’s training requirements as specified in Reliability Standard – CIP-004. Thus, organizations are empowered to defend against most cyber-attacks and confidently satisfy any audit requirement.

confront the security threats that uniquely affect electrical utilities and meet NERC’s training requirements as specified in Reliability Standard – CIP-004. Thus, organizations are empowered to defend against most cyber-attacks and confidently satisfy any audit requirement.

Our Security Awareness program helps evangelize expectations for employee security practices and reinforces sound security conduct.

It offers comprehensive knowledge and content for the critical infrastructure industry and specifically targets the issue of motivating employees to change their behavior and prevent social engineering attempts.

Our ongoing campaigns, detailed training curriculum, periodic exercises, and personnel risk reviews are all designed to effect changes in behavior, reinforce good security practices, and ensure your organization complies with NERC's training requirements.

NERCIPherCYBERSECURITYTRAININGPROGRAMS

Our Security Awarenessprogram offers:

SECURITYAWARENESS01

Phishing TrainingOur phishing training offers simulations, exercises, and campaigns to ensure your organization is addressing the latest threats and able to defend against real attacks.

3

Role-Based TrainingIncludes courses that use advanced methodologies to zero in on different target groups within your organization. Using our knowledge base, we target key roles within your organization ensuring they understand the types of threats they might face and can apply effective defensive strategies.

2

End User Training This fundamental class, focuses on threats currently facing your organization. It includes a customizable mix of content that teaches basic security concepts critical to your workplace, while adhering to the beliefs of your organization’s corporate culture.

1

NERC CIP OVERVIEW AND DEEP DIVECYBERSECURITY TRAINING 02

OverviewOur cybersecurity program includes two levels of training; a three-day Overview course and a five-day Deep Dive course. Our Overview course provides a summary of the NERC CIP Reliability Standards including a history of their development and their fundamental purpose, the intent of each requirement and presents the learner with vital introductory cybersecurity concepts.

In our five-day deep dive course, we provide a detailed view of each Reliability Standard, an understanding of the present standards, and standards subject to future enforcement the reasons behind common compliance violations, an analysis of cyber threats and relevant defense mechanisms, and an overview of NERC's audit/ compliance program.

HighlightsComprehensive training with expert instructorsInstructor-led walkthroughs and demonstrationsHands-on labs, workshops, and group activities90-day access to replays of daily lessons

ObjectivesOur cybersecurity courses enable you to:

Recognize the role of FERC and NERC in theprotection of BES Cyber SystemsUnderstand the purpose and specific requirementsof the NERC CIP standardsApply CIP requirements to balance cybersecurity benefits and regulatory complianceUnderstand how the electric sector’s regulatory structure fits into the reliability standardsImplement best practices for building an effective NERC CIP compliance programEvaluate the impact of emerging trends on BES Cyber Systems

AudienceThe target audience for our courses include:• BES asset owners and operators• Field support and security operations personnel• Compliance managers, project managers, coordinators and analysts• Professionals responsible for CIP implementations and audits• Anyone who wants to learn more about NERC CIP standards

FormatOur programs include:• Flexible on site training schedules• Virtual instructor-led training (VILT) • Self-paced learning modules

Modules• NERC CIP Requirements• Operating Interconnected and Interdependent BES Cyber Systems• Asset Identification and Requirement Applicability• NERC CIP Requirements• Protecting BES Cyber System Information • Electronic Access Controls• Physical Access Controls• Incident Response• BES Cyber System Recovery• Physical Security

Duration: 4 Days

HighlightsFour days of training with an expert instructorInstructor-led walkthroughs and demonstrationsHands-on workshops and group activities90-day access to replays of daily lessons

NERC CIPAUDIT PREP TRAINING03

OverviewThis course introduces participants to the Critical Infrastructure Protection (CIP) concept, the Reliability Standards developed by NERC and the NERC Compliance Monitoring Enforcement Program (CMEP). It's a live, 4-day comprehensive overview of the NERC CIP standards as required by FERC that helps you understand how to prepare for or perform a NERC CIP audit.

During the course, participants learn about the structure, processes and available resources that pertain to the monitoring of registered entities’ compliance with NERC standards. We explain the NERC compliance audit process and how to structure a compliance hierarchy that includes standards, requirements, controls, and assets.

Participants will learn how to configure workflows for managing both internal and external standards, mapping regulations, developing controls, performing compliance audits, preparing and implementing action plans, utilizing audit worksheets (RSAWs), identifying and remedying issues, and more.

ObjectivesAfter attending this course, you will be able to:

Recognize acceptable forms of evidence for each standardUnderstand how to structure a compliance hierarchyIdentify the NERC CIP requirements that address physical and cyber securityUnderstand how to configure workflows for managing both internal and external standardConfigure workflows for managing bothinternal and external standardsThe NERC CIP requirements that addressphysical security and cybersecurity of the BESAn objective view in analyzing evidence and making recommendations for corrective action.

AudienceThe target audience for this course includes:• BES asset owners and operators• Compliance managers, project managers, coordinators and analysts• Professionals responsible for CIP implementations and audits• Anyone who wants to learn more about NERC CIP Audits

Hands-on labs and practical exercises.

Interactive training sessions and real-world scenarios.

Flexible class schedules. Classes meet weekly on weekdays, evenings or weekends.

Various training formats - in-person, virtual, on-demand, and hybrid.

Reasonable course fees that provide greater value. We offer referral discounts and special rates.

We accept various payment options including cash, check, credit cards, and various apps.

Tel: 202-770-2120Fax: 202-770-2121 Toll Free: 1-888-560-9280

[email protected] Ivy Ln, Suite 612,Greenbelt, MD 20770

Course materials in an easy to follow study guide. Additional materials in the form of case studies, practice questions, and supplementary materials are provided as needed.

Our instructors are seasoned industry practitioners with solid track records of experience. We require a minimum of ten (10) years of experience.

On-Demand/e-Learning:Build technical skills when and where you choose.Our on-demand courses put time back in your hands.

PROGRAM BENEFITSEach NERCIPher course maximizes your investment and ensures you gain the necessary knowledge to protect your cyber assets Following is a summary of our program benefits:

A Captiva Solutions Company

Captiva Solutions LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegis-try.org.