Home - Training

Addressing Cyber Security Controls (NEI 10-09)

5 Day CSAT Workshop

SecureInfo Corporation is pleased to offer the Addressing Cyber Security Controls Workshop. This intense workshop introduces and expands the NEI 10-09 guidelines for the Cyber Security Assessment Team (CSAT) to facilitate consistent understanding of the NEI 08-09 cyber security controls; to ensure consistent understanding of the attack vectors associated with the controls; to describe a method to document and justify crediting existing programs, processes, and defensive architectures; and to provide a consistent methodology for addressing cyber security controls. The methodology is known as a cyber security control implementation strategy or SCIS. The CSAT for each organization is responsible for carrying out the implementation of this process IAW 10 CFR 73.54. Attendees of this Workshop will gain an understanding of how the cyber security control implementation strategy enhances safe operations by supporting implementation consistency, and reducing overall impact to site operations. The strategy also prepares the licensees CSAT for inspections and for reviews of the implementation of the cyber security program. Attendees will be given the tools, knowledge, and experience necessary, through intense hands-on exercises, to build an effective assurance case for each of the cyber security controls in the operational, management, and technical families. Attendees are introduced to the level of effort that is required for licensees to provide high assurance that critical digital assets and critical communication systems and networks are adequately protected against cyber attacks.

Cost of Course: Contact SecureInfo Corporation to discuss costs.

Materials Required

There are no materials required of students attending courses at either SecureInfo location.

For students of mobile classes laptops are required as each student will be asked to create documentation and participate in practical hands-on exercises that guide the students learning experience. The laptop must have Adobe Acrobat Reader, Microsoft Excel and Word.

Course Materials Provided

Students will receive a workbook and Resource Kit via CD (includes all supporting materials and exercises).

Instructor Policy

Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any travel arrangements prior to 6pm on the last day of training.

Locations

We offer this course via mobile training at your facility for up to 20 students per course.

Who Should Attend?

CSAT members and those licensee’s members who will be involved with assisting the CSAT gathering the data necessary to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber-attacks, i.e., to build an effective assurance case for each of the cyber security controls.

Course Topics

Module 1 (Introduction)

  • Workshop Introduction
  • NEI 08-09 and 10-09 Background/Scope/Purpose
  • The Cyber Security Plan (CSP)
  • Cyber Security Program/Plan Terms
  • The Implementation Schedule
  • Cyber Security Control Implementation Strategy (SCIS) Introduction

Module 2 (The SCIS: In-Detail)

  • Creating the SCIS - Considerations
  • Creating the SCIS – The Process
  • Assessing CDAs and Addressing CS Controls
  • Conduct TableTop Review
  • Evaluate CDAs Against the Controls

Module 3 (Cyber Security Control Applicability & Attack Vectors)

  • Attack Vectors
  • Addressing CS Controls for EP-Related CDAs
  • CS Control Applicability

Module 4 (A Gentle Introduction to the Cyber Security Controls)

  • Access Controls
  • Audit and Accountability
  • CDA, System and Communications Protection
  • Identification and Authentication
  • System Hardening
  • Media Protection/ Personnel Security
  • System and Information Integrity/ Maintenance
  • Physical and Operational Environment Protection/ Defense-In-Depth Attack Mitigation and Incident Response/ Cyber Security Contingency Plan
  • Training/Configuration Management
  • System Services Acquisition/Evaluate and Manage Cyber Risk

Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.