Home » Client Case Studies
One of the largest energy utilities in the US has operations affecting regions of the country. The client required a dynamic enterprise view of their security risk as well as a prioritized remediation plan aimed at protecting their business operations. In a world defined by limited budgets, resources and time in the context of many vulnerabilities,attack points and attackers, N&ST needed to build a risk assessment methodology that would economically address these requirement across a large number of locations and technologies.
A major US metropolitan electrical utility required a ‘360 degree’ security review that includes the following:
- Internal and external pen testing
- Internal web and mainframe application testing
- Remote access security assessment
- Physical security test
- Social engineering
- Identification and security review of wireless LANs
- SCADA network review and pen testing
- Telephone network security review
- Voice message security review
- Security documentation evaluation
A major US Utility was facing an upcoming NERC CIP Compliance audit. While technically astute, many of the personnel associated with their NERC CIP implementations had little or no experience with the audit process. These Subject Matter Experts (“SMEs”) lacked the “soft skills” that must properly be used during an audit. The Utility wanted to 1) prepare its people for the rigors of the audit and 2) ensure the highest probability of a successful audit.