Practical Steps to Achieve and Maintain NERC Compliance
There is nearly universal agreement that information security controls must be integrated into daily IT operations, and be 'baked in' from conception, not addressed later as an afterthought. But, if new security controls must be implemented, where do we start, and in what order? And how do we do this in a way that creates value rather than the perception of information security creating bureaucratic barriers to getting real work done?
This paper describes typical information security risks that practitioners will face with NERC compliance, presents seven practical steps to secure the production environment, and the business value of implementing them.