The Steadfast Group Services & Solutions Image of power tower
Link to Sitemap
Link to Home
Link to About Us
Link to Services & Solutions
Link to Training
Link to Glossary/FAQs
Link to Contact Us

Compliance

The issue of compliance is one of the most important strategic issues facing critical infrastructure organizations today. Regardless of how large or small an enterprise, compliance with nationwide standards is both ethical and expected by the public. It is the firm belief of The Steadfast Group that a commitment to remain compliant is the single most powerful public relations tool available to a company today. Imagine if you will, a scenario when something goes wrong. If, in hindsight, a company can say, "Here is our written policy manual, all of our individual departmental procedures requiring and detailing the strict implementation of those policies, and the signatures of all our employees affirming that they understand and will uphold those policies and follow those procedures as a condition of their employment. These are the steps we have taken to remain compliant," the good faith effort - even in the face of a failure - becomes a much more palatable reality for the public. However, should a failure occur in an environment where no steps have been taken toward compliance, the ethical and public relations disaster that will result cannot be underestimated. To that end, The Steadfast Group works to help our clients find manageable solutions to remain compliant through:

  • Employee Training Seminars
  • Audits
  • Security Policy Development and Review
  • Security Implementation Procedures Development and Review
  • Red Team/Blue Team Exercises
  • White Hat Hacking Exercises
  • Vulnerability Assessments
  • Risk Management Process Application
  • Critical Asset Determination
  • Intrusion Prevention
  • Security Organization Design and Staffing
  • Security Public Relations
  • Executive Security Briefings
  • Periodic Compliance Review



NERC CIP Cyber Security Standard

Using a collaborative approach, The Steadfast Group works with companies to help meet the NERC CIP-002 through -009 Cyber Security Standard guidelines. Through on-site and off-site NERC-oriented training and seminars, The Steadfast Group provides expertise in security assessment requirements and methodology, a wider perspective and knowledge of SCADA system interoperability vulnerabilities, and the development of policy, procedure, and best practice templates, customized to fit the security profile of individual companies.

The Steadfast Group NERC training and support can help companies:

  • Develop comprehensive cybersecurity policies
  • Define critical cyber assets
  • Establish electronic and physical security perimeters
  • Develop or revise employment and employee policies
  • Develop or revise procurement terms and conditions
  • Develop or revise procedures for the control of confidential and/or sensitive information
  • Identify Incident Response Team contingency plans
  • Develop procedures for testing and auditing

Consulting

Employee
Seminars

Compliance

Types of
Engagement



There has been a growing recognition that control systems are now vulnerable to cyber attacks from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and other malicious intruders.

Robert F. Dacey
Director, Information Security Issues.
United States General Accounting Office.
Testimony before Congress.


Home | About Us | Services & Solutions | Training
Glossary/FAQs | Contact Us

Copyright © 2002-2010 The Steadfast Group. All rights reserved.