“Regulatory compliance is considered one of the primary business risks for
industries such as the energy utilities. The National Energy Regulatory
Commission (NERC) can fine a company up to $1 million a day for
non-compliance," said
Rick Doten, vice president of cyber security for DMI.
http://smart-grid.tmcnet.com/channels/nerc-compliance/articles/287417-importance-developing-nerc-compliance-procedures.htm
Tuesday, April 24, 2012
Friday, April 20, 2012
Corporate Risk Solutions’ NERC CIP Compliance Guide Addresses Version 4
The recent announcement of the Federal Energy
Regulatory Commission (FERC) approving the final rule that updates certain
reliability standards (www.ferc.gov/.../Files/20120419105338-summaries.pdf) may have some utilities shaken up. This
final rule approves the Version 4 CIP Reliability Standards submitted by the
North American Electric Reliability Corp (NERC), and involves a change in the
way Critical Assets are identified. These NERC CIP Reliability Standards
provide a framework to identify and protect Critical Cyber Assets in
association with Critical Assets that support the Bulk-Power System.
While
those involved with NERC Compliance may be worried about what this means for
previous version of the Standards, Corporate Risk Solutions, Inc. (CRSI) has a
solution to help lessen the blow. CRSI has produced an extensive, holistic NERC
CIP Compliance Guide that includes guidance for Version 4 as approved by the
NERC Board of Trustees.
CRSI’s NERC CIP Compliance Guide
includes narration of each of the NERC CIP Requirements and supporting
information to assist with comprehension and compliance. Not only does the Guide
provide detailed information as to what documentation is needed per Requirement
and Sub-Requirement and details additional evidence that must be provided
during an audit to achieve compliance, but it also provides best practice
recommendations and problem areas to avoid.
So far, CRSI has sold 160 Guides to utilities
across all eight NERC Regions. Clients have been providing CRSI with great
feedback about the functionality and features of the Compliance Guide. The
Compliance Guide is designed for all members of the company. Those that will
benefit most from the Guide are Subject Matter Experts, members of the internal
Compliance Team, Senior Executives, Management, employees dealing directly with
NERC CIP on a daily basis. The Guide is designed as a reference source for all
NERC CIP compliance questions.
For future versions of the Guide, a
significant discount will be offered only to those who have previously
purchased the first edition. It is
intended that in future versions (Version 5), the Guide will be offered in a
web format so it can operate within an Intranet platform for which a
subscription service from CRSI will maintain the currency of and provide
enhancements to the Guide and supporting templates. Significant discounts will
also be offered for the web format only to those who have previously purchased
the first edition. It is anticipated that the information contained in this
Guide will be valid and applicable for a minimum of 18-24 months.
For information on how to order, request a
sample, or get in contact with a fellow user of the NERC CIP Compliance Guide,
contact Travis Emerson at temerson@corprisk.net
or call 913-322-5404. Visit www.corprisk.net/services/nerc-cip-compliance-guide
to find out how CRSI’s clients have found value in the Compliance Guide.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate
Enterprise Security, Inc. CRSI specializes
in NERC operational and CIP Compliance (693 and 706), as well as cyber and
physical security solutions to the energy and government sectors. CRSI has
provided consulting services to more than 100 electric utilities across all
eight (8) NERC regions and is also under contract by NERC Regional Entities for
Audit Support. For more information, contact: Trisha Breckenridge, Marketing
Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Thursday, April 19, 2012
FERC Approves Version 4
FERC approves final rule that updates certain reliability standards
E-6, Version 4 Critical Infrastructure Protection Reliability Standards, Docket No. RM11-11-000. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards. The CIP Reliability Standards provide a cyber-security framework for the identification and protection of “Critical Cyber Assets” associated with “Critical Assets” that support the reliable operation of the Bulk-Power System. The main difference between Version 3 and Version 4 is found in CIP-002-4 and involves a change in the way “Critical Assets” are identified. Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3. The final rule does not include any new substantive directives, but it does provide NERC with guidance regarding achieving full compliance with the directives contained in Order No. 706. The final rule also imposes a deadline of March 31, 2013 by which time NERC must submit the next version of the CIP Reliability Standards and further requires NERC to provide quarterly status reports on its CIP development efforts.
For your information, here is the item from FERC’s meeting summary: http://www.ferc.gov/EventCalendar/Files/20120419105338-summaries.pdf
E-6, Version 4 Critical Infrastructure Protection Reliability Standards, Docket No. RM11-11-000. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards. The CIP Reliability Standards provide a cyber-security framework for the identification and protection of “Critical Cyber Assets” associated with “Critical Assets” that support the reliable operation of the Bulk-Power System. The main difference between Version 3 and Version 4 is found in CIP-002-4 and involves a change in the way “Critical Assets” are identified. Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3. The final rule does not include any new substantive directives, but it does provide NERC with guidance regarding achieving full compliance with the directives contained in Order No. 706. The final rule also imposes a deadline of March 31, 2013 by which time NERC must submit the next version of the CIP Reliability Standards and further requires NERC to provide quarterly status reports on its CIP development efforts.
For your information, here is the item from FERC’s meeting summary: http://www.ferc.gov/EventCalendar/Files/20120419105338-summaries.pdf
Monday, March 5, 2012
Corporate Risk Solutions Expands Security and NERC CIP Consulting Team: Introducing Michael Taylor, Security/Compliance Analyst
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary
and premier security consulting firm of Corporate Enterprise Security, Inc., is
pleased to announce the addition of Mr. Michael S. Taylor as a Security/Compliance
Analyst to its team of dedicated NERC (693 and 706) Compliance and security consulting
experts. Mr. Taylor will assist in the growth and continued success of CRSI’s Managed Services Support (MSS) offerings.
“Michael’s experience in infrastructure security design reviews and various aspects of a security program will prove invaluable to our MSS and compliance programs,” says Susan Tibbs, Security Consultant, Managed Services Support Section, of the addition to CRSI’s team.
As a Security/Compliance Analyst, Mr. Taylor will work with senior consultants to develop policies and procedures for physical, information, and operations security, assist in the review of threat and vulnerability assessments and risk management tools, as well as mock audits, inspections, and compliance evaluations. Mr. Taylor comments, “I am excited and honored to be a part of the CRSI team. I look forward to the challenges and opportunities ahead of me, and feel my military experience and background in security has prepared me to provide exceptional services to our clients.”
Mr. Taylor has over 23 years’ experience working in multiple security disciplines while serving in the United States Army Military Police Corp. He started as a Physical Security Compliance Inspector and continued his professional training and development eventually working as a Security Program Manager for Army installations and facilities in North Carolina, Texas, Kansas, South Korea, Germany, and Iraq. Mr. Taylor also served as the Antiterrorism and Force Protection Officer and Emergency Response Coordinator at military bases in Landstuhl and Bamberg, Germany, and in support of military contingency operations in Iraq. His specialties included Threat and Vulnerability Assessments, Risk Analysis and Mitigation, Compliance Inspections, Physical and Electronic Security Systems design, Police Intelligence Operations, and developing plans, policies, procedures, and training packages for security programs aimed at protecting information, personnel, facilities, and critical assets.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by NERC Regional Entities for Audit Support. For more information, contact: Trisha Breckenridge, Marketing Associate, 913-422-0410. Email: info@corpenterprisesec.com.
“Michael’s experience in infrastructure security design reviews and various aspects of a security program will prove invaluable to our MSS and compliance programs,” says Susan Tibbs, Security Consultant, Managed Services Support Section, of the addition to CRSI’s team.
As a Security/Compliance Analyst, Mr. Taylor will work with senior consultants to develop policies and procedures for physical, information, and operations security, assist in the review of threat and vulnerability assessments and risk management tools, as well as mock audits, inspections, and compliance evaluations. Mr. Taylor comments, “I am excited and honored to be a part of the CRSI team. I look forward to the challenges and opportunities ahead of me, and feel my military experience and background in security has prepared me to provide exceptional services to our clients.”
Mr. Taylor has over 23 years’ experience working in multiple security disciplines while serving in the United States Army Military Police Corp. He started as a Physical Security Compliance Inspector and continued his professional training and development eventually working as a Security Program Manager for Army installations and facilities in North Carolina, Texas, Kansas, South Korea, Germany, and Iraq. Mr. Taylor also served as the Antiterrorism and Force Protection Officer and Emergency Response Coordinator at military bases in Landstuhl and Bamberg, Germany, and in support of military contingency operations in Iraq. His specialties included Threat and Vulnerability Assessments, Risk Analysis and Mitigation, Compliance Inspections, Physical and Electronic Security Systems design, Police Intelligence Operations, and developing plans, policies, procedures, and training packages for security programs aimed at protecting information, personnel, facilities, and critical assets.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI specializes in NERC operational and CIP Compliance (693 and 706), as well as cyber and physical security solutions to the energy and government sectors. CRSI has provided consulting services to more than 100 electric utilities across all eight (8) NERC regions and is also under contract by NERC Regional Entities for Audit Support. For more information, contact: Trisha Breckenridge, Marketing Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Thursday, March 1, 2012
The "Smarter" the Smart Grid, the Greater Potential for Security Issues
Cyber Security Solutions Must Be at the Development Stage Rather Than a Retrofit
Sometimes called the world’s largest interconnected machine, the electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change that will unfold over a number of years. As the grid is modernized, it will become highly automated, leverage information technology more fully, and become more capable in managing energy from a variety of distributed sources. However, in this process of becoming increasingly “smarter,” the grid will expand to contain more interconnections that may become portals for intrusions, error-caused disruptions, malicious attacks, and other threats.
The convergence of the information and communication infrastructure with the electric power grid introduces new security and privacy-related challenges. The introduction of these technologies to the electric sector also presents opportunities to increase the reliability of the power system, to make it more capable and more resilient to withstand attacks, equipment failures, human errors, natural disasters, and other threats. These greatly improved monitoring and control capabilities must include cyber security solutions in the development process rather than as a retrofit.
Potential cyber security issues to the smart grid are numerous. The "Smart Grid Cyber Security Drivers" chart outlines certain drivers to increased attack surface and increased risk to operations.
Included in the potential cyber security issues to the smart grid are:
You are not alone. Remember to involve your vendors and interconnected partners throughout the process, and embed into your corporate governance systems. And finally, you never want to commit to a project without developing and tracking a business case. It is important to do this on a project by project basis and as an integrated system. This will be life-saving when it comes to evaluating and repeating the process.
For the full “Securing the Smart Grid” presentation, and more information on cyber security practices and solutions, contact Trisha Breckenridge at tbreckenridge@corprisk.net.
The convergence of the information and communication infrastructure with the electric power grid introduces new security and privacy-related challenges. The introduction of these technologies to the electric sector also presents opportunities to increase the reliability of the power system, to make it more capable and more resilient to withstand attacks, equipment failures, human errors, natural disasters, and other threats. These greatly improved monitoring and control capabilities must include cyber security solutions in the development process rather than as a retrofit.
Potential cyber security issues to the smart grid are numerous. The "Smart Grid Cyber Security Drivers" chart outlines certain drivers to increased attack surface and increased risk to operations.
Included in the potential cyber security issues to the smart grid are:
- Increasing complexity that could introduce vulnerabilities and increase exposure to potential attackers.
- Without proper planning, a natural- or man-made event could disable the communications infrastructure, rendering the smart grid ineffective at coping with an emergency situation;
- A cyber intruder could compromise electricity use data and send false information to the utility and either lower or increase the billing, depending upon the motivation;
- Linked networks can introduce common vulnerabilities;
- Increasing vulnerabilities to communication disruptions and introduction of malicious software that could result in denial of service or compromise the integrity of software and systems;
- Increased number of entry points and paths for potential adversaries to exploit;
- Potential for compromise of data confidentiality, including the breach of customer privacy; and
- Compromise of the automated device/service control functionality of the Smart Grid devices, in such a way that significantly disrupts, impairs, or destroys the self-sensing and monitoring, self-adaptive, self-healing electricity generation, transmission, and distribution infrastructure.
You are not alone. Remember to involve your vendors and interconnected partners throughout the process, and embed into your corporate governance systems. And finally, you never want to commit to a project without developing and tracking a business case. It is important to do this on a project by project basis and as an integrated system. This will be life-saving when it comes to evaluating and repeating the process.
For the full “Securing the Smart Grid” presentation, and more information on cyber security practices and solutions, contact Trisha Breckenridge at tbreckenridge@corprisk.net.
Wednesday, February 29, 2012
See Scott Roe, President of CRSI & CESI, in Protecting Utilities through Business Continuity
Scott Roe from Corporate Risk Solutions, a solution provider at the marcus
evans Generation Summit 2012, on protecting utilities from internal and external
attacks.
Interview with: Scott Roe, President, Corporate Risk Solutions
FOR IMMEDIATE RELEASE
“It is crucial for power utilities to be prepared for malicious attacks and internal actions that could potentially bring down their organization,” says Scott Roe, President, Corporate Risk Solutions. Organizations must consider how the utility is being accessed and maximize security, he adds.
From a solution provider company attending the marcus evans Generation Summit 2012, in San Antonio, Texas, February 7-8, Roe discusses the three primary phases organizations must go through when responding to an attack on a utility.
Why must there be more focus on the protection of utilities?
The reliability of the electricity sector is paramount. Most of the nation’s critical infrastructures, such as telecommunications, banking and finance, and transportation are dependent upon reliable power to operate. Every process and operation in the energy industry requires dynamic information flow which can put systems at risk. This could be a customers’ personal information or information that the system relies on to manage electricity. Simply stated, utilities must protect their customers’ information and the systems in place.
Managers should identify how the utility is being accessed both physically and logically. Does the public have any access? How is the information being stored? While typically a private network, does it use or allow public interface? What is the remote-access capability of the system? There must be a focus on the access points where information has the potential to be leaked and how that is being protected from within.
What benefits does Business Continuity bring?
Security solutions and Business Continuity are risk management tools that can assist the organization in defending against and responding to malicious attacks. While utilities are used to handling impacts and risks related to severe weather, outages, etc., they are not as adept at handling the recovery processes surrounding malicious events, such as cyber attacks or internal actions that could potentially bring down the organization.
What are the three primary phases for responding to an attack on a utility?
The first is incident response. This typically includes containing or isolating the event to reduce total impact and to limit continual collateral impact.
The second phase is disaster recovery. This involves returning to a state of operations, through the use of redundant systems, spare parts and temporary processes.
The third is business resumption, when operations return to a normal state. Another key goal of this phase is to complete an After Action Review to identify what occurred and what can be done in the future to prevent it from happening again.
Any final comments?
Utilities have a reputation for engineering just about everything, yet with Security, they often treat this as an “add-on”. To ensure effective regulatory compliance and, more importantly, to enhance their risk management program, Security and Business Continuity should be “engineered” into their processes. They must consider how security can be maximized more efficiently, including whether it can be built into the operations and structures themselves.
About the Generation Summit 2012
This unique forum will take place at The Westin La Cantera Resort, San Antonio, Texas, February 7-8, 2012. Offering much more than any conference, exhibition or trade show, this exclusive meeting will bring together esteemed industry thought leaders and solution providers to a highly focused and interactive networking event. The Summit includes presentations on meeting future energy demands whilst advancing clean air objectives, revolutionizing the energy mix and preparing for regulations which lie ahead.
Interview with: Scott Roe, President, Corporate Risk Solutions
FOR IMMEDIATE RELEASE
“It is crucial for power utilities to be prepared for malicious attacks and internal actions that could potentially bring down their organization,” says Scott Roe, President, Corporate Risk Solutions. Organizations must consider how the utility is being accessed and maximize security, he adds.
From a solution provider company attending the marcus evans Generation Summit 2012, in San Antonio, Texas, February 7-8, Roe discusses the three primary phases organizations must go through when responding to an attack on a utility.
Why must there be more focus on the protection of utilities?
The reliability of the electricity sector is paramount. Most of the nation’s critical infrastructures, such as telecommunications, banking and finance, and transportation are dependent upon reliable power to operate. Every process and operation in the energy industry requires dynamic information flow which can put systems at risk. This could be a customers’ personal information or information that the system relies on to manage electricity. Simply stated, utilities must protect their customers’ information and the systems in place.
Managers should identify how the utility is being accessed both physically and logically. Does the public have any access? How is the information being stored? While typically a private network, does it use or allow public interface? What is the remote-access capability of the system? There must be a focus on the access points where information has the potential to be leaked and how that is being protected from within.
What benefits does Business Continuity bring?
Security solutions and Business Continuity are risk management tools that can assist the organization in defending against and responding to malicious attacks. While utilities are used to handling impacts and risks related to severe weather, outages, etc., they are not as adept at handling the recovery processes surrounding malicious events, such as cyber attacks or internal actions that could potentially bring down the organization.
What are the three primary phases for responding to an attack on a utility?
The first is incident response. This typically includes containing or isolating the event to reduce total impact and to limit continual collateral impact.
The second phase is disaster recovery. This involves returning to a state of operations, through the use of redundant systems, spare parts and temporary processes.
The third is business resumption, when operations return to a normal state. Another key goal of this phase is to complete an After Action Review to identify what occurred and what can be done in the future to prevent it from happening again.
Any final comments?
Utilities have a reputation for engineering just about everything, yet with Security, they often treat this as an “add-on”. To ensure effective regulatory compliance and, more importantly, to enhance their risk management program, Security and Business Continuity should be “engineered” into their processes. They must consider how security can be maximized more efficiently, including whether it can be built into the operations and structures themselves.
About the Generation Summit 2012
This unique forum will take place at The Westin La Cantera Resort, San Antonio, Texas, February 7-8, 2012. Offering much more than any conference, exhibition or trade show, this exclusive meeting will bring together esteemed industry thought leaders and solution providers to a highly focused and interactive networking event. The Summit includes presentations on meeting future energy demands whilst advancing clean air objectives, revolutionizing the energy mix and preparing for regulations which lie ahead.
Tuesday, February 28, 2012
Corporate Risk Solutions Produces Fully Abridged NERC CIP Compliance Guide Book
Corporate Risk Solutions, Inc.
(CRSI), a wholly-owned subsidiary and premier security consulting firm of
Corporate Enterprise Security, Inc., has produced a definitive NERC CIP
Corporate Compliance Guide Book for their utility partners. This “Guide Book” was
developed as the first ever, holistic, abridged “Go-To” source for all NERC CIP Compliance questions. It
provides insight from FERC Order 706 that was used as the basis for the
development of each of the CIP Standards, as well as references applicable NERC
documents published for guidance, interpretation, compliance application, and/or
Frequently Asked Questions attributable to each CIP Standard, requirement,
and/or sub-requirement.
The “Guide Book”
also provides enhanced information such as potential auditors’ questions,
evidence of compliance, and even best practices or common problem areas. The “Guide Book” was developed using Version
3 of the CIP Standards, as well as guidance for CIP-002 Version 4 as currently
approved by the NERC Board of Trustees, and is presented in a easy-to-use “lay
flat,” full color, tabbed handbook format.
Michael W.
Tibbs, Senior Vice-President and Chief Operating Officer of CRSI, explains, “The
NERC CIP Compliance Guide Book benefits all members of the utility company.
Those that will benefit most from the Guide are Subject Matter Experts, members
of the Internal Compliance Team, Management and Senior Executives, and
literally any employees dealing directly with NERC CIP on a daily or periodic basis.”
The first
edition of the “Guide Book” will only be available for purchase by CRSI’s
utility partners and will be available in early/mid-March 2012. CRSI has plans to distribute future version
of the “Guide Book” in a web-based resource process with a subscription service
keeping the information current on changes in the NERC CIP regulatory
environment.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate
Enterprise Security, Inc. CRSI specializes
in NERC operational and CIP Compliance (693 and 706), as well as cyber and
physical security solutions to the energy and government sectors. CRSI has
provided consulting services to more than 100 electric utilities across all
eight (8) NERC regions and is also under contract by NERC Regional Entities for
Audit Support. For more information, contact: Trisha Breckenridge, Marketing
Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Corporate Risk Solutions Hires Security/Compliance Analyst
Corporate Risk Solutions, Inc. (CRSI), a wholly-owned subsidiary
and premier security consulting firm of Corporate Enterprise Security, Inc., is
pleased to announce the addition of Ms. Dana M. Bradshaw as a Security/Compliance
Analyst to its team of dedicated NERC (693 and 706) Compliance and Security
Consulting Experts. Based upon the success of its Managed Services Support (MSS)
offerings, CRSI has added a professional consulting analyst group to focus
exclusively on the MSS work.
“Dana brings a client-focused approach to Corporate Risk
Solutions. Her professional services experience and attention-to-detail will
provide CRSI with an outstanding proven track record for each of our clients,”
says Susan Tibbs, Senior Consultant, Managed Services Support Section, of the
addition to CRSI’s team.
As a Security/Compliance Analyst, Ms. Bradshaw will work with senior
consultants to develop and support client training needs, policy and procedural
development, and compliance training initiatives. She is responsible for
researching current industry best practices, analyzing regulatory and security initiatives,
and providing technical writing services and formulating solutions for
reporting and presentations. Ms. Bradshaw reveals, “I am happy to work with
such as dynamic organization as CRSI and to be involved with such outstanding co-workers. I look forward to the regulatory and security
challenges going forward and working with really terrific clients of CRSI.”
Ms. Bradshaw earned a Bachelor’s Degree in Business Administration
from the University of Missouri-Kansas City, and a Master’s of Business
Administration from Indiana Wesleyan University with a concentration in
accounting. Her graduate studies
included accounting and auditing, business analysis and technology, and
organizational development and change.
Saturday, February 25, 2012
Corporate Risk Solutions Grows to New Heights in NERC Operation and CIP Compliance Services: Announcing Joseph L. Doetzl, Director of Consulting Services
Corporate Risk
Solutions, Inc. (CRSI) is pleased to
announce that Joseph (Joe) L. Doetzl has been promoted to Director of
Consulting Services for CRSI. Joe has
the added responsibility of directing all day-to-day operational activities of
CRSI, a premier regulatory and security consulting firm supporting more than
100 electric utilities across all eight (8) NERC regions. Joe will report to Michael (Mike) W. Tibbs,
Senior Vice President and Chief Operating Officer of CRSI, a wholly-owned
subsidiary of Corporate Enterprise Security, Inc. (CESI).
“Joe has significant
experience in Information Technology (IT), Cyber Security, and supporting the
Supervisory Control and Data Acquisition (SADA) Systems within electric
utilities. He epitomizes effective
communications, responsiveness, client commitment and a very high degree of
excellence which is the foundation blocks of CRSI’s success as a premier
security consulting and regulatory compliance firm,” Mike Tibbs, SVP – COO of
CRSI says of Mr. Doetzl. “As the Manager
of Consulting Services, focused on cyber security and regulatory compliance, Joe
contributed to establishing effective leadership within the ranks of CRSI’s
consultant teams and exceptional client relationships. His strengths and these contributions will
keep CRSI as the premier energy consulting firm and aid in its successful
growth”.
Joe, Doetzl, the
new Director comments, “I am honored by the recognition CRSI has placed in me
and my expanded responsibilities. I look
forward to the challenges that are before me and the opportunities for
success.” Mr. Doetzl has over 20 years’ experience in Information Technology
and is a member of the NERC CIP Standards drafting team, serves as President of
the InfraGard Kansas City Member’s Alliance, and has successfully completed
both the NERC and the Southwest Power Pool Auditors Training Courses.
Friday, February 24, 2012
Corporate Enterprise Security Announces Kimberlee A. Roe, Senior Vice President and Chief Administrative Officer
Corporate
Enterprise Security, Inc. (CESI) is
pleased to announce that Kimberlee A. Roe has been promoted to Senior Vice
President – Chief Administrative Officer of CESI. Kimberlee has the added responsibility of
directing the day-to-day administrative and financial activities of CESI, a
holding company representing a family of security consulting firms serving the
Critical Infrastructure of the United States.
Its cornerstone company, Corporate Risk Solutions, Inc. (CRSI) is a
wholly-owned subsidiary of CESI. CRSI is
a premier regulatory and security consulting firm supporting more than 100
electric utilities across all eight (8) NERC regions.
“Kimberlee has
more than 32-years of supervisory, management and executive leadership experience. Her keen insight, in-depth analysis and attention-to-detail
were developed from a previous medical career.
The past 11 years were spent directing the administrative services for
all of CRSI helping to take it from a startup firm to one of the leading
security consulting and regulatory compliance firms in the energy sector”, said
Scott Roe, President, CEO and Chairman of CESI.
“As my sister, Kimberlee may have gained an opportunity to work with
CRSI at its inception. However, it was
her personal excellence that earned her this present opportunity. These successes included earning a dual Masters
of Business Administration in Human Resources Management and International
Finance; and earning and maintaining several senior professional certifications
to include: Senior Professional of Human Resources, Certified Bookkeeper, Certified
Employee Benefits Specialist, Compensation Management Specialist and Retirement
Management Associate.“
“I am honored by the recognition given to me with
this promotion. I am certainly excited
about the future growth and successes of CESI, and I look forward to the
additional responsibilities and expanded challenges” said the new CAO of CESI,
Kimberlee Roe.
In addition to hers
new responsibilities, Ms. Roe has also been appointed to the CESI Board of
Directors and is the Secretary of CESI.
Corporate Risk Solutions Welcomes Chris Pfister as Manager of Consulting Services
Corporate Risk Solutions, Inc.
(CRSI), a wholly-owned subsidiary and premier security consulting firm of
Corporate Enterprise Security, Inc., has named Chris Pfister as its new Manager
of Consulting Services for its team of NERC (693 and 706) Compliance and
security consulting experts.
Mr. Pfister, a
former United States Naval Officer, has 20 years of project/program management
experience with physical and cyber security, as well as executing Continuity of
Operations Plans. Mr. Pfister will provide his knowledge and support to and
lead projects for CRSI clients, including project implementation plans, budgets,
work schedules, and deliverables.
“The expansion
of our consulting team in the energy and government sectors further strengthens
our ability to meet the needs of utilities across North America,” says Joe
Doetzl, Director of Consulting Services. “Chris Pfister’s comprehensive experience
managing physical and cyber security projects is a tremendous addition to CRSI
and a valuable resource to our clients.”
“I look forward
to starting a new challenge with CRSI and to working with the team to further
develop their dedication to security and compliance,” says Mr. Pfister. Chris,
who is also a graduate of the United States Army Command and General Staff
College will aid in the continued growth of CRSI as Manager of Consulting
Services. Chris, who earned his Master’s
Degree in Business and Organizational Security Management, managed physical
security/anti-terrorism measures in demanding and hazardous overseas
environments during his twenty years as a U.S. Naval Officer. He has in-depth experience
with cyber security as project manager for a global targeting software program
and as Deputy of Current Operations in the Global Operations Center of United
States Strategic Command.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate
Enterprise Security, Inc. CRSI specializes
in NERC operational and CIP Compliance (693 and 706), as well as cyber and
physical security solutions to the energy and government sectors. CRSI has
provided consulting services to more than 100 electric utilities across all
eight (8) NERC regions and is also under contract by NERC Regional Entities for
Audit Support. For more information, contact: Trisha Breckenridge, Marketing
Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Thursday, February 23, 2012
Corporate Risk Solutions Grows to New Heights in NERC Operation and CIP Compliance Services
Announcing
Michael W. Tibbs, Senior Vice President and Chief Operating Officer
Corporate Risk
Solutions, Inc. (CRSI) is excited to announce the promotion of Michael W. Tibbs
to Senior Vice President and Chief Operating Officer (COO). CRSI is a nationally-recognized security consulting
firm that specializes in NERC operational and CIP Compliance (693 and 706), as
well as cyber and physical security solutions to the energy and government
sectors. CRSI is a wholly-owned subsidiary of Corporate Enterprise Security,
Inc. (CESI).
“Mike has proven
himself time and again personally and professionally to be a huge asset to the
company and to the future success of this business,” says Scott Roe, President
of CRSI, President, CEO, and Chairman of CESI. “I am proud to partner with Mike
moving forward; his vast knowledge of the industry and sincere dedication to this
company is encouraging.”
Michael Tibbs, CPP,
CSPM, CHS-III, with over 39-years of private-sector and electric utility
security experience will transition from CRSI’s Vice President – Operations to
Senior VP and COO noting, “I am motivated by the success and tremendous growth
of CRSI over the past many years and am confident that our consulting staff
will reach even greater heights in 2012 and beyond.” Mr. Tibbs heads up a team
of highly qualified consultants that have provided NERC CIP compliance support
for more than 100 utilities throughout North America and have completed several
hundred Security Risk and Vulnerability Assessments in support of security
enhancement projects. Mr. Tibbs is eager to expand CRSI’s NERC 693 and 706 offerings
and to introduce a Learning Management System for clients coming soon in 2012.
Wednesday, February 22, 2012
Here We Grow Again…Corporate Enterprise Security, Inc. Hires Marketing Associate
Corporate Enterprise Security, Inc. (CESI), parent company of the
nationally known premier security consulting firm Corporate Risk Solutions,
Inc. (CRSI), has added Trisha Breckenridge, Marketing Associate, to handle all
aspects of marketing for CESI and its subsidiaries, such as CRSI.
Ms. Breckenridge is a graduate of Lindenwood University with a Bachelor
of Arts degree in English with concentrations in communications and literature. She is a member of the American Marketing
Association and American Advertising Federation. Responsible for the
implementation/management of social media, and the creation and distribution of
newsletters, press releases, and other media relations, Ms. Breckenridge will
make a great contribution to CESI brand awareness and to CRSI’s pro-active,
open client communications. “It always feels great to see the continued growth
of both companies (CESI and CRSI), which allows us to continue to staff such
high quality, creative, and vibrant employees, such as Trisha Breckenridge,”
said Scott Roe, President, CEO and Chairman of CESI.
“It is truly a pleasure to join such a fundamentally sound,
forward-thinking company as CESI,” says Trisha Breckenridge of her new
opportunity with the company. She adds, “Our soon to be re-launched social
media approach, websites, and pro-active client participation meetings will
allow CRSI to provide the industry with new tools and methods to help them achieve
their own successes.” Also in her new role, Ms. Breckenridge is responsible for
advertisements, event planning, white paper support and distribution, and website
content.
Michael W. Tibbs, Senior Vice President and COO of CRSI, has this to
say about CRSI’s marketing ventures for the next year and beyond, “2012 will be
an exciting year for Corporate Risk Solutions in the event arena - with
regional utility workshops, participations in national marketing summits, and
other Energy-centric security conferences.”
CESI is a holding company for innovative security consulting and
regulatory compliance firms providing services for critical infrastructure
entities globally. Through its business partnerships and subsidiaries, CESI
provides commitment and responsiveness to clients and high quality of services
in each of the vertical security markets.
CRSI is a wholly-owned
subsidiary security consulting firm of Corporate Enterprise Security, Inc. CRSI
specializes in NERC operational and CIP Compliance (693 and 706), as well as
cyber and physical security solutions to the energy and government sectors.
CRSI has provided consulting services to more than 100 electric utilities
across all eight (8) NERC regions and is also under contract by multiple NERC
Regional Entities for Audit Support.
Tuesday, February 21, 2012
Welcome to 2012 - New Year, New Opportunities: Introducing Corporate Enterprise Security, Inc.
With
the start of the New Year, Corporate Risk Solutions, Inc. (CRSI) is excited to
announce that its growth and successes has created the opportunity to launch
its new parent company, Corporate Enterprise Security, Inc. (CESI). While CRSI will continue to bring premier security
consulting services to the energy and government sectors, CESI’s mission is to “provide a family of innovative security
consulting and regulatory compliance services for critical infrastructure
entities globally”. Corporate Enterprise Security plans will be to focus on
internal growth and acquisition of other successful security businesses
providing support to critical infrastructure businesses.
Scott
Roe, President of CRSI, is now President, Chairman and Chief Executive Officer
of Corporate Enterprise Security, bringing more than 30 years of experience in
the field of security consulting. Mr.
Roe is extremely committed to this growth opportunity, stating that “the
strengths of CESI will be its commitment and responsive to each of our clients and
to provide the highest quality of services in each of the vertical security
markets through its business partnerships and subsidiaries. This creates a great opportunity to leverage
the successes and goals of CESI and CRSI into a transferrable platform across our
new enterprises.”
With
this transition, the leadership of CRSI will handled directly by Michael W.
Tibbs, SVP and COO of CRSI. Mr. Tibbs, a
39-year security professional and long-term employee of CRSI, stated he is “excited
about the commitment made by CESI and with the support of CRSI’s dedicated
consulting staff – second to none - CRSI will continue to focus on the
individual success of each of its’ literally hundreds of electric utility and
government clients.”
Subscribe to:
Posts (Atom)