Cybersecurity Risk Management Process – A Case Study
Free Research

Cybersecurity Risk Management Process – A Case Study

  • Case study about a fictional utility’s cybersecurity risk management process
  • Implementation of DOE’s Electricity Sector Cybersecurity Risk Management Program guidance
  • Potential steps needed for risk assessment, risk response, and risk monitoring

Developing a risk management process for cybersecurity

Cybersecurity is a perennial concern for utilities, who are responsible for some of the nation’s most critical infrastructure. This document aims to assist electric utilities in their consideration and development of cybersecurity risk management practices and to illustrate possible implementation of the U.S. Department of Energy’s Electricity Sector Cybersecurity Risk Management Program (RMP) guidance.

The paper presents the case of a fictitious municipal utility (Papaya Electric) that decides to develop a risk management program to address cybersecurity. The fictional scenario covers automation functions and operational variables and constraints common to many utilities. The study illustrates how real-world organizations may require a number of adjustments to risk management and operations methodologies to accommodate utility business constraints and priorities.

What’s in the report

  • Overview of the fictitious municipal utility, key actors, and events triggering the pursuit of a cybersecurity risk management process
  • Framing and steps for risk assessment, risk response, and risk monitoring for the executive, business operations, and systems and application levels
  • Key lessons learned about the RMP

Fill out this form to get the report.