Regulatory Trend: 7 Point Data Security Checklist for Energy Firms

The Department of Energy recommended the following data security priorities for the U.S. Energy Sector:

 

  • Identify where you should apply the National Institute of Standards and Technology’s framework to evaluate and potentially guide the improvement of your cybersecurity capabilities.
    • Consider:
      • risk management considerations
      • organizational and critical infrastructure objectives and priorities
      • availability of resources and other similar factors.
  • Review your systems, assets, requirements and cybersecurity and risk management practices.
    • Focus on critical systems and assets, and then, expand your focus to less critical systems and assets as resources permit.
  • Via internal audits, create a current profile by identifying your company’s cybersecurity and risk management practices. 
  • Conduct risk assessment to evaluate cybersecurity risks and determine which are outside of current tolerances.
  • Create a target profile that will include current risk management practices, current risk environment, legal and regulatory requirements, business and mission objectives, and any applicable organizational constraints.
  • Analyze and prioritize gaps between your current and target profiles, and determine the potential consequences of failing to address those gaps.
  • Implement an action plan, and track its progress over time, ensuring that gaps are closed and risks are closely monitored.    Houston Business Journal

 

image



Thank you for subscribing to our newsletter.
Great things are just around the corner!