Quantification of cyber security has been a long-standing challenge in the utility industry. When one implements a new cyber security solution that costs $500,000, how can the value of the investment be correctly quantified? When a policy was changed to enforce more complex passwords, what is the incremental security value achieved through the change? This challenge comes from the fact that there have not been comprehensive, standardized security metrics widely adopted by the industry. If we had such metrics, a utility could easily calculate and understand the value of security investments in concrete terms. A utility could definitively state, «the change improved the Protection Score by 10.4% and overall security metrics by 6.2%».

EPRI’s Cyber Security Metrics for the Electric Sector project addresses these needs by developing a practical set of security metrics that represents the status of a utility’s security posture. Initiated in 2015, the EPRI research project is expected to deliver a full set of proposed metrics that will provide measures of the effectiveness of security controls.

Para leer más ingrese a:

https://www.epri.com/#/pages/product/3002011685/?platform=hootsuite