Cybersecurity is an ongoing process. There is no silver bullet that will stop cyber criminals. There is no single method of protection. And most of all, you can’t let your guard down. Our Cyber Resilience Initiative (CRI) Team is constantly researching, refining, and enhancing our cybersecurity services and solutions in order to provide you with a strong set of tools to bolster your utility against cyber criminals and attacks.
Information Security Program Library (ISPL)
The policies and procedures your utility maintains and implements are the foundation of your secure cyber culture. SEDC’s Information Security Program Library (ISPL) provides an extensive best practices collection of templates, forms, and guidelines to assist you in developing a comprehensive approach to cybersecurity for your business processes, your employees, and even your Board of Directors. An example of an ISPL tool is a cross-matrix of policies and procedures required for PCI DSS compliance. The ISPL will be updated as needed to address new advancements in cybersecurity, new and emerging threats, and evolving cyber practices.
To request your free copy of the ISPL, simply fill out the form on our ISPL Download Request page.
PCI DSS Compliance Assistance
Becoming PCI DSS compliant is a major step toward comprehensive cybersecurity and improving the cyber resilience of your utility. The requirements for compliance are much more than a simple checklist; they are a rule book for examining your network and infrastructure for possible vulnerabilities and then plugging those holes. We are committed to assisting our customers with the PCI DSS compliance process. SEDC’s CRI Team has developed the PCI Starter Kit to assist customers as they navigate the Payment Card Industry Data Security Standard (PCI DSS) requirements. Our ISPL includes a section mapping related PCI DSS requirements to specific sections of the ISPL. Our Cyber Awareness Education and Managed Security Services address various PCI requirements; and we host a webinar class series as well as additional learning opportunities to help utilities understand PCI DSS requirements and priority milestones, reduce PCI scope, and bring the utility into compliance.
SEDC collaborates with industry leaders such as Elavon, our credit card processor, to provide our customers and Members with access to Elavon’s PCI Compliance Manager (PCM) Plus tool. PCM Plus guides utilities in meeting the requirements of PCI compliance, including completing the Self-Assessment Questionnaire (SAQ), performing quarterly scans, and completing an attestation of compliance (AOC). Additionally, SEDC provides active support as your utility moves toward toward PCI DSS compliance, making the process as smooth as possible for your business.
Cyber Awareness Education
When it comes to being cyber secure, people are a company’s biggest vulnerability. The absolute most important step in securing your systems and data is educating your employees. An unintended click on a well-disguised phishing email could jeopardize your utility’s and your customers’ data, compromise your networks, and potentially inflict financial and operational damages on your utility.
SEDC has partnered with KnowBe4, the industry leader in cyber awareness education, to offer an affordable series of webinars and phishing tests to educated your staff, your board members, and even you family members in protecting your utility and their personal accounts and information. These strategically orchestrated phishing tests are designed to mimic potential cyber criminal attacks and educate your people, the weakest link to being cyber secure.
Cyber crime is constantly evolving, and attack methods change as criminals try to stay ahead of our defenses. Cyber Awareness Education (CAE) is also always evolving, ensuring that new threats are addressed and your employees are properly prepared. An ongoing training program is the only way to keep the people in your organization alert and on guard so they can provide a solid first line of defense for your utility, your employees, and the customers who trust you to protect their sensitive information.
Training Administration Services
Providing cyber awareness training opportunities to your employees and board members is only effective if the training program is consistently followed and enforced. If your utility does not have the time or resources to properly administer this program, you can still reap the extensive benefits by subscribing to SEDC’s Training Administration Services. Our Cyber Awareness Education Administrator will initiate training series with your employees, monitor completion and success rates, and provide status updates throughout the entire length of your training subscription.
The administrator will activate a new phishing simulation and training campaign each quarter and will actively monitor the series to ensure that each employee not only completes the training but is successful, even if multiple attempts are required. Detailed reports will keep your staff informed on the progress of the training across the organization.
SEDC MSS (Managed Security Services)
Your information technology (IT) infrastructure and network form the framework upon which the utility’s systems operate, and your customer satisfaction is dependent on a reliable and responsive network. A cyber incident could affect critical and fundamental systems from engineering and operations to accounting, billing, phones and internet.
Managed Security Services are the systematic approach to managing your utility’s security needs and provide functionality required by PCI DSS. SEDC MSS is an extension of your utility’s security operations, offering 24/7/365 monitoring of your network and infrastructure from a dedicated Security Operations Center (SOC). SEDC has partnered with AlienVault, an industry-leading developer of commercial solutions for managing cyber attacks, to offer SEDC MSS to utilities. Through this partnership, SEDC offers the following services:
- SIEM and Log Management to correlate and analyze security event data across your network;
- Behavioral Monitoring to identify suspicious behavior and potentially compromised systems;
- Intrusion Detection to detect malicious traffic on your network;
- Vulnerability Assessment to identify systems on your network that are vulnerable to exploits; and
- Asset Discovery to find all assets on your network before the criminal element does.