DYONYX Security Services Team

Additional Info

Job title of nominated professional (or team name)Security Practice Director
Company (where nominated professional or team is working)DYONYX L.P.
Websitedyonyx.com
Company size (employees)100 to 499
CountryUnited States
Headquarters RegionNorth America

Overview

NERC
Client Background
The North American Electric Reliability Council (NERC), the entity responsible for ensuring the security and reliability of the North American electric power grid, appointed DYONYX to implement an education program for the recently approved Critical Infrastructure Protection (CIP) Cyber Security Standard (Standard). The Standard was developed by industry participants to “ensure that all entities responsible for the reliability of the Bulk Electric Systems in North America identify and protect Critical Cyber Assets that control or could impact the reliability of the Bulk Electric Systems.”
Project Description
The scope of the program was critical in providing an understanding of the CIP standards to an estimated 1,000 participates in the electric utility industry, throughout the United States and Canada, responsible for implementing and complying with the CIP standards. DYONYX completed the design of the Education Program curriculum and delivered the program in ten (10) workshops throughout North America. The education curriculum structure incorporated DYONYX’s risk-based critical asset determination methodology and functional segmentation of the Standard facilitating more effective training and subsequent Security Program design, implementation, and sustainment. The now publicly available training program continues to be used as a reference for effective training.

Accomplishments

DYONYX has been involved in the development of cyber security programs for the last ten (10) years and the last eight (8) years focused on compliance with the NERC cyber security standards, NRC’s Regulatory Guide 73.54, and the NIST guidelines.


Our success has been based on the application of a structured programmatic approach that leverages a number of highly-regarded innovations, templates, and methodologies developed by DYONYX along with the employment of “seasoned” utility executives (who have a passion in generating sustainable deliverables), engineers, and security specialists. The results have been exceptional:
Self-documenting tightly-coupled processes and procedures;
Efficient and effective security program architecture employing functionally
driven processes;
Easily maintained security programs through the use of intelligent toolsets;
Effective participation by stakeholders, SMEs, and users through business
process reengineering[1] techniques facilitated through table top review
sessions and visual process maps;
Secure network infrastructures through optimized hardware, software, and
firmware secure designs ;
Integrated and effective physical security processes through cross-
functional design
Compliant programs that have attained “zero deficiency” audit reports.


We point specifically to our proven track record demonstrating our security assessment capabilities, experience (including real-time systems environments), and expertise in network, physical, and cyber security program design. Our insider’s understanding of the CIP Reliability Standards, Nuclear Energy Institute’s 08-09 Guideline, and NIST guidelines, complemented by our business and utility operational experience, ensures the development of workable and sustainable security programs on-time and within budget.