Control System Cyber Security and Auditors

Control System Cyber Security and Auditors


I just returned from a presenting a short course on control system cyber security at the spring meeting of the LA Section of ISACA – the Information Systems Audit and Controls Association. ISACA represents IT auditors. Often, they will be the ones performing control system audits (including NERC CIP), at least internally. With the exception of the person that invited me to speak, the rest of the attendees had never heard the story before. They only knew about IT metrics. My suggestion to them was NIST SP800-53 as I know of no other approach I could recommend.


IT audit staff have the ears of senior management and the Board of Directors. I believe the IT audit staff can be an asset in securing control systems if approached in a teaming manner.


Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>Joe;</p> <p>We have been working very closely with our internal auditors for the past few years, for precisely this reason. When I first said that we were inviting our auditors to look at our control systems there were some people who thought I was crazy. My thought is that is inevitable anyway, so why not try to do it in a positive and proactive way?</p> <p>Eric</p>


RSS feed for comments on this page | RSS feed for all comments