CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
|
|
- Della King
- 6 years ago
- Views:
Transcription
1 Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 219 (U 94-G) ) ) ) ) Application No Exhibit No.: (SCG-27-CWP) CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA OCTOBER 217
2 219 General Rate Case - APP INDEX OF WORKPAPERS Exhibit SCG-27-CWP - DOCUMENT PAGE Overall Summary For Exhibit No. SCG-27-CWP 1 A. PROTECT A - RAMP - INCREMENTAL PKI REBULD B - RAMP - INCREMENTAL FIREWALL SECURITY G - RAMP - INCREMENTAL FOF - CONVERGED PERIMETER SECURITY H - RAMP - INCREMENTAL FOF - HOST BASED PROTECTION J - RAMP - INCREMENTAL SPAM PROTECTION K - RAMP - INCREMENTAL IS ZONE REBUILD M - RAMP - INCREMENTAL SECURITY ORCHESTRATION N - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION O - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION P - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION Q - RAMP - INCREMENTAL CASB (CLOUD DATA USE) R - RAMP - INCREMENTAL WEB APPLICATIONS AND DATABASE FIREWALLS U - RAMP - INCREMENTAL ENTERPRISE SOURCE CODE SECURITY V - RAMP - INCREMENTAL WIRED NETWORK PREVENTATIVE CONTROLS W - RAMP - INCREMENTAL MULTI FACTOR AUTHENTICATION REFRESH X - RAMP - INCREMENTAL MY ACCOUNT MULTI FACTOR AUTHENTICATION 113 B. DETECT AA - RAMP - INCREMENTAL THREAT RESPONSE SYSTEMS AB - RAMP - INCREMENTAL THREAT RECOVERY SYSTEMS D - RAMP - INCREMENTAL SCG NETWORK ANOMALY DETECTION PHASE F - RAMP - INCREMENTAL INSIDER THREAT DETECTION / PREVENTION I - RAMP - INCREMENTAL SSL DECRYPTION L - RAMP - INCREMENTAL NETWORK SECURITY MONITORING S - RAMP - INCREMENTAL PERIMETER TAP INFRASTRUCTURE REDESIGN Z - RAMP - INCREMENTAL THREAT DETECTION SYSTEMS 173 C. RESPOND C - RAMP - INCREMENTAL FORENSICS SYSTEM REBUILD T - RAMP - INCREMENTAL INCIDENT RESPONSE SECURE COLLABORATION 192 D. IDENTIFY E - RAMP - INCREMENTAL ENTERPRISE THREAT INTELLIGENCE Y - RAMP - INCREMENTAL THREAT IDENTIFICATION SYSTEMS 29
3 219 GRC - APP Overall Summary For Exhibit No. SCG-27-CWP In 216 $ () Adjusted-Forecast A. PROTECT 1,515 16,85 4,87 B. DETECT 5,653 1,477 13,193 C. RESPOND 22 1,914 D. IDENTIFY 1,474 4,731 Total 17,844 19,476 22,731 Note: Totals may include rounding differences. Page 1 of 216
4 219 GRC - APP Workpaper: A. PROTECT VARIOUS Summary for A. PROTECT In 216$ () Adjusted-Recorded Adjusted-Forecast Labor 813 1, Non-Labor 8,868 15,5 4,49 NSE 834 Total 1,515 16,85 4,87 FTE A RAMP - Incremental PKI Rebuld Labor 58 Non-Labor NSE Total 58 FTE B RAMP - Incremental Firewall Security Labor 58 Non-Labor 25 NSE Total 38 FTE G RAMP - Incremental FOF - Converged Perimeter Security Labor Non-Labor 2,4 1,2 NSE Total 2,516 1,27 FTE H RAMP - Incremental FOF - Host Based Protection Labor Non-Labor 2,151 NSE Total 2, FTE J RAMP - Incremental Spam Protection Labor 15 Non-Labor 147 NSE 834 Total 1,86 FTE Note: Totals may include rounding differences. Page 2 of 216
5 219 GRC - APP Workpaper: A. PROTECT VARIOUS In 216$ () Adjusted-Recorded Adjusted-Forecast K RAMP - Incremental IS Zone Rebuild Labor 81 Non-Labor 82 NSE Total 91 FTE M RAMP - Incremental Security Orchestration Labor Non-Labor 1,6 15 NSE Total 1, FTE N RAMP - Incremental Critical Gas Infrastructure Protection Labor 174 Non-Labor 1,5 NSE Total 1,674 FTE O RAMP - Incremental Critical Gas Infrastructure Protection Labor 291 Non-Labor 2, NSE Total 2,291 FTE P RAMP - Incremental Critical Gas Infrastructure Protection Labor 232 Non-Labor 4, NSE Total 4,232 FTE Q RAMP - Incremental CASB (cloud data use) Labor 93 Non-Labor 2,8 NSE Total 2,893 FTE R RAMP - Incremental Web Applications and Database Firewalls Labor 128 Non-Labor 2,1 NSE Total 2,228 FTE Note: Totals may include rounding differences. Page 3 of 216
6 219 GRC - APP Workpaper: A. PROTECT VARIOUS In 216$ () Adjusted-Recorded Adjusted-Forecast U RAMP - Incremental Enterprise Source Code Security Labor 8 36 Non-Labor 1,1 NSE Total 1,18 36 FTE V RAMP - Incremental Wired Network Preventative Controls Labor Non-Labor 3,2 NSE Total 3,375 6 FTE W RAMP - Incremental Multi Factor Authentication Refresh Labor 14 Non-Labor 2,5 NSE Total 2,64 FTE X RAMP - Incremental My Account Multi Factor Authentication Labor 7 Non-Labor 49 NSE Total 479 FTE....6 Note: Totals may include rounding differences. Page 4 of 216
7 219 GRC - APP Beginning of Workpaper Group 758A - RAMP - Incremental PKI Rebuld Page 5 of 216
8 219 GRC - APP 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 58 Non-Labor Zero-Based NSE Zero-Based Total 58 FTE Zero-Based Business Purpose: Our enterprise PKI currently uses the SHA-1 signature algorithm. SHA-1 algorithm has been widely used since1985 but is vulnerable to hacking and is no longer recommended for PKI. Microsoft, Google and other major providers will not recognize certificates signed using SHA-1 after January 1, 217. The impact to our users (and potentially customers) will be a series of escalating trust notifications beginning December 215 and eventual loss of access to systems. Physical Description: To secure our websites, intranet communications and applications we must build a new PKI infrastructure using SHA-2 in parallel to the current SHA-1 PKI and issue new certificates to all dependent systems. Project Justification: Enhance security of company websites, intranet communications and applications. Certificate Authorities servers will enable consolidation of systems, simplify support and reduce support complexity. Upgrade to MS Server 212 will improve high-volume certificate issuance and certificate enrollment across Active Directory Domain Services forest boundaries. Note: Totals may include rounding differences. Page 6 of 216
9 219 GRC - APP 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld Forecast Methodology: Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. Non-Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. NSE - Zero-Based N/A Page 7 of 216
10 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758A Page 8 of 216
11 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld 758A.1 - RAMP - Incremental PKI Rebuld 1/31/217 Description: Self developed software Forecast In 216 $() Years Labor 58 Non-Labor NSE Total 58 FTE.5.. Note: Totals may include rounding differences. Page 9 of 216
12 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld 758A.1 - RAMP - Incremental PKI Rebuld RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Public Key Infrastructure Program Description: PKI digital key encryption system to protect in transit and to authenticate devices, services, and applications Deploy SHA2 compliance public key infrastructure for digital certificates Risk/Mitigation: Risk: All Cyber Security Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 1 of 216
13 219 GRC - APP Beginning of Workpaper Group 758B - RAMP - Incremental Firewall Security Page 11 of 216
14 219 GRC - APP 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 58 Non-Labor Zero-Based 25 NSE Zero-Based Total 38 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy a firewall management system (hardware and software) to control outbound firewall egress policies, Prevent unauthorized access to firewall, centrally managed configurations, mitigate vulnerabilities using industry standard best practices, Secure the Enterprise network perimeter and internal firewalls. Project Justification: Reduced risk of business system outages, data loss, and malware proliferation. Increased efficiency in firewall request approval and risk assessment and enhancing current capabilities. Note: Totals may include rounding differences. Page 12 of 216
15 219 GRC - APP 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security Forecast Methodology: Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. Non-Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. NSE - Zero-Based N/A Page 13 of 216
16 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758B Page 14 of 216
17 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security 758B.1 - RAMP - Incremental Firewall Security 2/28/217 Description: Tufin upgrade Forecast In 216 $() Years Labor 58 Non-Labor 25 NSE Total 38 FTE.5.. Note: Totals may include rounding differences. Page 15 of 216
18 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security 758B.1 - RAMP - Incremental Firewall Security RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Web Applications and Database Firewalls Program Description: Firewall Security Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Construction Start Date: Forecast Method: Zero-Based In Service Date:2/28/217 Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 16 of 216
19 219 GRC - APP Beginning of Workpaper Group 758G - RAMP - Incremental FOF - Converged Perimeter Security Page 17 of 216
20 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 2,4 1,2 NSE Zero-Based Total 2,516 1,27 FTE Zero-Based Business Purpose: Simplify network perimeter cybersecurity systems to improve ability to monitor and support protection and detection functions. Physical Description: The scope of this project will focus on firewalls (4) and Intrusion Prevention Devices (6) at the data center perimeters. Project team will be formed to develop and RFP to identify viable alternatives and conduct on site evaluations to determine the best solution. Project Justification: Enhance cybersecurity controls of perimeter and provide operational efficiencies. Note: Totals may include rounding differences. Page 18 of 216
21 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 19 of 216
22 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758G Page 2 of 216
23 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security 758G.1 - RAMP - Incremental Fueling Our Future 76 6/3/218 Description: FOF IDEA # 76 Forecast In 216 $() Years Labor Non-Labor 2,4 1,2 NSE Total 2,516 1,27 FTE Note: Totals may include rounding differences. Page 21 of 216
24 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Workpaper Detail: 758G.1 - RAMP - Incremental Fueling Our Future 76 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Converged Perimeter Systems Program Description: Converged Perimeter Systems - FOF 76 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 22 of 216
25 219 GRC - APP Beginning of Workpaper Group 758H - RAMP - Incremental FOF - Host Based Protection Page 23 of 216
26 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 2,151 NSE Zero-Based Total 2, FTE Zero-Based Business Purpose: Continued implementation of separate systems causes additional infrastructure need, multi-vendor incompatability and additional endpoint agents that compete for system resources. Physical Description: Servers would be included in the scope of this project. Project Justification: Virtualized servers will be better protected and resillient when located outside the protected perimeter, such as being placed in cloud environments or connecting to the network while working offsite. Note: Totals may include rounding differences. Page 24 of 216
27 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 25 of 216
28 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758H Page 26 of 216
29 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection 758H.1 - RAMP - Incremental Fueling Our Future 79 3/31/218 Description: Self developed software portion of the project. FOF IDEA # 79 Forecast In 216 $() Years Labor Non-Labor 324 NSE Total FTE Note: Totals may include rounding differences. Page 27 of 216
30 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Workpaper Detail: 758H.1 - RAMP - Incremental Fueling Our Future 79 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Host Based Protection Program Description: Host Based Protection - FOF 79 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 28 of 216
31 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection 758H.2 - RAMP - Incremental Fueling Our Future 79 3/31/218 Description: License/materials purchase (non self developed) Forecast In 216 $() Years Labor Non-Labor 1,827 NSE Total 1,827 FTE... Note: Totals may include rounding differences. Page 29 of 216
32 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Workpaper Detail: 758H.2 - RAMP - Incremental Fueling Our Future 79 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Hosted Based Protection Program Description: Hosted Based Protection - FOF 79 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 3 of 216
33 219 GRC - APP Beginning of Workpaper Group 758J - RAMP - Incremental Spam Protection Page 31 of 216
34 219 GRC - APP 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 15 Non-Labor Zero-Based 147 NSE Zero-Based 834 Total 1,86 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management and supporting network protections such as firewalls and intrusion detection and prevention. Physical Description: Deployment of protection system hardware and software. Project Justification: The legacy provides spam filter and malware defense system for all internal and external that has reached end of life. Select and deploy a current state system. Note: Totals may include rounding differences. Page 32 of 216
35 219 GRC - APP 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 33 of 216
36 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758J Page 34 of 216
37 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.1 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter 1/31/217 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 15 Non-Labor 147 NSE Total 252 FTE 1... Note: Totals may include rounding differences. Page 35 of 216
38 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.1 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: and Web Browser Protections Program Description: Solution deployment for internet spam, phishing and malware filtering Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 36 of 216
39 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.2 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter - SDS 1/31/217 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor NSE 834 Total 834 FTE... Note: Totals may include rounding differences. Page 37 of 216
40 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.2 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter - SDS RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: and Web Browser Protections Program Description: Solution deployment for internet spam, phishing and malware filtering Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 38 of 216
41 219 GRC - APP Beginning of Workpaper Group 758K - RAMP - Incremental IS Zone Rebuild Page 39 of 216
42 219 GRC - APP 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 81 Non-Labor Zero-Based 82 NSE Zero-Based Total 91 FTE Zero-Based Business Purpose: Ensure continued network reliability and ensure recovery is quick and supported in the event of a hardware or software network device failure. Physical Description: Replace all network switches in both RB and MPK IS physical zones and upgrade the connectivity between racks to1gb. Replace KVMS equipment. Project Justification: Timely replacement of technology infrastructure Note: Totals may include rounding differences. Page 4 of 216
43 219 GRC - APP 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 41 of 216
44 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758K Page 42 of 216
45 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild 758K.1 - RAMP - Incremental replace switches and IPS IS zone 11/3/217 Description: replace switches and IPS IS zone Forecast In 216 $() Years Labor 81 Non-Labor 82 NSE Total 91 FTE.5.. Note: Totals may include rounding differences. Page 43 of 216
46 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild 758K.1 - RAMP - Incremental replace switches and IPS IS zone RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: IS Zone Rebuild Program Description: Replace switches and IPS in IS zone Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 44 of 216
47 219 GRC - APP Beginning of Workpaper Group 758M - RAMP - Incremental Security Orchestration Page 45 of 216
48 219 GRC - APP 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 1,6 15 NSE Zero-Based Total 1, FTE Zero-Based Business Purpose: The Cybersecurity Respond function refers to developing and implementing the appropriate activities to take action regarding a detected Cybersecurity event. The Respond Function supports the ability to contain the impact of a potential Cybersecurity event. Examples of control Categories within this Function include: Response Planning; Communications; Analysis; Mitigation and Improvements. The Incident Response team coordinates cybersecurity incident response activities when a security event is escalated. They also provide analysis of the incident, during the incident, to determine the most effective response, as well as after the incident in terms of lessons learned. During the incident, communications with stakeholders are maintained. This functional area is the focus of ongoing training to maintain readiness through exercises to validate the response plans for high impact systems. Physical Description: Automation of repeatable Information Security Operations Center tasks on the business network. Project Justification: Currently many repeatable incident reponse processes are handled manually. These repeatable incident response tasks could be executed more effectively and more quickly through process automation, freeing up analyst time to focus on higher value tasks. Note: Totals may include rounding differences. Page 46 of 216
49 219 GRC - APP 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 47 of 216
50 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758M Page 48 of 216
51 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.1 - RAMP - Incremental Automate key security triage tasks 3/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor Non-Labor NSE Total FTE Note: Totals may include rounding differences. Page 49 of 216
52 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.1 - RAMP - Incremental Automate key security triage tasks RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Security Orchestration Program Description: Automate key security triage tasks Risk/Mitigation: Risk: All Cyber Risks Mitigation: Respond Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 5 of 216
53 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.2 - RAMP - Incremental Automate key security triage tasks 3/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,36 NSE Total 1,36 FTE... Note: Totals may include rounding differences. Page 51 of 216
54 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.2 - RAMP - Incremental Automate key security triage tasks RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Security Orchestration Program Description: Automate key security triage tasks Risk/Mitigation: Risk: All Cyber Risks Mitigation: Respond Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 52 of 216
55 219 GRC - APP Beginning of Workpaper Group 758N - RAMP - Incremental Critical Gas Infrastructure Protection Page 53 of 216
56 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 174 Non-Labor Zero-Based 1,5 NSE Zero-Based Total 1,674 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 54 of 216
57 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 55 of 216
58 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758N Page 56 of 216
59 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection 758N.1 - RAMP - Incremental Gas infrastructure protection systems /3/217 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 174 Non-Labor 225 NSE Total 399 FTE 1... Note: Totals may include rounding differences. Page 57 of 216
60 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Workpaper Detail: 758N.1 - RAMP - Incremental Gas infrastructure protection systems RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Work Paper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 58 of 216
61 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection 758N.2 - RAMP - Incremental Gas infrastructure protection /3/217 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,275 NSE Total 1,275 FTE... Note: Totals may include rounding differences. Page 59 of 216
62 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Workpaper Detail: 758N.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber securtiy incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Work Paper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 6 of 216
63 219 GRC - APP Beginning of Workpaper Group 758O - RAMP - Incremental Critical Gas Infrastructure Protection Page 61 of 216
64 219 GRC - APP 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 291 Non-Labor Zero-Based 2, NSE Zero-Based Total 2,291 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements. Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 62 of 216
65 219 GRC - APP 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 63 of 216
66 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758O Page 64 of 216
67 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.1 - RAMP - Incremental Gas infrastructure protection 1/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 291 Non-Labor 3 NSE Total 591 FTE Note: Totals may include rounding differences. Page 65 of 216
68 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.1 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 66 of 216
69 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.2 - RAMP - Incremental Gas infrastructure protection 1/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,7 NSE Total 1,7 FTE... Note: Totals may include rounding differences. Page 67 of 216
70 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 68 of 216
71 219 GRC - APP Beginning of Workpaper Group 758P - RAMP - Incremental Critical Gas Infrastructure Protection Page 69 of 216
72 219 GRC - APP 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 232 Non-Labor Zero-Based 4, NSE Zero-Based Total 4,232 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements. Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 7 of 216
73 219 GRC - APP 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 71 of 216
74 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758P Page 72 of 216
75 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.1 - RAMP - Incremental Gas infrastructure protection 1/31/219 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 232 Non-Labor 6 NSE Total 832 FTE.. 2. Note: Totals may include rounding differences. Page 73 of 216
76 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.1 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 74 of 216
77 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.2 - RAMP - Incremental Gas infrastructure protection 1/31/219 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 3,4 NSE Total 3,4 FTE... Note: Totals may include rounding differences. Page 75 of 216
78 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpapers Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 76 of 216
79 219 GRC - APP Beginning of Workpaper Group 758Q - RAMP - Incremental CASB (cloud data use) Page 77 of 216
80 219 GRC - APP 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 93 Non-Labor Zero-Based 2,8 NSE Zero-Based Total 2,893 FTE Zero-Based Business Purpose: Implement the ability to monitor services, policy enforcement and data loss in cloud solution. Physical Description: Deploy CASB appliances at the data centers and acquire software licensing from top tier provider in time to support enterprise deployment of cloud technologies. Project Justification: Greater ability to identify, react, respond, and recover from a sensitive information extraction and cyber security incident Limit potential impact due to a cyber security incident Ability to leverage this technology for future requirements Note: Totals may include rounding differences. Page 78 of 216
81 219 GRC - APP 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 79 of 216
82 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758Q Page 8 of 216
83 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.1 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA 8/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 93 Non-Labor 42 NSE Total 513 FTE. 1.. Note: Totals may include rounding differences. Page 81 of 216
84 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.1 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: CASB (cloud data use) Program Description: CASB (cloud data use) Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 82 of 216
85 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.2 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA 8/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 2,38 NSE Total 2,38 FTE... Note: Totals may include rounding differences. Page 83 of 216
86 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.2 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: CASB (cloud data use) Program Description: CASB (cloud data use) Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 84 of 216
87 219 GRC - APP Beginning of Workpaper Group 758R - RAMP - Incremental Web Applications and Database Firewalls Page 85 of 216
88 219 GRC - APP 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 128 Non-Labor Zero-Based 2,1 NSE Zero-Based Total 2,228 FTE Zero-Based Business Purpose: WAF implementation would defend and alert against attacks that have been the most common vectors of attack. It would also allow us to protect systems in production with undiscovered (zero day) vulnerabilities. This capability would provide a development team more time to fix issues while not impeding deployment schedules. Physical Description: This project will implement a High Availability WAF configuration located at both datacenters to protect web facing systems, and enhance response to vulnerabilities as well as the system's availability SLAs. The WAF placement would initially protect web facing servers that handle sensitive data or that connect to systems that contain sensitive data. Other systems would then be added as capacity allows. This system would integrate with current cybersecurity systems for Web Services protection. Project Justification: Provides an extra layer of protection for web applications and databases by implementing a general protection versus mis-use as well as a method to quickly address an incident or vulnerability without modifying the underlying application. The quick response capability is particularly valuable in situations where a new vulnerability has been discovered but no patch has been made available. Note: Totals may include rounding differences. Page 86 of 216
89 219 GRC - APP 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 87 of 216
90 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758R Page 88 of 216
91 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls 758R.1 - RAMP - Incremental Security controls on servers. Deploy web application firewalls 9/3/218 Description: Security controls on servers. Deploy web application firewalls Forecast In 216 $() Years Labor 128 Non-Labor 2,1 NSE Total 2,228 FTE Note: Totals may include rounding differences. Page 89 of 216
92 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls 758R.1 - RAMP - Incremental Security controls on servers. Deploy web application firewalls RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Web Applications and Database Firewalls Program Description: Security controls on servers. Deploy web application firewalls Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 9 of 216
WORKPAPERS TO PREPARED DIRECT TESTIMONY OF OMAR RIVERA ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 2019 (U 904-G) ) ) ) ) Application No. 17-10- Exhibit No.: (SCG-05-WP)
More informationWORKPAPERS TO PREPARED DIRECT TESTIMONY OF MICHAEL A. BERMEL ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 2019 (U 904-G) ) ) ) ) Application No. 17-10- Exhibit No.: (SCG-08-WP)
More informationINDICATED SHIPPER DATA REQUEST IS-SCG-004 SOCALGAS 2019 GRC A SOCALGAS RESPONSE DATE RECEIVED: FEBRUARY
DATE RESPONDED: MARCH 26, 2018 4-1. Please refer to the capital workpaper of SoCalGas witness Neil Navin, Exhibit No. SCG-10- CWP-R, at pages 49 and 50 of 184 for the RAMP related project, Base C4 Well
More informationAPPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE
Deerfield Insurance Company Evanston Insurance Company Essex Insurance Company Markel American Insurance Company Markel Insurance Company Associated International Insurance Company DataBreach SM APPLICATION
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationORA DATA REQUEST NUMBER ORA-DR-SCG- 164 A SOCALGAS RESPONSE
ORA DATA REQUEST NUMBER ORADRSCG 164 A.0212027 Request: SCG 9 Information Technology Testimony of Chris Baker 1. Please provide additional supporting information that the SCG Windows 2000 ADS Phase II
More informationA FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015
APRIL 2015 CYBER RISK IS HERE TO STAY Even an unlimited budget for information security will not eliminate your cyber risk. Tom Reagan Marsh Cyber Practice Leader 2 SIMPLIFIED CYBER RISK MANAGEMENT FRAMEWORK
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationSOCALGAS REBUTTAL TESTIMONY OF CHRISTOPHER R. OLMSTED (INFORMATION TECHNOLOGY) JUNE 18, 2018
Company: Southern California Gas Company (U 0 G) Proceeding: 01 General Rate Case Application: A.1--00 Exhibit: SCG- SOCALGAS REBUTTAL TESTIMONY OF CHRISTOPHER R. OLMSTED (INFORMATION TECHNOLOGY) JUNE
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationCyber Security Risk Information Sharing Program (CRISP) Overview, Budget Projection and Proposed Funding Allocation
Cyber Security Risk Information Sharing Program (CRISP) Overview, Budget Projection and Proposed Funding Allocation Introduction and Executive Summary This document provides additional background on CRISP,
More informationINFORMATION AND CYBER SECURITY POLICY V1.1
Future Generali 1 INFORMATION AND CYBER SECURITY V1.1 Future Generali 2 Revision History Revision / Version No. 1.0 1.1 Rollout Date Location of change 14-07- 2017 Mumbai 25.04.20 18 Thane Changed by Original
More informationBRIDGING THE GAP OF GRIEF WITH BUSINESS-DRIVEN SECURITY. Mohammad Alazab Enterprise Security Architect
BRIDGING THE GAP OF GRIEF WITH BUSINESS-DRIVEN SECURITY Mohammad Alazab Enterprise Security Architect 1 TODAY S SECURITY ISN T WORKING 70% 90% Compromised in the last year 1 80% Are unsatisfied CISO s
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationAn Overview of Cyber Insurance at AIG
An Overview of Cyber Insurance at AIG Michael Lee, MBA Cyber Business Development Manager AIG 2018 Brittney Mishler, ARM Cyber Casualty Underwriting Specialist AIG Cyber Insurance It s a peril, not a product
More informationFull year results. 11 April 2019 Corero Network Security plc ( Corero, Company or the Group )
11 April 2019 Corero Network Security plc ( Corero, Company or the Group ) Full year results Corero Network Security plc (AIM:CNS), the AIM listed network security company, announces its audited results
More informationAdd our expertise to yours Protection from the consequences of cyber risks
CyberEdge THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY Add our expertise to yours Protection from the consequences of cyber risks What is CyberEdge? 2 CyberEdge
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationTURN DATA REQUEST-036 SDG&E-SOCALGAS 2019 GRC A /8 SDG&E_SOCALGAS RESPONSE DATE RECEIVED: MARCH 22, 2018 DATE RESPONDED: APRIL 5, 2018
1. Do any of SDG&E s Test Year (TY) 2019 forecasts for O&M costs for nonshared and shared services and capital costs for the estimated years 2017, 2018, and TY 2019 include costs of any subscription-based
More informationPalo Alto Networks Reports Fiscal Second Quarter 2018 Financial Results
Palo Alto Networks Reports Fiscal Second Quarter 2018 Financial Results February 26, 2018 - Fiscal second quarter revenue grows 28 percent year over year to $542.4 million; product revenue grows 20 percent
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationMEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE
MEMORANDUM OF UNDERSTANDING Pg. 1 of 3 DATA SHARING BETWEEN DISTRICT AND SCCOE MEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE This Memorandum of Understanding (MOU) is entered
More informationCyber Liability Insurance. Data Security, Privacy and Multimedia Protection
Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such
More informationBUSINESS-DRIVEN S E C U R I T Y
BUSINESS-DRIVEN SECURITY MARKET DISRUPTORS Mobile Cloud Big Data Extended Workforce Networked Value Chains APTs Sophisticated Fraud Infrastructure Transformation Less control over access device and back-end
More informationBOARD OF COMMISSIONERS PORT OF NEW ORLEANS
BOARD OF COMMISSIONERS PORT OF NEW ORLEANS REQUEST FOR QUALIFICATIONS INFORMATION TECHNOLOGY (IT) CYBERSECURITY VULNERABILITY ASSESSMENT DUE BY TWELVE NOON CENTRAL TIME ON THURSDAY JANUARY 7, 2016 NEW
More informationDEPARTMENT OF FIRE AND POLICE PENSIONS 701 E. 3rd Street, Suite 200 Los Angeles, CA (213)
DEPARTMENT OF FIRE AND POLICE PENSIONS 701 E. 3rd Street, Suite 200 Los Angeles, CA 90013 (213) 279-3000 REPORT TO THE BOARD OF FIRE AND POLICE PENSION COMMISSIONERS DATE: JUNE 21, 2018 ITEM: A.4 FROM:
More informationBank of America Merrill Lynch Future of Financials Conference 2018
Bank of America Merrill Lynch Future of Financials Conference 2018 Jason Witty EVP, Chief Information Security Officer November 5, 2018 U.S. BANCORP Forward-looking Statements and Additional Information
More informationCOLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6
1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit
More informationACORD 834 (2014/12) - Cyber and Privacy Coverage Section
ACORD 834 (2014/12) - Cyber and Privacy Coverage Section ACORD 834, Cyber and Privacy Coverage Section, is used to apply for cyber and privacy coverage. The form was designed to be used in conjunction
More informationThe Internet of Everything: Building Cyber Resilience in a Connected World
The Internet of Everything: Building Cyber Resilience in a Connected World The Internet of Things (IoT) is everywhere, ushering in a technological revolution at lightning speed. According to an Oliver
More informationCrime Coverage Section Application (Large Public Company > $1B revenues)
Crime Coverage Section Application (Large Public Company > $1B revenues) BY COMPLETING THIS CRIME APPLICATION THE APPLICANT IS APPLYING FOR COVERAGE WITH CHUBB INSURANCE COMPANY OF CANADA (THE COMPANY
More informationSara Robben, Statistical Advisor National Association of Insurance Commissioners
Moderated by Daniel Eliot, Director Small Business Programs National Cyber Security Alliance Sara Robben, Statistical Advisor National Association of Insurance Commissioners Angela Gleason, Senior Counsel
More informationIT Security. Chip Moore State Chief Information Security Officer Chris Estes State Chief Information Officer
IT Security Chip Moore State Chief Information Security Officer Chris Estes State Chief Information Officer Chip Moore State Chief Information Security Officer Introduction IT Security is a growing issue
More informationCOMPANY OVERVIEW. February 7, 2019
COMPANY OVERVIEW February 7, 2019 1 DISCLAIMERS This presentation contains forward-looking statements. All statements contained in this presentation other than statements of historical facts, including,
More informationCybersecurity Privacy and Network Security and Risk Mitigation
Ask the Experts at fi360 2016 Cybersecurity Privacy and Network Security and Risk Mitigation Gary Sutherland, NAPLIA CEO Brian Edelman, Financial Computer Inc. CEO Paul Smith, AIF NAPLIA SVP SEC s 1st
More informationUITS Service Level Agreement Terms and Conditions. For. Website Hosting, Maintenance and Support Services
University Information Technology Services 1077 N. Highland Avenue University of Arizona Tucson, AZ 85721 http://uits.arizona.edu UITS Service Level Agreement Terms and Conditions For Website Hosting,
More informationRe: Proposed Cybersecurity Requirements for Financial Services Companies DFS P
CATHERINE M. TULLY Director, Government Affairs Submit via electronic mail: CyberRegComments@dfs.ny.gov November 15, 2016 Ms. Cassandra Lentchner Deputy Superintendent for Compliance NYS Department of
More informationCYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY
CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention
More informationSDG&E DIRECT TESTIMONY OF SANDRA K. HRNA (ACCOUNTING AND FINANCE/LEGAL/REGULATORY AFFAIRS/ EXTERNAL AFFAIRS) October 6, 2017
Company: Proceeding: Application: Exhibit: San Diego Gas & Electric Company (U0M) 01 General Rate Case A. 1-- SDG&E-1 SDG&E DIRECT TESTIMONY OF SANDRA K. HRNA (ACCOUNTING AND FINANCE/LEGAL/REGULATORY AFFAIRS/
More informationREVISED WORKPAPERS TO PREPARED DIRECT TESTIMONY OF NEIL P. NAVIN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 2019 (U 904-G) ) ) ) ) Application No. 17-10-008 Exhibit No.: (SCG-10-WP-R)
More information2016 General Rate Case - APP INDEX OF WORKPAPERS. Exhibit SCG-11-WP - CS - OFFICE OPERATIONS. Overall Summary For Exhibit No.
2016 General Rate Case - APP INDEX OF WORKPAPERS Exhibit SCG-11-WP - CS - OFFICE OPERATIONS DOCUMENT PAGE Overall Summary For Exhibit No. SCG-11-WP 1 Summary of Non- 2 Category: A. Customer Service Office
More informationCybersecurity Insurance: New Risks and New Challenges
SESSION ID: SDS1-F01 Cybersecurity Insurance: New Risks and New Challenges Mark Weatherford Chief Cybersecurity Strategist varmour @marktw The cybersecurity market in the Asia Pacific region contributes
More informationVaco Cyber Security Panel
Vaco Cyber Security Panel ISACA Charlotte Chapter December 5 th, 2017 Vaco is an international talent solutions firm headquartered in Nashville, Tennessee, with more than 35 locations around the globe.
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationFREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500
FREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500 Effective March 1, 2017, the Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationManaging the risks of legacy ICT to public service delivery
Report by the Comptroller and Auditor General Cross-government Managing the risks of legacy ICT to public service delivery HC 539 SESSION 2013-14 11 SEPTEMBER 2013 4 Key facts Managing the risks of legacy
More informationTHE BLOCKCHAIN DISRUPTION. INSIGHT REPORT on Blockchain prepared by The Burnie Group
THE BLOCKCHAIN DISRUPTION INSIGHT REPORT on Blockchain prepared by The Burnie Group NOVEMBER 2017 BUILDING VALUE Business networks create value. The efficiency of business networks is a function of the
More informationThe working roundtable was conducted through two interdisciplinary panel sessions:
As advancements in technology enhance productivity, develop new businesses and enhance economic growth, malicious actors continue to advance as well, seeking to exploit technology for any number of criminal
More informationEquifax Data Breach: Your Vital Next Steps
Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Ann Davidson Vice President Risk Consulting/ Bond Division Allied Solutions, LLC Do You Remember When this Was the Biggest Threat to Data
More informationTe c h n o l o g y T r e n d s a n d I s s u e s
Te c h n o l o g y T r e n d s a n d I s s u e s IMPACT 2015 Accordant Client Conference Ken Fishkin, MCSE, CISSP Director - CohnReznick Advisory Group W E L C O M E K e n F i s h k i n, M C S E, V C P,
More informationCyber Insurance I don t think it means what you think it means
SESSION ID: GRC-T10 Cyber Insurance I don t think it means what you think it means John Loveland Global Head of Cyber Security Strategy & Marketing Verizon Enterprise Solutions Plot A brief history of
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationCyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationOregon Public Employees Retirement System
Oregon Public Employees Retirement System 2017-19 Governor s Budget Phase II Presentation Joint Ways & Means Committee General Government Subcommittee Steven Patrick Rodeman Executive Director Jordan Masanga
More informationYou can't optimize what you can't automate and audit. JJ Garcia Public Sector ITOM Solution Architect March 8, 2018
You can't optimize what you can't automate and audit JJ Garcia Public Sector ITOM Solution Architect March 8, 2018 2 Dr. Brown now understands IT compliance Automation IT Operations Management Products
More informationFraud: Detection & Prevention December 2017
Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO State Banking Operations Fraud Brandon Watson, Banking Director Unclaimed Property Fraud Brenda Williams, Deputy Treasurer,
More informationCybersecurity Insurance: The Catalyst We've Been Waiting For
SESSION ID: CRWD-W16 Cybersecurity Insurance: The Catalyst We've Been Waiting For Mark Weatherford Chief Cybersecurity Strategist varmour @marktw Agenda Insurance challenges in the market today 10 reasons
More informationWORKPAPERS TO PREPARED DIRECT TESTIMONY OF JILL TRACY ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 2016 (U 904-G) ) ) ) ) Application No. 14-11- Exhibit No.: (SCG-17-WP)
More informationANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING
ANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING WHAT IS TECHNOLOGY RISK? Any threat to information technology within your organization and the consequence
More informationUNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C FORM 8-K
UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of Report (Date of Earliest Event
More informationInvestor Presentation
Investor Presentation Q3 2018 Financial Results November 1 st, 2018 2018 ALL RIGHTS RESERVED Safe harbor statement Certain matters discussed in these slides and accompanying oral presentation have "forward-looking
More informationEQUIFAX INC. (Exact name of registrant as specified in Charter)
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of report (Date of earliest event
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationBlockchain: The New Line of Defense
Blockchain: The New Line of Defense Who Am I Your Presenter & Advisory in This Domain q Cybersecurity Solutions Architect for Enterprise & National Level Projects for Kaspersky Lab Middle East, Turkey
More information7750 East Broadway Boulevard, Suite A-200, Tucson, AZ
REQUEST FOR PROPOSAL 7750 East Broadway Boulevard, Suite A-200, Tucson, AZ 85710 riskrfp@blake.easterseals.com Easterseals Blake Foundation hereby requests bids for information security and regulatory
More informationgrowth and improving our operating margin as a result.
ANNUAL REPORT 2015 To Our Stockholders, detection and dynamic instant mitigation. product strategy and company strengths are directly aligned with the trends we see in the market growth and improving
More informationDoes the Applicant provide data processing, storage or hosting services to third parties? Yes No
BEAZLEY BREACH RESPONSE APPLICATION NOTICE: THIS POLICY S LIABILITY INSURING AGREEMENTS PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING
More informationAlternative Investments Advisory Services. kpmg.com
Alternative Investments Advisory Services kpmg.com Alternative investment opportunities are in great demand as investors seek out consistent, riskadjusted returns. But great demand for your business often
More informationCyber-risk and cyber-controls:
Cyber-risk and cyber-controls: 1 Insurance alone is not enough Cyber-risk has become one of the most significant topics in boardrooms around the world. The threat is indeed, very real. Consequently, in
More informationMEET THE NEXT GENERATION OF PROGRESSIVE MANAGEMENT SYSTEMS: BEPS
1 TM MEET THE NEXT GENERATION OF PROGRESSIVE MANAGEMENT SYSTEMS: BEPS WHITE PAPER // BEPS 2 Today s progressives are a jumbled mix of different controllers, stand-alone systems, and legacy displays. Couple
More informationINCIDENT RESPONSE PLAN
Erie County Medical Center Corporation RFP # 21604 Addendum Number 1 Erie County Medical Center Corporation Addendum Number 1 to RFP # 21604 INCIDENT RESPONSE PLAN The deadline for submission still remains:
More information7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS
7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS TO MANAGE INFORMATION RISK AND KEEP YOUR ORGANIZATION MOVING FORWARD, YOU NEED A SOLID STRATEGY AND A GOOD
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationForm 4797: Mysteries, Myths and Methods
Form 4797: Mysteries, Myths and Methods By: Tom O Saben, EA, CFP Identity Theft II By: Larry Gray, CPA Real Estate Dealer or Investor Can t Switch at the Drop of a Hat By: Tom O Saben, EA, CFP One of the
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationSOCALGAS REBUTTAL TESTIMONY OF RENE F. GARCIA (ADVANCE METERING INFRASTRUCTURE POLICY) JUNE 18, 2018
Company: Southern California Gas Company (U0G) Proceeding: 01 General Rate Case Application: A.1--00/-00 (cons.) Exhibit: SCG-1 SOCALGAS REBUTTAL TESTIMONY OF RENE F. GARCIA (ADVANCE METERING INFRASTRUCTURE
More informationCITY OF LONDON STRATEGIC MULTI-YEAR BUDGET ADDITIONAL INVESTMENTS BUSINESS CASE #9
2016 2019 CITY OF LONDON STRATEGIC MULTI-YEAR BUDGET ADDITIONAL INVESTMENTS BUSINESS CASE #9 STRATEGIC AREA OF FOCUS: LEADING IN PUBLIC SERVICE SUB-PRIORITY: EXCELLENT SERVICE DELIVERY STRATEGY: DELIVER
More informationConstruction. Industry Advisor. Fall Year end tax planning for construction companies. How to self-insure your construction business
Construction Industry Advisor Fall 2015 Year end tax planning for construction companies How to self-insure your construction business Cost segregation studies can benefit you and your clients Contractor
More informationSOUTHERN CALIFORNIA GAS COMPANY ADVANCED METERING INFRASTRUCTURE CHAPTER II SUMMARY OF AMI BUSINESS CASE
Application No.: A.0-0-0 Exhibit No.: SCG Date: March, 00 Witness: Edward Fong SOUTHERN CALIFORNIA GAS COMPANY ADVANCED METERING INFRASTRUCTURE CHAPTER II SUMMARY OF AMI BUSINESS CASE Errata to Prepared
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationInformation Technology Services PROPOSED SERVICE PLAN
P1 1. Mandate: Information Technology Services PROPOSED SERVICE PLAN 2019-2022 To provide information management, systems, and technology solutions through a balanced approach of leadership and partnership
More informationAUSTRACLEAR REGULATIONS Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationNAIC BLANKS (E) WORKING GROUP
NAIC BLANKS (E) WORKING GROUP Blanks Agenda Item Submission Form DATE: 0//0 CONTACT PERSON: Sara Robben TELEPHONE: 8-8-80 EMAIL ADDRESS: srobben@naic.org ON BEHALF OF: NAME: Commissioner Mike Chaney FOR
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationCase study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms
Case study Malware mayhem A targeted ransomware attack on a technology provider opens up a can of worms Ransomware is one of the fastest growing forms of cybercrime in the world. According to our own claims
More informationTable of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process
Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,
More informationDOWNLOAD OR READ : SECURITY ANALYSIS PORTFOLIO MANAGEMENT MBA FM 02 PDF EBOOK EPUB MOBI
DOWNLOAD OR READ : SECURITY ANALYSIS PORTFOLIO MANAGEMENT MBA FM 02 PDF EBOOK EPUB MOBI Page 1 Page 2 security analysis portfolio management mba fm 02 security analysis portfolio management pdf security
More informationFraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer
Fraud and Cyber Insurance Discussion Will Carlin Ashley Bauer Why is it Important to Remain Vigilant? Fraud does not discriminate it occurs everywhere, and no organization is immune The changing business
More information