HUMAN RESOURCES MANAGEMENTAugust 18, 2009

OU

TLINE

Key Results

Ensure all stakeholders are well informed of cybersecurity and its financial impact to the organization

Commit to clear and consistent cyber security procedures

Establish reinforcing infrastructure and talent support systems

I. Importance of the human capital elementA. New section for Phase IIB. Incorporates all stakeholdersC. Critical to both pre-emptive and

defensive activitiesII. QuestionsIII. Considerations for answering questions

A. Creating a cyber secure cultureB. Leadership and talentC. Organizational structureD. Standard operating procedures Account management policy and

procedure Network access and administration Layered defense Disciplinary processE. System integrity Backup and recovery processF. Training and communication Regular schedule for employees Intervention at all levels of engagement

(intake, periodic and termination) General communicationsG. Reinforcing infrastructure Stakeholder identification and

leadership responsibilities Performance management and

incentives Investigative process and follow-

throughIV. Charts and graphs

A. Stakeholder roles and responsibilitiesB. Training effectiveness chart

QUESTIONS6.1 How do we attract, develop and retain critical cyber security

technical and leadership talent, including those in functional areas requiring cyber security savvy?

6.2 Does our organizational structure support key functional integration to ensure threat mitigation and rapid crisis response?

6.3 How does our cyber security communications plan address and measure the effectiveness of threat awareness and training for all network stakeholders?

6.4 What is our monitoring and auditing operating procedure for online activity? Updated password and account management policies Stakeholder compliance audits Layered defense against remote attacks

6.5 How does our SOP address elevated access possessed by system administrators and privileged users?

6.6 Have we assessed the need for protection of our social networking and share center sites?

6.7 How do we routinely audit network access throughout the network stakeholder lifecycle, especially at termination or out-processing?

6.8 Does our progressive discipline policy address our need for threat investigations involving any network stakeholder for suspicious or disruptive behavior?

6.9 How do we ensure integrity and continued operations of our employee database and related systems like recruiting, benefits, travel and payroll?

6.10 Do our performance management and compensation strategies provide adequate support for our cyber security mission?

SCHEDULE

Date Meeting ObjectiveAugust 7th Initial mtg Establish

schedule; R&RAugust 13th Outline dueAugust 14th Weekly status Clarify R&R;

update outlineAugust 18th ISA/ANSI MtgAugust 21st Weekly status Working draftAugust 28th Weekly status Draft UpdateSeptember 4th Reschedule Draft UpdateSeptember 11th

Weekly status Draft Update

September 17th

Weekly status Draft Update

September 24th

Weekly status Subcomm Review

October 1st Weekly status Final reviewOctober 8th Weekly status Submittal

Weekly schedule – Friday at 8am

Sept 4th meeting TBD due to holiday

Will update calendar based on ISA/ANSI schedule

CRISIS MANAGEMENT Backup and recovery process Investigations

Stakeholder identification and leadership responsibilities

Investigative process and follow-through

Disciplinary process Communications