Enterprise Security and Risk Management
Like all major infrastructure, the nation’s electric power grid is subject to an array of threats, from naturally caused phenomenon such as extreme weather to vandalism, terrorism and insider risks that jeopardize reliability, safety and data security. The stakes are high; our response to an event affects our customers, our reputation and the reliability of the power grid.
Growing risk from third-party products and services has prompted new regulations to protect the grid’s resilience and reliability. As threats have become more sophisticated and massive breaches have occurred, such as the multiple data breaches that have occurred elsewhere at companies globally, the reality is that it is a continual struggle to achieve total, complete security. Faced with this reality, our comprehensive security strategy – known as “Defense in Depth” – assumes a broader range of possibilities, such as physical theft, unauthorized access to data, and incidental threats as a result of dangers that do not specifically target protected systems or assets.
In 2017, we incorporated cyber and physical security risks into the new enterprise risk management framework. This provides a more comprehensive approach to understanding these risks in relation to other enterprise risks. This allows us to make security decisions based on the level of the risk posed to AEP by looking at our total risk profile and making more informed decisions based on our priorities and resources.