Endnotes 159 should be extended to the application, operating system, and network levels and include the implementation and use of intrusion detection and intrusion prevention systems. Without logging and monitoring, the utility companies will be flying blind during and after attacks on their environments, including the smart grid. SUMMARY Developing and maturing an information security program is fundamental to the security of the utility companies and the smart grid. The process of developing and maturing information security programs cannot be performed in an ad-hoc fashion or be performed in a vacuum. Utilizing internationally recognized standards such as the ISO/IEC 27000 series standards of the Information Security Forum's Standard of Good Practice will ensure that the most critical aspects of an effective information security program are included. While a standard-based approach to developing and maturing the utility com- panies information security program is fundamental, certain technical practices