Analysis of some practices and methods in the Electric Power Industry Giovanna Dondossola* Rivista: Electra N. 239 Agosto 2008 *CESI RICERCA The paper presents the outcome of a survey activity of the Risk Assessment practices performed within the Cigré Working Group (WG) D2.22 “Treatment of Information Security for Electric Power Utilities (EPUs)”. The WG decided to approach the Risk Assessment issues by starting to survey the status of the practices of the WG members with the aim of setting up an initial, shared view of the state-of-practices. By following an anonymous style of reporting, the core aspects of the considered best practices are first described and then evaluated on a common base. Only a few commonalities but a lot of differences were found among the WG members` practices. The findings demonstrate the lack of a reference method and confirmed the need of developing a electricity-specific methodology that is widely accepted by most Electric Power Utilities and integrating both power and ICT (Information and Communication Technologies) security knowledge. Preliminary recommendations from the state of these practices as well as open issues to be addressed in future developments are derived from the analysis. The presented overview on Risk Assessment practices constitutes a first step towards the final WG objective of developing practical recommendations addressed to both chiefs of EPU Security Programs and managers of Control Centers.