Integrating Cyber Security into Normal Operations
(Room Arena 2)
20 Jun 18
4:00 PM
-
5:30 PM
Tracks:
Arena 2: Cyber Attacks: How Vulnerable are we?
Integrating cyber security into normal operations is a lofty but often unattainable goal. Cyber security expertise is generally limited in Operational Technology personnel and operational expertise is generally limited in cyber security personnel. This contributes to difficultly in communicating both what is technically required for security and what the operational resources technically can support. Using a resource-based, attribute-aligned, and risk-informed method for managing all aspects of cyber security (Risk, Vulnerability, Compliance, Governance, etc...) organizations can greatly simplify communication across the enterprise. This significantly reduces the cyber security overhead and increases the efficiency and effectiveness of operational personnel (without significant expertise in cyber security) in designing, implementing, and maintaining appropriate security postures of the resources they support. This presentation will review one method of managing cyber security and will explain the three key aspects of the methodology: resource-based, attribute-aligned, and risk-informed; and demonstrate how they can be leveraged to effectively manage security posture information for all aspects of an enterprise. Examples of security analysis will be reviewed to demonstrate the key activities required to implement this methodology and how it can be used to unify IT, OT, and IoT cyber security program management. The audience will be receive an overview of cyber security management processes and through practical examples understand key issues and obstacles encountered therein.