"cyber-security risk management"
When hearing those^ words, most still haphazardly associate them with these following groups of keywords:
-
Standards, Policies, Procedures, Audits and Compliance
-
Firewalls, IPS, SIEM, SOC, ISMS, Pen-testing, SCADA, Monitoring, Backups, ...
-
Contracts and Disclaimers, Outsourcing, Suppliers, SaaS, Cloud, ...
But there are other factors which play a far more fundamental role.
For instance:
- Logic !
- KISS principle
- Long term safeguard strategy
- Group dynamics psychology and cultural differences
- Preventing Catch-22 constructions
- Mappers versus stackers methodology
- Inherent time driven rule set pollution
- Mitigating conflicting interests
- Prevention of sabotage and espionage
- Typical unreliable products and methods
- Oversimplified procedures versus decisive knowledge
- Applying systematic Logic to check/unravel widely interconnected structures
- ...to name a few...
So, if you get a standard certified security officer/consultant/specialist/architect
to "do security" for your organisation...
You can expect the standard detached narrow-focus outcome,
which does not include several crucial factors needed for a solid safeguard structure.
¿ If there is a desire to safeguard information processing and/or process control (SCADA) infrastructures,
you can let us teach you how to do it.
