Items Tagged with "Security"
May 05, 2013 Added by:Eric Byres
In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal.
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
April 12, 2013 Added by:Le Grecs
Password managers will automatically fill in usernames and passwords as your target surfs around the web doing their usual things. I’ve found they just love this convenience and it serves as a great motivator for them to continue using it.
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
March 20, 2013 Added by:Ian Tibble
The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
March 13, 2013 Added by:Allan Pratt, MBA
Today, the world of mobile devices includes smartphones and tablets. This post doesn’t favor any specific brands, but let’s agree that the industry leaders are iOS and Android devices. The jury is still out as to whether or not BlackBerry will become a contender.
March 06, 2013 Added by:Allan Pratt, MBA
In today’s work environment, costs are skyrocketing, but one way to reduce costs is to offer a telecommuting option for employees. While it may be easier for telecommuting employees to perform their work at home or in the field, the process doesn’t happen without posing serious security risks.