cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer III

Re: Addressing cybersecurity to an unaccustomed industry

Is the group only interested in trade or does it also have members from industry?

In the latter case I think it's important that Cybersecurity for IT and Cybersecurity for ICS are tow entirely different things although they look superficially similar. Where in IT we talk about Confidentiality, Integrity and Availability, in ICS we turn that around and talk about Safety, safety, safety, Availability, Integrity and Confidentialy. The risks for both kinds of security are completely different. In the IT world we talk about identity theft, theft of Intellectual Property and the like but in ICS loss of human life or severe injuries are real risks that have to be mitigated.

Kind regards,

Johannes
Highlighted
Contributor II

Re: Addressing cybersecurity to an unaccustomed industry

To address your question, the trade group mostly focuses on sales and relationship building.  Only recently was I made aware that there was a "VP of IT" in the trade group!  His background includes PMP and ITIL, and he states an expertise in infrastructure design, business process improvement, and cloud computing.

 

And here I am, like the Spider Man meme, thinking "if members need those things, then it's a de facto conclusion they need cybersecurity, too."

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Highlighted
Community Champion

Re: Addressing cybersecurity to an unaccustomed industry

@ericgeaterI guess, that one could do some research around that particular industry, in terms of what is likely to get their attention in terms of the types of risks, threats which would have an impact on them.

 

Are there any regulations, which apply to that particular group, which they have to adhere too and are there any implications or knock on affects, if they are not prepared.  As we all know it is a matter of being prepared rather than "if it happens" these days.  Example How would be they deal with a Ransomware extortion?  What is their particular policy or would they merely hand it over to the Cyber Security Insurance company to deal with?

 

I would take useful report such as "https://www.ibm.com/security/data-breach

 

How do they rate in being prepared? 

 

Or check out the International Telecommunications Union (ITU) Cyber Security Index and do some background research?

 

Work what is critical to that particular industry and what attack vectors have they encountered in the past?

 

Have they carried out a recent digital transformation - just ask them where they think their data actually exists and whether they think it has the necessary level of protection and that only authorised users, devices, applications and networks can access it legitimately.

 

There are plenty of approaches, but simply raising questions and showing examples, may resonate and get them asking questions rather than taking the FUD approach - which in general never works.

 

Regards

 

Caute_cautim

 

 

 

 

 

Highlighted
Contributor II

Re: Addressing cybersecurity to an unaccustomed industry

Thanks to everyone for your suggestions!  I've been working on a presentation that included many of them, and hopefully I'll have a chance offer it to the trade group.

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."