2217 - Which Standard is Best for Your Company Standards Program? (James McQuiggan / Dave Lewis)
Floor 4, Salon 1 - Wednesday September 27 8am to 8:50am
One Standard to Rule them All! Please reply to ask a follow up question to our presentation!
Abstract: Companies today are increasingly discovering that it is difficult to determine which standard they should implement to secure their company's data, assets and people. Manufacturing, oil and gas and electricity industries have a responsibility to themselves but also to customer's demands to be secure and compliant. Which one should they use? NIST, ISO, UL, NERC CIP, IEC 62443? This alphabet soup of standards certainly gets confusing. Is there a right one to use? Should more than one be used? We'll explore this issue from the purchaser standpoint regarding a long-term model for industry control systems, and how commodity hardware and software are demanding a change in paradigm, but rate cases do not allow for it.
Gain a strong overview of the various information security standards available to industries.
Identify which ones are certifiable, regulatory or just a guideline.
Understand the conflicting issues that arise between customer and vendor and security