Before implementing Bring Your Own Device solution an enterprise must gain clarity in the following four areas: Objectives User needs Risks Exploring alternatives Objectives The first step an enterprise must take is to become clear about what it wants to...

Physical Security in ICS environment Physical security controls are any physical measures, either active or passive, that limit physical access to any information assets in the ICS environment. Organizations employ these measures to prevent undesirable...

Bring Your Own Device (BYOD) Introduction Bring Your Own Device is an arrangement whereby the employees are permitted to bring their own personally owned devices such as laptops, tablets, or mobile phones to work and to use them to access the enterprise’s...

Risk Management Approach - Asset Inventory and Risk Characterisation The attack surface for an operation includes all the vectors associated with gaining access to the systems or equipment considered critical to business operations. To implement con­trols...

The un-patchable system There are systems that can’t stop and must be operational all around the clock. This is a lack of design foresight as such systems can’t have security patches applied without scheduling a downtime window. And the more complex the...

Risk Management as a Defense-in-Depth strategy element for ICS Understanding the business risk associated with ICS cybersecurity and managing that risk is the first stop to improving the enterprise’s cybersecurity posture. Indispensable in the application of...

Uncontrolled and unobserved third-party access These days more and more enterprises outsource support for some or all of their systems to a third party. If an enterprise does this, it becomes dependent on another organisation's security standards and...

Introduction to Defense-in-Depth strategy elements Defense in Depth is a combination of people, technology, operations, and adversar­ial awareness that creates a shield of security countermeasures. The setup of this shield must constantly be adjusted and...

Building an ‘on-prem’ solution in the cloud Cloud has now been around long enough for those who depend heavily on IT infrastructure to realise that moving their operations to the cloud is smart. It is brilliant for many reasons. It gives you greater...

The days of physical separation between the corporate and operational domain, which together with the ‘security through obscurity' approach were the main protective measures for ICS, are a tale of the past. Modern control system architectures, business...