SlideShare une entreprise Scribd logo

ICISS Newsletter Sept 14

Capt SB Tyagi, COAC'CC*,FISM,CSC,
Capt SB Tyagi, COAC'CC*,FISM,CSC,

Monthly Newsletter for September 2014 issued by International Council of Industrial Security & Safety

Formation
1  sur  8
Télécharger pour lire hors ligne
Newsletter: Sept 2014 Let’s professionalize the professionals… http://sbtyagi.wix.com/icissm Market competition in industry has traditionally driven the evolution of control systems – physical as well as network and virtual! Over a decade ago, most control systems were autonomous and built upon proprietary vendor technology and the solutions were geared towards access to personal, data, processing speed, and functionality (or reliability). The most important feature was access to data. At first many vendors built their own protocols or languages to allow for the transfer of data and soon the automation landscape became very proprietary and independent of other systems and protocols. Parallel to this was the development of Ethernet networks for business data networks. In early 2000, vendors saw advantages to include ‘Ethernet-compliance’ to allow for communication between security systems including those outside the plant environment. However, in the rush to market many vendors built ad-hoc versions of protocols that worked for the purpose at hand but did not include security. Now most industries with control systems are facing many pressures to both allow access to data and personnel and to secure them. There are many forces pushing these opposing trends including data access to enable business decisions, vendor access for process improvements and advanced control exercises like loop tuning and alarm management. However this increasing need for access is further diluting the security of many of these systems and is putting many process control environments at risk. In some industries this is more of a nuisance than anything, but for most industries a loss of control over your process can mean a serious safety threat. As one noted security professional who works for a major refinery once pointed out, “our industry is one such that a loss of access or control over our systems usually means someone dies”. Regardless of the potential harm, any industry with little or no security in and around their control system will at least lose production for some time. This can translate into re-work, overtime, environmental release, and other intangibles such as competitive edge, investor confidence and potentially the ability to stay in business. The new push for control systems is to try to balance the two opposing trends: Access and Security. And the pressure is coming from many angles. Increasing market competition means that most industries are ‘pushing the envelope’ to run faster, more efficiently and with less downtime. This means more outside ‘tuning’ and better visibility into production from specialized experts who may not be physically at the site. The advancing age of the workforce in general means many C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
industries are automating more control of their assets and expecting the same staff to manage & optimize more resources thereby increasing their reliance on computers. The scope of the term ‘security’ often seems vague and the sheer volume of effort and areas of concern this may represent can be overwhelming. However, this need not be the case. In looking at a number of security frameworks or standards a common theme emerges that is quickly being adopted as a holistic and effective approach to security. This approach combines efforts and initiatives that go far beyond the purchase and deployment of technology. Different initiatives offer different sections, headings and names for each of their areas of concentration but in the end, all efforts can usually be summed into three (3) foundational areas: People, Processes and Technology. The priority of developing a security philosophy is needed in essence which will in turn foster a security culture. Before beginning any security program or initiative your organization must first adopt a security philosophy. A security philosophy will sound different for each company, industry and region in which it is created but there are some basic requirements that all security philosophies must have. Underpinning all efforts within organizations one must first have a security philosophy and always work towards creating and maintaining a strong security culture or your momentum will be lost. What we call security surveys and security audits are basically ‘outsourced introspections’! Such exercises are required to focus on following areas -  What are the policies and standards we currently have?  How well are they implemented?  What issues / problems do we have?  What requirements apply to our industry?  Where do we need to be from a security perspective?  How will we change / improve the situation? There is no "standard" standard. It is not a cliché. In fact there are no set standards in India so far as security systems and gadgets are concerned. There are no governing / regulatory bodies and industry itself has failed to develop its own self-regulatory mechanism as developed by films industry, broadcasting and media industry or the IT Education Industry. In UK BISA is watchdog which sets standards for security guards, supervisors, pub bouncers, front man etc. BISA is also setting the training and education standards for security personnel. Similar initiatives are undertaken by ASIS in USA. Knowing which standard to choose and what your obligations are as a result of that choice, is key first step in managing compliance. Some industries and organizations are required to meet security standards established by laws or regulations. While buying the security systems or gadgets, security professionals need to first understand the technology and also what can be done with it including its limitations. The shelf life of a system or gadget is directly related to its technology – which is changing very fast. Today what is current and ‘the thing’, may not be C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
maintainable / repairable in a very short time. A system must have longevity of at least 6-10 years with on-site repair condition. Thinking that technology can solve all the problems means that either you do not understand the technology or you do not understand the problem! The first premise is quite simply that security is important to the organization. This means the decision makers, the owners and operators of the systems, the support staff, the consultants, vendors, site staff, in short everyone, understands that keeping your facility secure is in everyone’s best interest. This is no different from the importance placed on safety. More often than not, an industrial facility has a long history of always trying to raise safety awareness and tried to educate everyone as to why safety is important. Every employee, contractor and visitor onsite needs to have safety orientation and updated each year. This also needs to happen for security, and can be integrated into safety programs. Without rank and file team members who understand their role and the importance of their actions (or inaction) at your site, you will not succeed in securing your facility. It is a harsh reality but the simple fact remains that your internal, trusted employees have the greatest opportunity to cause or create a security breach intentionally or otherwise. In other words, your security program is only as effective as your least informed employee. More often than not, many organizations see security programs or initiatives as projects that have a defined start, finish and cost. This may be the case for a particular component of your on-going security efforts, but true, lasting security is an on-going initiative. This is quite simply due to the fact that security concerns are brought about by technology - and technology keeps changing! What was a threat yesterday or last week may be fixed by your current security plans, but the next threat coming will not be as deterred. Less than 5 years ago USB keys or ‘thumb drives’ were an emerging fad. Today they are sold more cheaply than ever, are capable of huge storage capacities and require little or no knowledge of specialized applications or programs for using them. This was not a concern a few years ago. Unfortunately your security program is only as effective as it is current. This topic is the basic premise on which your security philosophy needs to be built. As mentioned earlier, your weakest link and biggest threat is your least educated employee. If you install security programs, risk management processes and a healthy business continuity plan or disaster recovery plan you are well on your way to securing your environment. However, if any of those efforts cause a change in the day-to-day business flow for your employees then you will need to explain to them why these changes are necessary. Too many times are programs implemented without the proper awareness training and education for the people whose daily lives are most affected? In these cases it is only a short time before the day-to-day users start to find ways around the new systems you just put in place thus negating your efforts. Think of a school computer lab where students are some of the most creative people at bypassing security because they do not understand or care about security. Your security program will live and die based on how well your employees receive and embrace it. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
The last and perhaps most important thing a proper security philosophy needs is the attitude of balance. In this sense the balance is between risk and reward as well as between effort and return. In order for your organization to move toward a proper security program you must first decide as an organization what level of risk you are willing to live with. Every change you make to your current environment towards security is going to cost something whether it is time, money, or access to your data. And no matter how you do proceed, there is a very good chance that you will still have some sort of incident at some point in time. A security incident can be catastrophic system failure, accident in process area or subtle inappropriate access to data or an IO room. The true measure of your security program will be in how well contained the incident is, how quickly you recover, and if you choose to learn and benefit from it. The day will come when a business need conflicts with a security best practices. Being prepared to deal with this situation will save time, money and aggravation. Every business has different needs and tolerance for risk. At some point, business needs may win out over security best practices. You need to have a process in place to allow the organization to:  Understand the risks being taken  Document these risks and their mitigating factors  Make and document an informed decision as to whether to accept a risk  Periodically review accepted risks to determine whether new mitigations are available and whether the risk is still acceptable Having a well-defined process to handle exceptions will allow your organization to deal with situations that fall outside of those anticipated when the policies were written. Hand your business managers a copy of typical standards and they'll probably end up using them – to prop up the short leg on the table in the break room. Business unit folks want security folks to provide them with specific instructions on how to make their systems and premises secure. Telling a business unit manager to "use two-factor authentication to protect critical information" or to tell them to “use ACS along with IDS on common platform” is not helpful. You need to provide your users with organization-specific tools, such as criteria for deciding whether information / facility is critical or not, and lists of tested and approved security solutions specifically tied to policies. Remember, policies are not instruction manuals. Policies are high-level statements of the intent of the organization. Specific information as to how to implement policy should be laid out in procedural documents. The key here is clarity and consistency. You should be able to put the C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
same procedural and policy documents in front of everyone in your organization and have them come to the same conclusions as to the security measures that are needed to meet the standard. If your organization has an Internal Audit department, these are good people to get involved in the process of developing measurable actions. After all, they will be doing the measuring of compliance, and their experience in other types of audits and standards is a valuable resource. Auditors have the structured approach needed to put this practice to work. If our friends in Washington or your state capital dictate your external standards, get your legal folks involved as well to insure that your measurements will hold up in court. Industry standards for security are not a cure all – and this is a good thing on the whole. While legislators and industry groups can tell us a lot about best practices and goals, it is up to the management and security professionals in our organizations to come up with the processes and procedures. Education remains an area of concern for security professionals. The perception is that professionals with army or police services are inadequately prepared to create secure environment and premises. One comment seemed to resonate with many: “If it’s fair to expect a journalism graduate to write with appropriate grammar, why can’t we expect ex-army / police officers to plan and execute good security measures?” This problem arises from a number of challenges, particularly the need to adjust curricula to meet the ever-changing technology landscape. Security is also an “eat your vegetables” topic that most security professionals rank low on their hierarchy of interests. The onus falls to employers and groups like ICISS / IPSA / BISA / ASIS / SAFE Code to inform training institutions of the need for candidates who are well trained in how to plan, execute and revise / review the effective security plans as per changing needs of varied organizations and industries that allow business to be conducted with assurance. Security is treated in most business and organizations as ‘cost center’ needing budgets for non-productive systems and plans. Security is also seen as burden which is evil yet essential. There are issues such as insurance, legal compliances, pressure from stakeholders etc. that meager budget is allocated to security department. Mostly security professionals are to be blamed for this misconception. It is good security that guarantees secured, hassle-free congenial work atmosphere where all production, operation and maintenance or marketing activities are conducted smoothly without fear or danger. No one can work; forget the best performance, if there are chances of attack by miscreants, theft of costly inventory or law-and –order problems inside the premises or at work-floor areas. Good security means good production, means higher profit! C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
Digital displays changed the approach of modern man towards time and especially towards wrist watches. Hitherto, time was seen but suddenly time was being read with digital watches. So, analog watches were replaced by digital watches even when for a short time. Since the need for analog watches remained and technology transition took time, a new genre of watches, called “Digi-ana” (Digital and Analog) was brought to the market. Similar technology driven changes were made in banking industry which greatly facilitated customers and also impacted security concerns. ATMs changed the ways banking is done! Since banks wanted to cut operational costs, they also wanted less and less customers coming to their branches for mundane banking activities such as cash withdrawal, balance inquiry or pass-book updates. ATMs were answer to all such needs and were found to be convenient, efficient and low cost. As Customers liked it, banks eagerly multiplied the number of ATM’s. Initially different group of credit cards were present, soon debit cards also joined the hustle-and- bustle and soon majority of ATM’s started accepting all leading brands of credits cards and debit cards of all leading banks. At this stage since foot falls per ATM increased, increased need of cash in ATM caused security concerns. The licensing authorities, regulators and police demanded effective security measures for ATMs, causing increased administration costs. Thus ‘banking-away- from banks’ became expensive propositions considering 24x7 operation and security needs. It is well studied forecast of changing trends in ATM operations that soon ATMs will remain just ATM without carrying name of any bank. All the transactions using credit / debit cards will carry transaction fees and operation and maintenance will be by some specialized agency other than the banks. Thus ATM operations will cater to varied needs of the customers and also incorporate directives of the regulator, licensor and the police. It is further envisaged that soon in India every citizen will have only one bank account against the present freedom of holding multiple accounts in multiple banks. This migration to ‘regulated bank account regime’ will go long way for effective e-governance and reducing black money as well as reducing tax thefts. In this emerging scenario; changing trends in security management will develop. Two major trends are foreseen-  Central Command & Control Centre  ATM Management Services. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
There have been pioneering services started by few leading companies in Metro cities where under command and control center have been established by them with the trained manpower and sufficient resources with Quick Response Teams, to take care of specific need of clients. The clients’ CCTV and other alarm system are maintained and monitored, notifying the pre-identified authorities, mobilizing the resources to mitigate the alarm situation and prepare post-event reports. Since this area of specialized service has just opened-up, there are not very many players and standards are non-existent. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx So far as ATM Management Services are concerned, the direction and decision of the Government will decide the shape this segment is to take. Early indications are that Central Government is seriously thinking of providing a bank account to every citizen of India linked with Aadhar and or National Citizenship Card. The citizen will have a choice for selecting a bank. Electronic transactions will be favored or rather encouraged. Instead of going to the banks, the customer would be led to ATMs where any type of card from any bank will be acceptable. For each transaction the concerned bank will charge fees from customers, part of which will go to franchisee running / maintaining the ATMs. Thus new service segment will emerge which will offer range of services including congenial and secured environment where customer would prefer to have ATM transaction, cash transportation to feed ATMs, security of machines and the facilities and up keep and maintenance of ATMs. All the gamut of services related to ATMs will be preferred to be provides by one services provider. Thus, it can be seen by above that soon there will be two specialized services sectors emergency in broad area of security management for which niche is already created. Some pioneer work has already been done and industries thought-leaders have already begun the initiation to shape-up this segment further.
London: Al-Qaida terrorists have found a way to turn smartphones – especially iPhones and Samsung Galaxy handsets – into explosive devices and intend to explode them on commercial flights, it emerged on Friday. Britain has tightened security in airports across the UK after receiving credible evidence from US of a “possible al-Qaida terror”. The threat is “Different and more disturbing” than previously attempted techniques including explosives hidden in toothpaste, shoes and ink cartridges. US officials said that smartphones will be used as ‘stealth bombs’. UK has also been informed that explosive makers from Yemen-based al-Qaida have discovered how to turn the phones into explosive devices which are extremely difficult to detect. British airports, including Heathrow and Gatwick, have now decided to put in a second layer of checks at departure gates. The key suspect is Syria based Jabhat al-Nusra, who has joined hands with members of al-Qaida in Yemen. Beijing: Chinese scientists have developed a mini-camera can scan the crowd for highly stressed individuals, in a bid to prevent suicide bombing, media reports said on Tuesday. A research team led by Chen Tong, associate professor at South West University in Chongqing developed a ‘stress sensor’ that can help the police to spot suicide bombers by capturing the stress levels of people, Hong Kong-based South China Morning Post reported. “The sensor measures the amount of oxygen in blood across exposed areas of a body, such as the face. The higher the mental stress, the higher the blood oxygenation,” it said. “The readings of the device may not be always reliable. For example, with enough practice, a person can learn to control their heartbeat,” the report added. The technology comes amid heightened fears the country witnessed brazen terror attacks by native Uygur separatists in the northwestern Xinjiang region recently. Talking about the functionality of the device, Chen said that “officers looking through the device at a crowd would see a mental ‘stress bar’ above each person’s head and the suspects highlighted with a red face”. “Laboratory tests of the technology had yielded encouraging results,” Chen added. ICISS at LinkedIn: http://www.linkedin.com/groups?gid=4413505&trk=hb_side_g ICISS at Google Group: https://groups.google.com/forum/?fromgroups#!forum/icissm Suggestions & feedback may be sent to us on e-mail: onlineicissm@gmail.com P.S. - If you don't like to receive our newsletter, we apologize for bothering you. Please let us know your mail address and we will move it out from our contact list, thank you! C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx

Recommandé

14 june
14 june14 june
14 juneCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
ICISS Newsletter Oct14
ICISS Newsletter Oct14ICISS Newsletter Oct14
ICISS Newsletter Oct14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
News letter June 11
News letter June 11News letter June 11
News letter June 11captsbtyagi
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 

Recommandé

14 june
14 june14 june
14 juneCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
ICISS Newsletter Oct14
ICISS Newsletter Oct14ICISS Newsletter Oct14
ICISS Newsletter Oct14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
News letter June 11
News letter June 11News letter June 11
News letter June 11captsbtyagi
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityDean Bonehill ♠Technology for Business♠
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Synopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in indiaSynopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in indiaGyan Research And Analytics
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
14 aug
14 aug14 aug
14 augCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
14 may
14 may14 may
14 mayCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
14 july
14 july14 july
14 julyCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
Energy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and SecurityEnergy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and SecurityLove Steven
 

Contenu connexe

Tendances

SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Synopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in indiaSynopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in indiaGyan Research And Analytics
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorOlivier Busolini
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 

Tendances (18)

SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires Superhumans
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Synopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in indiaSynopsis & toc sectoral capsule on cyber security market in india
Synopsis & toc sectoral capsule on cyber security market in india
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 

En vedette

Energy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and SecurityEnergy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and SecurityLove Steven
 
Technology for national security
Technology for national securityTechnology for national security
Technology for national securityMUTHU LAKSHMI
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Securityteam-WIBU
 

En vedette (7)

14 aug
14 aug14 aug
14 aug
 
14 may
14 may14 may
14 may
 
14 july
14 july14 july
14 july
 
Energy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and SecurityEnergy Databank in Nigeria: Management ,Technology and Security
Energy Databank in Nigeria: Management ,Technology and Security
 
Application of science & technology in security management
Application of science & technology in security managementApplication of science & technology in security management
Application of science & technology in security management
 
Technology for national security
Technology for national securityTechnology for national security
Technology for national security
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Security
 

Similaire à ICISS Newsletter Sept 14

1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxkatherncarlyle
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxdaniahendric
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Chapter 1Information Security OverviewCopyright © 2014 by Mc
Chapter 1Information Security OverviewCopyright © 2014 by McChapter 1Information Security OverviewCopyright © 2014 by Mc
Chapter 1Information Security OverviewCopyright © 2014 by McEstelaJeffery653
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCruzIbarra161
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItPeak 10
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeawaysaccenture
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfNathanDjami
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Similaire à ICISS Newsletter Sept 14 (20)

1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 
Chapter 1Information Security OverviewCopyright © 2014 by Mc
Chapter 1Information Security OverviewCopyright © 2014 by McChapter 1Information Security OverviewCopyright © 2014 by Mc
Chapter 1Information Security OverviewCopyright © 2014 by Mc
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeaways
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

Plus de Capt SB Tyagi, COAC'CC*,FISM,CSC,

Plus de Capt SB Tyagi, COAC'CC*,FISM,CSC, (20)

14 nov
14 nov14 nov
14 nov
 
ICISS Newsletter April 14
ICISS Newsletter April 14ICISS Newsletter April 14
ICISS Newsletter April 14
 
ICISS Newsletter March 14
ICISS Newsletter March 14ICISS Newsletter March 14
ICISS Newsletter March 14
 
ICISS Newsletter Feb 14
ICISS Newsletter Feb 14ICISS Newsletter Feb 14
ICISS Newsletter Feb 14
 
News letter jan.14
News letter jan.14News letter jan.14
News letter jan.14
 
News letter dec.03
News letter dec.03News letter dec.03
News letter dec.03
 
News letter oct 13
News letter oct 13News letter oct 13
News letter oct 13
 
News letter sept 13
News letter sept 13News letter sept 13
News letter sept 13
 
News letter aug 13
News letter aug 13News letter aug 13
News letter aug 13
 
News letter july 13
News letter july 13News letter july 13
News letter july 13
 
News letter june 13
News letter june 13News letter june 13
News letter june 13
 
News letter april 13
News letter april 13News letter april 13
News letter april 13
 
News letter march 13
News letter march 13News letter march 13
News letter march 13
 
News letter feb 13
News letter feb 13News letter feb 13
News letter feb 13
 
News letter jan 13
News letter jan 13News letter jan 13
News letter jan 13
 
Saw security awareness part v
Saw security awareness part vSaw security awareness part v
Saw security awareness part v
 
Security Awareness Part II - women security tips
Security Awareness Part II - women security tipsSecurity Awareness Part II - women security tips
Security Awareness Part II - women security tips
 
Security Awareness Part I
Security Awareness Part ISecurity Awareness Part I
Security Awareness Part I
 
Lesson learnt from mumbai terror attacks.
Lesson learnt from mumbai terror attacks.Lesson learnt from mumbai terror attacks.
Lesson learnt from mumbai terror attacks.
 
Crime investigation
Crime investigationCrime investigation
Crime investigation
 

Dernier

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Dernier (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

ICISS Newsletter Sept 14

  • 1. Newsletter: Sept 2014 Let’s professionalize the professionals… http://sbtyagi.wix.com/icissm Market competition in industry has traditionally driven the evolution of control systems – physical as well as network and virtual! Over a decade ago, most control systems were autonomous and built upon proprietary vendor technology and the solutions were geared towards access to personal, data, processing speed, and functionality (or reliability). The most important feature was access to data. At first many vendors built their own protocols or languages to allow for the transfer of data and soon the automation landscape became very proprietary and independent of other systems and protocols. Parallel to this was the development of Ethernet networks for business data networks. In early 2000, vendors saw advantages to include ‘Ethernet-compliance’ to allow for communication between security systems including those outside the plant environment. However, in the rush to market many vendors built ad-hoc versions of protocols that worked for the purpose at hand but did not include security. Now most industries with control systems are facing many pressures to both allow access to data and personnel and to secure them. There are many forces pushing these opposing trends including data access to enable business decisions, vendor access for process improvements and advanced control exercises like loop tuning and alarm management. However this increasing need for access is further diluting the security of many of these systems and is putting many process control environments at risk. In some industries this is more of a nuisance than anything, but for most industries a loss of control over your process can mean a serious safety threat. As one noted security professional who works for a major refinery once pointed out, “our industry is one such that a loss of access or control over our systems usually means someone dies”. Regardless of the potential harm, any industry with little or no security in and around their control system will at least lose production for some time. This can translate into re-work, overtime, environmental release, and other intangibles such as competitive edge, investor confidence and potentially the ability to stay in business. The new push for control systems is to try to balance the two opposing trends: Access and Security. And the pressure is coming from many angles. Increasing market competition means that most industries are ‘pushing the envelope’ to run faster, more efficiently and with less downtime. This means more outside ‘tuning’ and better visibility into production from specialized experts who may not be physically at the site. The advancing age of the workforce in general means many C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 2. industries are automating more control of their assets and expecting the same staff to manage & optimize more resources thereby increasing their reliance on computers. The scope of the term ‘security’ often seems vague and the sheer volume of effort and areas of concern this may represent can be overwhelming. However, this need not be the case. In looking at a number of security frameworks or standards a common theme emerges that is quickly being adopted as a holistic and effective approach to security. This approach combines efforts and initiatives that go far beyond the purchase and deployment of technology. Different initiatives offer different sections, headings and names for each of their areas of concentration but in the end, all efforts can usually be summed into three (3) foundational areas: People, Processes and Technology. The priority of developing a security philosophy is needed in essence which will in turn foster a security culture. Before beginning any security program or initiative your organization must first adopt a security philosophy. A security philosophy will sound different for each company, industry and region in which it is created but there are some basic requirements that all security philosophies must have. Underpinning all efforts within organizations one must first have a security philosophy and always work towards creating and maintaining a strong security culture or your momentum will be lost. What we call security surveys and security audits are basically ‘outsourced introspections’! Such exercises are required to focus on following areas -  What are the policies and standards we currently have?  How well are they implemented?  What issues / problems do we have?  What requirements apply to our industry?  Where do we need to be from a security perspective?  How will we change / improve the situation? There is no "standard" standard. It is not a cliché. In fact there are no set standards in India so far as security systems and gadgets are concerned. There are no governing / regulatory bodies and industry itself has failed to develop its own self-regulatory mechanism as developed by films industry, broadcasting and media industry or the IT Education Industry. In UK BISA is watchdog which sets standards for security guards, supervisors, pub bouncers, front man etc. BISA is also setting the training and education standards for security personnel. Similar initiatives are undertaken by ASIS in USA. Knowing which standard to choose and what your obligations are as a result of that choice, is key first step in managing compliance. Some industries and organizations are required to meet security standards established by laws or regulations. While buying the security systems or gadgets, security professionals need to first understand the technology and also what can be done with it including its limitations. The shelf life of a system or gadget is directly related to its technology – which is changing very fast. Today what is current and ‘the thing’, may not be C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 3. maintainable / repairable in a very short time. A system must have longevity of at least 6-10 years with on-site repair condition. Thinking that technology can solve all the problems means that either you do not understand the technology or you do not understand the problem! The first premise is quite simply that security is important to the organization. This means the decision makers, the owners and operators of the systems, the support staff, the consultants, vendors, site staff, in short everyone, understands that keeping your facility secure is in everyone’s best interest. This is no different from the importance placed on safety. More often than not, an industrial facility has a long history of always trying to raise safety awareness and tried to educate everyone as to why safety is important. Every employee, contractor and visitor onsite needs to have safety orientation and updated each year. This also needs to happen for security, and can be integrated into safety programs. Without rank and file team members who understand their role and the importance of their actions (or inaction) at your site, you will not succeed in securing your facility. It is a harsh reality but the simple fact remains that your internal, trusted employees have the greatest opportunity to cause or create a security breach intentionally or otherwise. In other words, your security program is only as effective as your least informed employee. More often than not, many organizations see security programs or initiatives as projects that have a defined start, finish and cost. This may be the case for a particular component of your on-going security efforts, but true, lasting security is an on-going initiative. This is quite simply due to the fact that security concerns are brought about by technology - and technology keeps changing! What was a threat yesterday or last week may be fixed by your current security plans, but the next threat coming will not be as deterred. Less than 5 years ago USB keys or ‘thumb drives’ were an emerging fad. Today they are sold more cheaply than ever, are capable of huge storage capacities and require little or no knowledge of specialized applications or programs for using them. This was not a concern a few years ago. Unfortunately your security program is only as effective as it is current. This topic is the basic premise on which your security philosophy needs to be built. As mentioned earlier, your weakest link and biggest threat is your least educated employee. If you install security programs, risk management processes and a healthy business continuity plan or disaster recovery plan you are well on your way to securing your environment. However, if any of those efforts cause a change in the day-to-day business flow for your employees then you will need to explain to them why these changes are necessary. Too many times are programs implemented without the proper awareness training and education for the people whose daily lives are most affected? In these cases it is only a short time before the day-to-day users start to find ways around the new systems you just put in place thus negating your efforts. Think of a school computer lab where students are some of the most creative people at bypassing security because they do not understand or care about security. Your security program will live and die based on how well your employees receive and embrace it. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 4. The last and perhaps most important thing a proper security philosophy needs is the attitude of balance. In this sense the balance is between risk and reward as well as between effort and return. In order for your organization to move toward a proper security program you must first decide as an organization what level of risk you are willing to live with. Every change you make to your current environment towards security is going to cost something whether it is time, money, or access to your data. And no matter how you do proceed, there is a very good chance that you will still have some sort of incident at some point in time. A security incident can be catastrophic system failure, accident in process area or subtle inappropriate access to data or an IO room. The true measure of your security program will be in how well contained the incident is, how quickly you recover, and if you choose to learn and benefit from it. The day will come when a business need conflicts with a security best practices. Being prepared to deal with this situation will save time, money and aggravation. Every business has different needs and tolerance for risk. At some point, business needs may win out over security best practices. You need to have a process in place to allow the organization to:  Understand the risks being taken  Document these risks and their mitigating factors  Make and document an informed decision as to whether to accept a risk  Periodically review accepted risks to determine whether new mitigations are available and whether the risk is still acceptable Having a well-defined process to handle exceptions will allow your organization to deal with situations that fall outside of those anticipated when the policies were written. Hand your business managers a copy of typical standards and they'll probably end up using them – to prop up the short leg on the table in the break room. Business unit folks want security folks to provide them with specific instructions on how to make their systems and premises secure. Telling a business unit manager to "use two-factor authentication to protect critical information" or to tell them to “use ACS along with IDS on common platform” is not helpful. You need to provide your users with organization-specific tools, such as criteria for deciding whether information / facility is critical or not, and lists of tested and approved security solutions specifically tied to policies. Remember, policies are not instruction manuals. Policies are high-level statements of the intent of the organization. Specific information as to how to implement policy should be laid out in procedural documents. The key here is clarity and consistency. You should be able to put the C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 5. same procedural and policy documents in front of everyone in your organization and have them come to the same conclusions as to the security measures that are needed to meet the standard. If your organization has an Internal Audit department, these are good people to get involved in the process of developing measurable actions. After all, they will be doing the measuring of compliance, and their experience in other types of audits and standards is a valuable resource. Auditors have the structured approach needed to put this practice to work. If our friends in Washington or your state capital dictate your external standards, get your legal folks involved as well to insure that your measurements will hold up in court. Industry standards for security are not a cure all – and this is a good thing on the whole. While legislators and industry groups can tell us a lot about best practices and goals, it is up to the management and security professionals in our organizations to come up with the processes and procedures. Education remains an area of concern for security professionals. The perception is that professionals with army or police services are inadequately prepared to create secure environment and premises. One comment seemed to resonate with many: “If it’s fair to expect a journalism graduate to write with appropriate grammar, why can’t we expect ex-army / police officers to plan and execute good security measures?” This problem arises from a number of challenges, particularly the need to adjust curricula to meet the ever-changing technology landscape. Security is also an “eat your vegetables” topic that most security professionals rank low on their hierarchy of interests. The onus falls to employers and groups like ICISS / IPSA / BISA / ASIS / SAFE Code to inform training institutions of the need for candidates who are well trained in how to plan, execute and revise / review the effective security plans as per changing needs of varied organizations and industries that allow business to be conducted with assurance. Security is treated in most business and organizations as ‘cost center’ needing budgets for non-productive systems and plans. Security is also seen as burden which is evil yet essential. There are issues such as insurance, legal compliances, pressure from stakeholders etc. that meager budget is allocated to security department. Mostly security professionals are to be blamed for this misconception. It is good security that guarantees secured, hassle-free congenial work atmosphere where all production, operation and maintenance or marketing activities are conducted smoothly without fear or danger. No one can work; forget the best performance, if there are chances of attack by miscreants, theft of costly inventory or law-and –order problems inside the premises or at work-floor areas. Good security means good production, means higher profit! C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 6. Digital displays changed the approach of modern man towards time and especially towards wrist watches. Hitherto, time was seen but suddenly time was being read with digital watches. So, analog watches were replaced by digital watches even when for a short time. Since the need for analog watches remained and technology transition took time, a new genre of watches, called “Digi-ana” (Digital and Analog) was brought to the market. Similar technology driven changes were made in banking industry which greatly facilitated customers and also impacted security concerns. ATMs changed the ways banking is done! Since banks wanted to cut operational costs, they also wanted less and less customers coming to their branches for mundane banking activities such as cash withdrawal, balance inquiry or pass-book updates. ATMs were answer to all such needs and were found to be convenient, efficient and low cost. As Customers liked it, banks eagerly multiplied the number of ATM’s. Initially different group of credit cards were present, soon debit cards also joined the hustle-and- bustle and soon majority of ATM’s started accepting all leading brands of credits cards and debit cards of all leading banks. At this stage since foot falls per ATM increased, increased need of cash in ATM caused security concerns. The licensing authorities, regulators and police demanded effective security measures for ATMs, causing increased administration costs. Thus ‘banking-away- from banks’ became expensive propositions considering 24x7 operation and security needs. It is well studied forecast of changing trends in ATM operations that soon ATMs will remain just ATM without carrying name of any bank. All the transactions using credit / debit cards will carry transaction fees and operation and maintenance will be by some specialized agency other than the banks. Thus ATM operations will cater to varied needs of the customers and also incorporate directives of the regulator, licensor and the police. It is further envisaged that soon in India every citizen will have only one bank account against the present freedom of holding multiple accounts in multiple banks. This migration to ‘regulated bank account regime’ will go long way for effective e-governance and reducing black money as well as reducing tax thefts. In this emerging scenario; changing trends in security management will develop. Two major trends are foreseen-  Central Command & Control Centre  ATM Management Services. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx
  • 7. There have been pioneering services started by few leading companies in Metro cities where under command and control center have been established by them with the trained manpower and sufficient resources with Quick Response Teams, to take care of specific need of clients. The clients’ CCTV and other alarm system are maintained and monitored, notifying the pre-identified authorities, mobilizing the resources to mitigate the alarm situation and prepare post-event reports. Since this area of specialized service has just opened-up, there are not very many players and standards are non-existent. C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx So far as ATM Management Services are concerned, the direction and decision of the Government will decide the shape this segment is to take. Early indications are that Central Government is seriously thinking of providing a bank account to every citizen of India linked with Aadhar and or National Citizenship Card. The citizen will have a choice for selecting a bank. Electronic transactions will be favored or rather encouraged. Instead of going to the banks, the customer would be led to ATMs where any type of card from any bank will be acceptable. For each transaction the concerned bank will charge fees from customers, part of which will go to franchisee running / maintaining the ATMs. Thus new service segment will emerge which will offer range of services including congenial and secured environment where customer would prefer to have ATM transaction, cash transportation to feed ATMs, security of machines and the facilities and up keep and maintenance of ATMs. All the gamut of services related to ATMs will be preferred to be provides by one services provider. Thus, it can be seen by above that soon there will be two specialized services sectors emergency in broad area of security management for which niche is already created. Some pioneer work has already been done and industries thought-leaders have already begun the initiation to shape-up this segment further.
  • 8. London: Al-Qaida terrorists have found a way to turn smartphones – especially iPhones and Samsung Galaxy handsets – into explosive devices and intend to explode them on commercial flights, it emerged on Friday. Britain has tightened security in airports across the UK after receiving credible evidence from US of a “possible al-Qaida terror”. The threat is “Different and more disturbing” than previously attempted techniques including explosives hidden in toothpaste, shoes and ink cartridges. US officials said that smartphones will be used as ‘stealth bombs’. UK has also been informed that explosive makers from Yemen-based al-Qaida have discovered how to turn the phones into explosive devices which are extremely difficult to detect. British airports, including Heathrow and Gatwick, have now decided to put in a second layer of checks at departure gates. The key suspect is Syria based Jabhat al-Nusra, who has joined hands with members of al-Qaida in Yemen. Beijing: Chinese scientists have developed a mini-camera can scan the crowd for highly stressed individuals, in a bid to prevent suicide bombing, media reports said on Tuesday. A research team led by Chen Tong, associate professor at South West University in Chongqing developed a ‘stress sensor’ that can help the police to spot suicide bombers by capturing the stress levels of people, Hong Kong-based South China Morning Post reported. “The sensor measures the amount of oxygen in blood across exposed areas of a body, such as the face. The higher the mental stress, the higher the blood oxygenation,” it said. “The readings of the device may not be always reliable. For example, with enough practice, a person can learn to control their heartbeat,” the report added. The technology comes amid heightened fears the country witnessed brazen terror attacks by native Uygur separatists in the northwestern Xinjiang region recently. Talking about the functionality of the device, Chen said that “officers looking through the device at a crowd would see a mental ‘stress bar’ above each person’s head and the suspects highlighted with a red face”. “Laboratory tests of the technology had yielded encouraging results,” Chen added. ICISS at LinkedIn: http://www.linkedin.com/groups?gid=4413505&trk=hb_side_g ICISS at Google Group: https://groups.google.com/forum/?fromgroups#!forum/icissm Suggestions & feedback may be sent to us on e-mail: onlineicissm@gmail.com P.S. - If you don't like to receive our newsletter, we apologize for bothering you. Please let us know your mail address and we will move it out from our contact list, thank you! C:UserssbtyagiDocumentsICISSNews Letter Sept 14.docx