Integrated approach to security

 To address the huge geographic, organizational and technical differences in their networks and visibility, utilities must continue to adopt an integrated approach to security (see the column “A cyber security vision for a Latin American company with essential infrastructure”). Due to the pace and breadth of today's threats, it is unwise to allow organizational compartments to slow down detection, reaction and response.

A vision of cybersecurity for a Latin American company with essential infrastructure.

Concessionaires must continue to think critically, from the point of view of both the organization and the people, on how to deal with organizational silos that may, for valid business reasons, have very different requirements and indicators. This includes defining an agenda and standards for the cybersecurity program that can be used and implemented in even the most disparate business units, thus avoiding situations where one business unit implements cutting-edge protections while another remains unprepared for lack of resources or sense of urgency.

Know more: managed vs unmanaged switch

At the tactical and operational level, we have found that organizational design works best when the security organization's teams have visibility - if not decision authority - with respect to all IT and TO networks and architecture, allowing them to detect and communicate trends that can be indicative of a coordinated attack. A Latin American oil and gas company recently appointed safety advocates in factories and facilities, with a mission to be aware of security risks in IT and TO environments.


From the CEO to the ranks below, employees must continue to listen to coherent and aligned messages that emphasize the idea that safety is everyone's responsibility. While the appointment of a security advocate can create a point of responsibility for security, companies must make it clear that it is a shared responsibility.

Comments

Post a Comment

Popular posts from this blog

International English Language Testing System (IELTS)

 It has existed for almost 30 years and is one of the most widespread tests around the world. It aims to test a candidate's level of communication in English using four language skills with a real context: oral interpretation (30 minutes), text interpretation (60 minutes), writing (60 minutes) and conversation (15 minutes). Developed by the British Council in partnership with the University of Cambridge, it is applied in 16 cities in Brazil. See more:  Amazon Saheli Quiz Answers The score ranges from 0 (most basic) to 9 (most advanced). The score required by universities varies widely. However, there are reports that renowned institutions require a score higher than 8. It is also important to say that IELTS is applied in two formats: academic and general training. The academic is aimed at those people who are looking for opportunities to study master's, doctorate and postdoctoral studies abroad. General training, on the other hand, is focused on those who seek professional impr
Read more

Prevention and Recovery: How can security tools help?

 Heavy rains, floods, landslides, devastating fires, blackouts that left an entire state without electricity. Unfortunately, the list of disasters that occurred in Brazil during the year 2020 is long. Disasters appear unexpectedly, generating terrible results and, often, irreversible damage. Within a company's scenario, it is not much different. Just as nature is subject to disasters and risks, so are companies. Therefore, information security works to protect data and information within the business environment, through tools and actions that act in the prevention and recovery of data in disaster situations. In this article, you will understand how security tools can help in a disaster scenario, and why it is important to have complete and continuous actions to protect your company's data. There are two reasons why people underestimate threats and risks: ignorance and minimizing results. Although we are in the information age, the significant increase in the cost of data leaks
Read more

How to increase visibility and mitigate risks in the corporate network?

 Corporate networks are changing rapidly as companies embark on Digital Transformation, expanding on the Cloud, incorporating IoT devices and increasing wireless access. All of this increases the attack surface, making the environments more complex.  Protecting this new environment and blocking more sophisticated and intelligent cyber threats has been a major challenge for IT. Therefore, it is necessary to invest in tools capable of giving quick and accurate responses to any type of attack. The problem is that, as the context and visibility are compromised by the complexity of the environment, the IT team ends up having trouble screening many alerts at the same time.  As a result, response times are delayed and teams are often unable to accurately screen all alerts, allowing potential threats to go unnoticed. To deal with this new reality, companies need robust and efficient protection solutions, such as Gigamon's ThreatINSIGHT. It is the cloud's first native high-speed network
Read more