The different levels of cyber security governance

0. Anything goes No policies, no procedures, no checking. Typical for everyday contractor access in the majority of industrial facilities. 1. Passing the buck Declaring others responsible for cyber security — end users, contractors etc. This is achieved by...

Harmonizing ICS Security and Compliance

During the SANS ICS Security Summit 2015 last week in Orlando, Mike Assante moderated a panel titled: Harmonizing ICS Security and Compliance. I shared the stage with Matt Davis from Ernst & Yong and Josh Sandler from Duke Energy. Based on comments from my...