Having been fortunate enough to work for a security company like Tripwire for a number of years, I’ve had the privilege to work with different teams in different verticals across the world. I am still amazed at how many organizations see security differently.
Some spend lots of time focusing on physical security, especially those with industrial control systems. Others are small one-man organizations that are worried about their personal data being stolen. And then there’s everything in between the two. The one great thing that I can say is that at least everyone is now talking more about security in some form.
Having dealt with all these different areas/verticals/geos, I’ve found that the end goal is usually the same for each entity, with the problem of understanding boiling down to language or some industry-specific phrasing.
A good example of that would be someone from the ICS world referring to their log management solution as the historian whereas someone in the commercial vertical knows it as a SIEM. Fundamentally, they do the same thing in gathering up all the activity or log data from devices to be forensically stored/analyzed at a later date.
Over the years, I have been trying to bridge the gap of industry jargon to try and explain that even though things might be known as something else does not mean it will provide a different function. The best way I have been able to overcome this is by using analogies.
Although there are a lot of areas that ‘security’ can play in from things like software, hardware or even physical access, below are four areas of security concerns that all organizations should maintain or at least adhere to (at a minimum).
This refers to the consistent management or awareness of devices within an organization (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Dean Ferrando. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/defense-depth-layers-ics-security/
Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…
This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…