Monday, June 30, 2014

Get Schooled on ICS Sec by SANS at SERC in Charlotte

Here's the facts, just the facts:

Legendary cyber training institute SANS has joined forces with industry leaders to equip security professionals and control system engineers with the cybersecurity skills they need to defend national critical infrastructure.

Course name: ICS410 -- ICS/SCADA Security Essentials 

Course description: ICS410 provides a set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

The discount: Receive a massive 5% off with discount code: SANSICS_SGSB5

Venue and date: SERC Reliability Corporation, July 14 – 18 in Charlotte, NC

Friday, June 20, 2014

Calls for Enhanced Enterprise Security Governance Starting to Steamroll

Though I've been approaching this issue from a sector-specific perspective for years, lots of what's been in the news lately (and I mean lately) is intended for all technology-enabled sectors. Which pretty much means every business and every organization that intends to maintain consistent and reliable operations in the near and mid-term future.

First off, and with origins that predated the Target breach that's credited with generating most of this activity, was DOE's Energy Advisory Committee giving thumbs up in May to a paper on this topic on Security Governance. It proposes that DOE pursue potential upgrades to how energy companies organize and run themselves from a security perspective. Titled: EAC Recommendations for DOE Action Regarding Implementing Effective Enterprise Security Governance - Outline for Energy Sector Executives and Boards, among other things, this paper lists the following "Characteristics of Effective Security Governance":
  • Clearly defined responsibilities from the board of directors to senior leadership to employees 
  • Presence of an active Security Governance board comprised of senior stakeholders from across 
  • the company 
  • An executive owner of enterprise security: with purview over IT, OT and physical security policy designated CSO or similar 
  • Striving for 100% alignment with of security with business/mission 
  • Using measurement of key indicators to increase awareness and drive improvement (with 
  • maturity tools like DOE's ES-C2M2