Moving Beyond Technical: Use Security Governance Strategies to Integrate Security with the Mission

If like me you've come to the conclusion that a tech-centric strategy can only get us so far in energy sector cyber risk management, then you might want to see some of the source materials I've come across in my explorations.

The two I'll point to in this post are from Carnegie Mellon University's CERT program and PricewaterhouseCoopers' cybersecurity consulting practice.  What they have in common is that they are both several years old.  This is not VC or DARPA-funded cutting edge stuff.  It's human behavior stuff, and as such, it's not on an upgrade path anything like iOS, Android, or "Next Generation" firewalls. But neither are these concepts rapidly deployable, as you'd be hard put to find them put into practice widely at many utilities in 2013.