Security Technology Executive

SEP-OCT 2018

Issue link: https://securitytechnologyexecutive.epubxp.com/i/1030460

Contents of this Issue

Navigation

Page 19 of 59

20 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2018 • www. SecurityInfoWatch.com COVER STORY The new converged standard would assess an organization's overall practices, breaking them down into four categories with a rating using CMMI or Carnegie Melon Maturity Index for each on the NIST framework. The categories would include busi- ness processes, technology, compliance and behav- ior. Technology would include ratings for both ven- dors and products, with detailed insights into their standards and practices. For Compliance, each rel- evant regulation would need to be addressed by an installed solution, which would have to be properly functioning to meet specific goals. The rating for Behavior, which would evaluate how well the orga- nization addresses weaknesses and risks in the first three categories, would rise or fall over time with each improvement or breach. Within this new model, every stakeholder within an organization will have visibility to risks and inci- dents, along with a clear understanding of how they might impact each area of operations including their own, no matter where they come from. It is truly the future of security, bringing together management of every area of business, critical infrastructure, munici- pal safety and more. The key to this is the connectivity of vulner- abilities and threats to business risk and aligning assessments to the neck of the funnel so a true understanding of the overall security liability is seen. From the power grid to traffic lights, IoT to cybersecurity, access control to door solutions, it will include management and oversight of all networked devices. Rarely does an incident occur without numer- ous indications of some kind leading up to it; how- ever, without the ability to correlate seemingly unre- lated actions, the significance of each can easily be lost. In a converged system with the intelligence to recognize the early formation of a kill chain, these actions can be identified at an earlier stage and a preventive response can be mounted. Further, the ability to gain insight after the fact into some of the weaknesses that led to the attempted incident is a vital first step to implementing new measures to prevent future issues. Looking to the Future This new converged standard is a very complex and detailed concept. Developing the technol - ogy behind it and building the systems cannot be accomplished quickly; currently, the goal is a release date of late 2018 or early 2019. Once created, this must be presented to a public forum to discuss the weighted questions and answers. Additional time will be needed to train users on the technology, which at the beginning will be somewhat complicated – much like the way in which early computers required users to have a higher understanding of programming languages than is needed now. In time, more of the processes will be automated and the onboarding will be faster and easier for all users, helping to spread the use of this breakthrough concept. Bringing this new standard to a typical organiza- tion end-user, it makes for a compelling case. The installation of any new product or solution – whether it is turnstiles, an HVAC system, HR software or an IP phone system – can be made with the peace of mind knowing where it fits within this new con- verged standard. The organization itself is better able to communicate, integrate and collaborate. Risk assessments can be made with full visibility into all aspects of the organization and the understanding of how they work together to prevent issues. Ulti- mately this will not only shield from liability, it will also help to reduce costs such as insurance, improv- ing the financial position of the organization as well. The evolution of networked systems, AI, and the IoT have led to a virtually endless array of new technologies – many bringing incredible benefits to individuals and society, others created by those who use their expertise to commit crimes and cause mayhem. As an industry, we must take the lead together in leveraging our capabilities to maintain a safe, secure and strong environment in which tech- nology can flourish. About the Author: Pierre Bourgeix is President of ESI Convergent in Cleveland, Ohio. ESI Convergent is a management consulting firm focused on helping companies assess and define the use of people, process, and technology within the physical and cyber securit y arena. The company was formed to not only help end users but also manufact urers in defining the proper strategy to drive products successf ully into the marketplace. As a thought leader in the Securit y Industry, Bourgeix has helped companies successf ully launch and position products and solutions globally. He is also an Enterprise Consultant Manager for Boon Edam. FIGURE 3: The ideal situation is to converge the security silos and achieve a "single pane of glass" where any/all threats hitting any of the IT, OT, PS or IoT areas are identified readily and rebuffed. This closes the "leaky gut " in an organization that was present before when security was in silos.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2018