Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your organization take to optimize your current ICS cybersecurity program?

In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined term and could speak to a variety of different technology ecosystems with their own security considerations.

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy.

Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.

ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been.

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM) tools like Tripwire Enterprise (TE) to assist you on your Zero Trust (ZT) journey.

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives.

It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community. To finish the year off, I wanted to look back on some of my personal favorites. I’ve tried to include a mixture of different styles, topics and authors.

When mainstream cloud computing first began to appear on the horizon, (Amazon launched its Elastic Compute Cloud product in 2006.) many organizations were initially hesitant to entrust their most valuable data and processes to a technological innovation named after something that appears so delicate. Oh, how times have changed.

Honeypots are not a new idea. They have been part of the cybersecurity world for decades and have frequently gone in and out of “fashion” over that period. Recently, though, they have become an increasingly important part of vulnerability management. That’s for a couple of reasons. Honeypots offer real-world data on the types of threats that companies face, and they can be a powerful research tool in identifying specific threat vectors.