The typical information/cybersecurity specialist seems to be overworked and this is especially true in the OT/industrial environment where there are even fewer qualified people available. Are there any guidelines or suggestions on what is a reasonable amount of people to dedicate to cybersecurity in general and maybe more specific to the industrial/OT environment?
This is a question that is hard to answer considering all that is involved in cybersecurity practices in organizations. And, as you mentioned, OT makes that even a bit harder. This may be a question for Mr. Andrew Ginter and his colleagues at Waterfall Security. Of all of the OT experts that I have encountered, his approach to OT has informed me the most. You can find more information on him here: https://waterfall-security.com/company/management/.
When it comes to the hiring aspect and obtaining more qualified people, I would suggest an organizational assessment (OA) to evaluate the current organizational needs and proper alignment. Is there high turnover currently? Is retention stable? An OA would be able to help determine the approach.
Finally, one other thing that I would note from a personal perspective. All organizations need to ensure that when they post cybersecurity roles, they are up-to-date and detailed. My organization has experienced quite a few turnovers because job descriptions are in no way close to matching the actual work being performed. This makes a difference if you want to rely on the best people in the best roles.
Hope this helps,
Dr. C.L. Benjamin
Dear Cobus Pool,
Take a look at the sources below:
https://cloudsecurity.cisco.com/secure-endpoint/executive-summary-2021-security-outcomes-study-endpoint-lp?utm_medium=search-paid&utm_source=google&utm_campaign=AMP_22Q3_NA_EN_GS_Nonbrand_Security&utm_term=pgm&utm_content=AMP-FY21-Q4-Content-Analyst-Report-Security-Outcomes-Study-Endpoint&_bt=548025611019&_bk=company%20cyber%20security&_bm=p&_bn=g&_bg=118999914214&gclid=Cj0KCQjw3IqSBhCoARIsAMBkTb0WDhdWn0g5wRhSRCB6b8HZ1Zan3QV_Huly9T9ggL2SOfBtBiHZeVgaAtPpEALw_wcB
https://www.nuspire.com/resources/q4-and-full-year-2021-threat-report/?utm_medium=ppc&utm_term=security%20cybersecurity&utm_source=adwords&utm_campaign=Cybersecurity&hsa_ad=590030699746&hsa_ver=3&hsa_acc=8573664582&hsa_grp=121785560091&hsa_net=adwords&hsa_mt=p&hsa_src=g&hsa_kw=security%20cybersecurity&hsa_cam=12024326777&hsa_tgt=kwd-966686835069&gclid=Cj0KCQjw3IqSBhCoARIsAMBkTb0YIXQwDfj0227-MKsvCpe-pyhET6wKgtZKW6_2uopS5zSf9M__ySsaAlnnEALw_wcB
Dear Cobus Pool,
Some additional info is presented below:
How do you write a cybersecurity strategy?
How To Develop An Effective Cyber Security Strategy
What are the 5 types of cyber security?
Cybersecurity can be categorized into five distinct types:
- Critical infrastructure security.
- Application security.
- Network security.
- Cloud security.
- Internet of Things (IoT) security.
What are five key elements of a cybersecurity strategic plan?
5 elements to include in a cybersecurity strategy for any size business
- Understand the difference between compliance and security. ...
- Make data security everyone's responsibility. ...
- Know your enemy. ...
- Account for the roles of your cloud vendors and ISPs. ...
- Have a plan for if you are breached.
What is a security strategic plan?
The purpose of a strategic plan for security is to provide management with the necessary information to make informed decisions about investment in security. The strategic plan links the security function with the business direction.
What are the 3 types of mitigation cybersecurity?
Cybersecurity risk mitigation involves the use of security policies and processes to reduce the overall risk or impact of a cybersecurity threat. In regard to cybersecurity, risk mitigation can be separated into three elements: prevention, detection, and remediation.
What are cyber security tools?
Cyber Security Tools
- Firewalls. As we know, the firewall is the core of security tools, and it becomes one of the most important security tools. ...
- Antivirus Software. ...
- PKI Services. ...
- Managed Detection and Response Service (MDR) ...
- Penetration Testing. ...
- Staff Training.
What are the 4 types of online security?
What are the different types of network security devices and tools?
- Access control. ...
- Antivirus and anti-malware software. ...
- Application security. ...
- Behavioral analytics. ...
- Data loss prevention. ...
- Distributed denial of service prevention. ...
- Email security. ...
- Firewalls.
How do you make a cybersecurity roadmap?
Here are five steps to creating your organization's cyber security roadmap.
Dear Cobus Pool,
One more important document:
https://www.dhs.gov/publication/dhs-cybersecurity-strategy
Hello Cobus Pool
That is a really interesting question and I think this link would help in answering it:
https://www.rasmussen.edu/degrees/technology/blog/cyber-security-job-titles/
Best regards
- Badges
- Science topic
- Similar topics
- Biological Science
- Bioecology
- Systems Ecology
- Landscape Ecology
- Connectivity