Skip to main content

CIO Involvement in Operational Technology Vendor Risk Management Mitigates Security Vulnerabilities

Accountability for risk management of operational technology vendors is often unclear, but IT components imbedded in OT can potentially disrupt critical production processes. CIOs must get involved to help mitigate the immature software life cycles and security management processes of OT vendors.
Table of Contents
·         Analysis
o    When Should a CIO Consider Getting Involved in Managing OT Vendor Risk?
§  Key Intrusion Examples
·         Impacts and Recommendations
o    OT vendors lack experience in addressing software life cycle and security management processes, and consequently introduce vulnerabilities to enterprises — CIOs are uniquely positioned to help manage these vendor risks across the entire IT/OT spectrum
o    Issues around authority, organizational boundaries and lack of trust between CIOs and operations/engineering team leaders prevent enterprises from adopting standardized vendor risk management practices across the IT and OT vendor ecosystem
o    Due to a lack of sharing, transparency and accountability among CIOs and operations/engineering team leaders, many common OT vulnerabilities are unknown to the enterprise and remain unmonitored — and could have potentially devastating consequences
o    Many OT vendor risk management programs are either nonexistent or too immature to enable CIOs to adequately and effectively mitigate enterprise-class vendor risks
·         Gartner Recommended Reading





Comments

Post a Comment

Popular posts from this blog

LinuxGuruz Netfilter IPTABLES Firewall Page

The Netfilter Project Homepage http://www.netfilter.org Source Code Userspace code (tar.bz2) http://www.netfilter.org/files/iptables-1.3.0.tar.bz2 FAQ Netfilter/Iptables FAQ http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html Firewall Forensics (What am I seeing?) FAQ http://www.robertgraham.com/pubs/firewall-seen.html Network Intrusion Detection Systems - IDS http://www.robertgraham.com/pubs/network-intrusion-detection.html Sniffing (network wiretap, sniffer) FAQ http://www.robertgraham.com/pubs/sniffing-faq.html Linux IP Masquerade FAQ http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/ Firewall Admins Guide to Porn FAQ http://www.robertgraham.com/pubs/firewall-pr0n.html Hacking Lexicon - hacking dictionary http://www.robertgraham.com/pubs/hacking-dict.html Submit a FAQ Link or URL http://www.linuxguruz.com/iptables/#links Scripts Home LAN masquerading http://the-devil.dnsalias.net/home/extremist_MASQ Home LAN ip6t...
Post a Comment
Read more

ESS

ESS is uniquely qualified to help you secure a new era of computing with: ·          Intelligence  – Enterprise security portfolio, with our expert field professionals, are unmatched in their ability to provide the deep analytics needed to ward off the wide range of threats ·          Integration  – Solutions and services systematically integrate both new and existing security capabilities, giving critical visibility, providing comprehensive controls, and reducing complexity ·          Expertise  – Expertise stems from our hands-on professionals and researchers whose know-how is built into our products and services, provided through real-time client feeds and embedded in our professional engagements
Post a Comment
Read more