Hello and welcome to my personal account. Click the link below to take you to my All About Me page.
Protecting Availability
As a CISO for a publicly trading company I believe having a strong DDoS system in place could help because it counters and defends against threats aimed specifically for network attacks. Trading companies could risk attacks that could intentionally overload the servers. Another protection is just developing security compliance programs and establishing security metrics.
SCADA Systems
The purpose of SCADA Systems is monitor and control complex systems like power grids and
water plants from one central location. Systems this complicated may experience complications
and vulnerabilities such as outdated technology or network security. Below we will explore some
of the vulnerabilities.
SCADA Vulnerabilities
Cybersecurity Vulnerability: The security vulnerability has come into question because they
are possibly prone to cyberterrorism and cyberwarfare attacks.
Network Vulnerability: It is believed that if SCADA systems aren’t connected to the internet
than it is safe from cybersecurity attacks. These systems were created prior to the creation of
the worldwide web resulting in the low security protocols.
Physical Security Vulnerability: SCADA systems are monitored and controlled physically,
which can result in destruction of the system with extreme consequences. Anyone can sabotage
the system including insider threats.
Mitigating Risk
There are a few tactics that are taken to combat these vulnerabilities. Cybersecurity measures
should be increased to lower the risk of an attack on the systems. Things such as modernizing
the asset so that the asset may be better protected. Also, implementing things like VPNs and
firewalls can help prevent unauthorized access to the system. Network vulnerabilities can be
combated with RBAC. These controls limit access to everyone in the network, allowing those
with a need to know to do their jobs. Lastly, Physical Security can be fixed by establishing a
access protocol like having a badge to scan in data farms or areas SCADA systems are located.
In conclusion, it is vital that we keep up with the safeguarding of data systems like SCADA.
Discovering the correct solution to each possible risk is mandatory in system security.
The Human Factor in Cybersecurity
As a CISO, balancing the perfect tradeoff between training and cybersecurity technology is vital
to a productive corporation. Below is how I would allocate my limited funds.
I chose to allocate my funding in percentages to avoid naming an actual amount for my funding.
I truly believe investing in cybersecurity technology is slightly more important than training. I’d
allocate 70 percent of my funding to Cybersecurity Technology. As a CISO it’s important that
our data is safe guarded properly and the technology it takes to do these things can sometimes
be pricey. This technology goes as far as protecting the network with Network security ensuring
strong firewalls and IDS are applied. Also preventing attacks on our data security by implanting
strong data encryption for our sensitive information.
Next, I would allot the remaining 30 percent to company training. You are only as strong as your
weakest person. If a company purchases millions of dollars in cybersecurity technology, it
means absolutely nothing if employees are ignorant to the risk they are faced each day.
Employees are constantly targeted with phishing attempts for example. If employees are trained
to recognize these sorts of attacks, it would decrease the company’s vulnerability.
In conclusion, I believe this approach would best suit any company allocating funds among
cybersecurity technology and training.
