Maintaining the security of Supervisory Control and Data Acquisition (SCADA), Distributed Control (DCS) and other Industrial Control Systems (ICS) is getting harder. And as the internet of things grows, and everyday devices incorporate more and more communications capabilities, vulnerability to compromise increases.
• More solutions needed by control system owners
• Bridging the IT / CISO / SCADA engineer gap
• ICS specific contingency planning
• Inside the mind of the SCADA hacker
• The public sector’s role in SCADA attack and defence
• Implementing security in business critical systems
Much of what passes for security is still reactive. Each new threat requires a specific response. But new approaches are changing this. Big data, using the network as the sensor and artificial intelligence are moving cyber‚ security towards the idea of immunization rather than taking a pill for every symptom.
• Science-based enterprise-wide approaches
• Quantitative value-based protection
• Getting the CISO out of IT and in front of the C-suite
• Integrating the supply chain and business partners
• Embedding security in the systems development life cycle
• Using cyber-risk analysis to boost the bottom line
Outdated legacy systems are at the root of much of the vulnerability of networks and the data that resides in them. But replacement, especially in industries such as banking and insurance, is so expensive and disruptive that it is not a short-term option. A transitional approach must be taken. So how can companies secure these systems in the meantime?
• Legacy systems: a risk management problem not an IT problem
• Costs versus benefits: is replacement really too expensive?
• XML-based web services, middleware technolog y and portal frameworks
• The use of virtualisation to free legacy software from legacy hardware
• Dying skills: finding people who understand the old and the new
The latest public and private initiatives help maximize the efficacy of efforts to combat cyber crime. Companies in sectors that face similar threats, firms and their clients, the private and public sectors - all must work together to defeat cyber attackers. What are the best ways to do this? What can you learn from those already doing it?
• Peer-to-peer intelligence gathering and sharing
• Sharing cyber intelligence with national and international law enforcement agencies
• Facilitating public and private sector dialogue
• Planning for attacks on critical national infrastructure
• Bridging the gap between government and business on issues of future regulation and policy
• The latest developments in the financial services sector
Risk managers need to have a deep understanding of what cloud computing is and how it alters vulnerability. While there are many advantages to adopting the cloud, there are also many risks and having a comprehensive risk management plan in place is critical. So what practical steps for prioritising and mitigating risks can you take?
• Multi-tenancy: the physical security risks
• Isolation: costs versus benefits
• Change management in Cloud environments
• Ensuring transparency and the ability to audit
• Cross-VM attacks: should you be worried?
• How to strengthen your security posture