Dean Ferrando, Lead Systems Engineer (EMEA) at Tripwire, offers four foundational principles of cyber security which may sound almost too obvious, but are the groundwork on which any other security measure should be built on.
Some organizations spend lots of time focusing on physical security, especially those with industrial control systems (ICS). Others are small organizations worried about their personal data being stolen. And then there’s everything in between the two.
While the end security goal is usually the same for each entity, problems of understanding often arise in security conversations that boil down to differences in industry-specific language phrasing.
A good example of that would be someone from the ICS world referring to their log management solution as the historian, whereas someone in the commercial vertical knows it as a SIEM. Fundamentally, they do the same thing in gathering up all the activity or log data from devices to be forensically stored and analyzed at a later date.
One of the best ways to overcome this is using analogies in security conversations when the need arises. Below are four examples that all ICS organizations should maintain or at least adhere to (at a minimum).
Also of interest: A guide to DNS Search Suffix Wi-Fi attacks