Andrea Vallavanti, profile picture
Uploaded byAndrea Vallavanti
PPTX, PDF689 views

HUMAN FACTOR AND IT/OT CORRELATION

The document discusses the convergence of Information Technology (IT) and Operational Technology (OT), emphasizing the need for improved alignment and shared standards to enhance cybersecurity and reduce risks in various industries. Human factors are highlighted as a significant concern in security incidents, with human error accounting for 95% of incidents, thus underscoring the importance of training and awareness programs. The role of CIOs is evolving to lead the exploitation of business assets across both IT and OT systems, promoting a holistic approach to security management.

Embed presentation

Downloaded 17 times
HUMAN FACTORS AND IT-OT CORRELATION Andrea Vallavanti ICT Manager
DEFINITIONS The entire spectrum of technologies for information processing, including software, hardware, communications technologies and related services. In general, IT does not include embedded technologies that do not generate data for enterprise use. Is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.” IT OT
EVOLUTION AND INTEGRATION OT OT +IT 80 90 2 k NOW
IT AND OT CONVERGING TRANSPORTATION OIL&GAS HEALTHCAREDEFENSE MINING UTILITIES MANUFACTURING
SECURITY/OBSCURITY AND STANDARDS A SHARED SET OF STANDARDS AND PLATFORMA ACROSS IT&OT WILL REDUCE COST OF SW MANAGEMENT ….WILL REDUCE RISK COME FROM REDUCING MALAWARE AND INTERNAL ERRORS CYBERSECURITY NOT ONLY IN IT POINT OF VIEW BUT IN A «HOLISTIC» IT OT SECURITY POINT OF VIEW ACCEPTABLE POLICY WITH MOST OF OLDER GENERATION OT PLATFORM NO NEED OF EXTERNAL CONNECTION IT IS NO LONGER RELY AND THIS MAXIM BECAUSE OT PLATFORM HAVE EVOLVED TO USE COMMERCIAL GENERIC INFRASTRUCTURE WITH EXTERNAL WAN CONNECTION
CIA TRIAD
HUMAN TREATH Failure of staff to understand new threats. Increased use of social media by staff. Failure of IT staff to follow security procedures and policies General negligence/carelessness with websites and applications. Lack of security expertise with websites and applications
EXTERNAL THREAT
WORKLIFE COMMON THREAT INFORMATION TECNOLOGY & OPERATIONAL TECHNOLOGY
IT & OT CONCERNS
COMMON GROUND Security Analisys with VA- PT . Highlight threats and remediation . Upgrade of firmaware and Sw and Integrity of the updates Idetifying & authenticating all devices within the system Define responsibilities and common rules of data interchange VA-PT have to be scheduled Awarness on threat for employee
NEW EMPLOYEE POLICY AND PROCEDURES
ENOUGH ??? EMPLOYEE HAVE A DEFINED A STRICTLY BOUNDARIES TO RESPECT OR IMPOSED BY AUTHOMATIC OR PREDEFINED RULES / HW EMPLOYEE EVEN IF TRAINED, NEED TO INTERACT DAILY IN DIFFERENT WAYS AND ONLY WITH A CLEAR UNDERSTANDING OF EXTERNAL/INTERNAL MENACE CAN BE AWARE SOMETIMES YES IF … SOMETIMES NO IF
SECURITY EDUCATION SECURITY ASSESSMENT REMEDIATION PHASE INCIDENT INVESTIGATION Policy Procedures Cybersecurity fundamentals Penetration Testing Impact of PEN TEST with Risk Analysis Threat analysis Incident Response Impact on business Fill the Gap Budget € CYCLE OF SECURITY
SOME BULLETS POINTS • INVESTING 76% LESS COMPARE THOSE WHO NOT RECEIVING TRAINING COMPANIES WITH PROGRAMS OF SECURITY AWARENESS • 50% OF PROBABILITY LESS OF INCURRING IN VIOLATION OF THE PERSONAL SAFETY COMPANIES WITH PROGRAMS OF SECURITY AWARENESS •ACCIDENTS DECREASE UP TO 80% •REDUCTION RANSOMWARE OF 50-60% •TRANSLATION OF CYBERSECURITY LIKE IT CONCET IN COMPANY CONCEPT •MEASURABLE RESULTS IN TERMS OF CYBERSECURITY AWARENESS GOOD CYBERSECURITY AWARENESS CAN DETERMINE
PLATFORM FOR TRAINING AND ON LINE SKILL COMPETENCE ANALYSIS Determine in depth the skills requirements relating to workplace. Skill assessment also in function of the role covered in the company TRAINING MODULE Anti-phishing protection, protection and data destruction, secure approach to social network , physical security, smartphone security, web surfing, social engineering, email security and PASSWORD SIMULATED ATTACK E-mail phishing personalized with different level of difficulty. Employee learn also through mistakes and dedicated module can be tailored to fill the gap ANALYSIS AND REPORTS Security campaign report by : group, type of device, office, location (industrial or office)
SIMULATION
WHATEVER IS THE EXTERNAL AWARENESS October Cybersecurity Awareness Month: Every Employee Should Be A Level Of Security National Cyber Security Awareness Month: Security Tips for Enterprises and Employees Top online safety practices for companies & employees – Cyber Security Awareness Month 2016
SUBJECTS INVOLVED Senior Manager Line Manager All Employee Security Officers Short training Impact on the business Motivational training Computer based on access training Cybersecurity culture assessment Leading to the light side
TOP – DOWN APPROACH Senior Manager Line Manager All Employee Security Officers TOP DOWN WHY ? • When top executives lead by example and participate themselves, key messages are understood to be important by the masses. Leading by example is key. • Budget €/$ • Make it simple …Stick to max three topics • You cannot use the same materials that you intend to use for the general population. Executives have concerns that are unique to their job function
OPTIMIZING CONTROL INVESTMENT Cost of controls Cost of impact Optimum level of control investment Increasing control Costs Company with limited security control suffer relatively more information security breaches Beyond a certain point it is important to balance additional controls costs vs Cost coming from security breaches We clearly should not invest in additional controls unless we are convinced they are truly cost- effective
REMIND THAT …. Employees make simple mistakes which places them in a risk . Human error is responsible for 95% of all security incident Lax email habits: opening suspicious emails – click through website where attackers can then phish for details Weak Password easy to hack after personal information shared No backing data up Poor security habit outside work. Unptched vulnerabilities & connecting to unsecure Wi Fi networks .
CONCLUSIONS WE MUST TACKLE THE HUMAN FACTOR AS WELL AS THE TECHNOLOGY PROACTIVELY MANAGING THE RISKS INVOLVES ASSESSING AND REASSESSINGALL THRETS , VULNERABILITIES ETC OVERALL INVOLVEMENT ON SECURITY TOP DOWN APPROACH THIS IS NOT A ONE- OFF «FIRE AND FORGET» OPERATION
THANKS ! Andrea Vallavanti – ICT MANAGER - Mail to: andrea.vallavanti@oltoffshore.it : : https://goo.gl/Kgnoya Federprivacy Member
"The relationship between the IT and OT groups needs to be managed better, but more importantly, the nature of the OT systems is changing, so that the underlying technology — such as platforms, software, security and communications — is becoming more like IT systems," said Kristian Steenstrup, research vice president and Gartner fellow. "This gives a stronger justification for IT groups to contribute to OT software management, creating an IT and OT alignment that could be in the form of standards, enterprise architecture (EA), support and security models, software configuration practices, and information and process integration."
IT and OT are converging in numerous important industries, such as healthcare, transportation, defense, energy, aviation, manufacturing, engineering, mining, oil and gas, natural resources, and utilities. IT leaders who are impacted by the convergence of IT and OT platforms should consider the value and risk of pursuing alignment between IT and OT, as well as the potential to integrate the people, tools and resources used to manage and support both technology areas. "A shared set of standards and platforms across IT and OT will reduce costs in many areas of software management, and reduced risks come from reducing malware intrusion and internal errors," Mr. Steenstrup said. "Cybersecurity can be enhanced if IT security teams are shared, seconded or combined with OT staff to plan and implement holistic IT-OT security. 'Security through obscurity' was an acceptable policy with most older-generation OT platforms because of their proprietary architectures and limited connection to IT. It is no longer possible to rely on this maxim, because OT platforms have evolved to use commercial generic infrastructures." With IT and OT converging, the scope of CIO authority may cater to the needs of planning and coordinating a new generation of operational technologies alongside existing information- and administration-focused IT systems. The key change for CIOs may be that their role moves from leading the IT delivery organization to leading the exploitation of the business assets of processes, information and relationships across all technologies in the enterprise — IT or OT, whether delivered, supported, or managed by the formal IT organization or elsewhere. "The intersection of IT and OT changes the relative importance of IT management disciplines for the IT organizations concerned. CIOs and other IT leaders need to evaluate and realign their roles and relationships to maximize the value of converging IT and OT," said Mr. Steenstrup. "CIOs have a great opportunity to lead their enterprises in exploiting information flows from digital technologies. By playing this role, they can better enable decisions that optimize business processes and performance."
• Governance • We'll help you build the Security Policies, Standards, and Procedures that form the basis of your security program. From there we'll address each aspect of your enterprise, helping you select and implement the most appropriate technologies, tools and products to achieve your security and business goals. • Security Engineering • Human Element will show you how to implement engineering processes using secure design principles. We have assisted commercial and Government organizations to effectively apply security engineering and evaluation models. First, we'll hep you define the most appropriate security controls for your information systems based on your risk, threat, and regulatory environment. Then we'll define specific security architectures, designs, and solutions to mitigate potential vulnerabilities. We have experience engineering web-based systems, mobile systems, embedded devices, cyber-physical systems, and cryptographic solutions as well as site and facility physical security.
• Governance • Security Engineering • Physical Security • Communications and Networks • Access Control - Identity and Access Management • Assessments and Testing • Security Network Operations Support • Application Security • Business Continuity and Disaster Recovery • Vulnerability Management • Intrusion Detection • Asset and Data Security • Human-Based Cyber Defense • Security Operations

More Related Content

PDF
Accelerating Operational Excellence with IT/OT Convergence
byPanduit
 
PDF
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
byEurotech
 
PDF
The Platform for the Industrial Internet of Things (IIoT)
byGerardo Pardo-Castellote
 
PDF
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
by360mnbsu
 
PDF
Eurotech and Red Hat collaboration simplifies Internet of Things integration ...
byEurotech
 
PDF
Apresentação Webinar industria 4.0
byRodrigo Mordenti Tutilo
 
PDF
Architect Your IoT Platform for Success
bySolace
 
PPTX
Exploring the Digital Oilfield 2016
byInductive Automation
 
Accelerating Operational Excellence with IT/OT Convergence
byPanduit
 
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
byEurotech
 
The Platform for the Industrial Internet of Things (IIoT)
byGerardo Pardo-Castellote
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
by360mnbsu
 
Eurotech and Red Hat collaboration simplifies Internet of Things integration ...
byEurotech
 
Apresentação Webinar industria 4.0
byRodrigo Mordenti Tutilo
 
Architect Your IoT Platform for Success
bySolace
 
Exploring the Digital Oilfield 2016
byInductive Automation
 

What's hot

PPTX
IoT Implementation and Security Best Practices
byKellton Tech Solutions Ltd
 
PDF
Davra IOT Solution -- Oil & Gas Remote Collaboration
bydavranetworks
 
PPTX
TechWiseTV Workshop: Cisco Digital Ceiling
byRobb Boyd
 
PDF
Smau Padova 2018 - Cisco
bySMAU
 
PDF
Industrial Networking Systems Secure Integration | Cisco & Polestar Case Study
byPolestar IIoT
 
PDF
Factors You Should Consider if Building an IIoT Solution
byLaird Connectivity
 
PDF
Steps to Scale Internet of Things (IoT)
byRafael Maranon
 
PDF
Attinad Software IoT offerings
byShafeer Badharudeen
 
PDF
Cisco io t for vietnam cio community 2 apr 2015 - split
byPhuc (Peter) Huynh
 
PDF
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
PPTX
Why is DDS the Right Technology for the Industrial Internet?
byReal-Time Innovations (RTI)
 
PPTX
Next Generation Infrastructure for Internet of Things
byPT Datacomm Diangraha
 
PDF
Stop Wasting Energy on M2M
byEurotech
 
PDF
Industrial Internet of Things in a Box
byEurotech
 
PDF
Industry 4.0 Security
byDuncan Purves
 
PDF
Internet of Everything: The CIO's Point of View
byCisco Canada
 
PPTX
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
byInductive Automation
 
IoT Implementation and Security Best Practices
byKellton Tech Solutions Ltd
 
Davra IOT Solution -- Oil & Gas Remote Collaboration
bydavranetworks
 
TechWiseTV Workshop: Cisco Digital Ceiling
byRobb Boyd
 
Smau Padova 2018 - Cisco
bySMAU
 
Industrial Networking Systems Secure Integration | Cisco & Polestar Case Study
byPolestar IIoT
 
Factors You Should Consider if Building an IIoT Solution
byLaird Connectivity
 
Steps to Scale Internet of Things (IoT)
byRafael Maranon
 
Attinad Software IoT offerings
byShafeer Badharudeen
 
Cisco io t for vietnam cio community 2 apr 2015 - split
byPhuc (Peter) Huynh
 
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
Why is DDS the Right Technology for the Industrial Internet?
byReal-Time Innovations (RTI)
 
Next Generation Infrastructure for Internet of Things
byPT Datacomm Diangraha
 
Stop Wasting Energy on M2M
byEurotech
 
Industrial Internet of Things in a Box
byEurotech
 
Industry 4.0 Security
byDuncan Purves
 
Internet of Everything: The CIO's Point of View
byCisco Canada
 
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
byInductive Automation
 

Similar to HUMAN FACTOR AND IT/OT CORRELATION

PPTX
Security of IOT,OT And IT.pptx
byMohanPandey31
 
PPTX
Comparing Operational Technology (OT) Security And Information Technology (IT...
bySophiaJohnson39
 
PDF
Building an Intelligence-Driven Security Operations Center
byEMC
 
PDF
CIA Trifecta ISACA Boise 2016 Watson
byPatricia M Watson
 
PDF
Key Challenges Facing IT/OT: Hear From The Experts
byTripwire
 
DOCX
The Ohio State Cyber Security Response.docx
bywrite5
 
PDF
Sonia randhawa speaks on cybersecurity and innovation
bySonia Randhawa
 
PDF
Pivotal Role of HR in Cybersecurity
byMatthew Rosenquist
 
PDF
Digitization
byBurraqITSloution
 
PPT
It Audit And Forensics
byJED Consulting Services LLC
 
PDF
Adapting for the Internet of Things
byTripwire
 
PPTX
NZISF Talk: Six essential security services
byHinne Hettema
 
PDF
Top 3 security concerns for enterprises
byTaranggg11
 
PPT
operational technology vs information.ppt
byahsonbashir
 
PDF
Strategies for Managing OT Cybersecurity Risk
byMighty Guides, Inc.
 
PDF
Operation: Next Summit Takeaways
byaccenture
 
PDF
Ten Expert Tips on Internet of Things Security
byDean Bonehill ♠Technology for Business♠
 
PDF
expert tips
byMcolisi Tineth Ngwenya
 
PDF
Internet
byhetal001
 
PDF
Secure by design
byArun Gopinath
 
Security of IOT,OT And IT.pptx
byMohanPandey31
 
Comparing Operational Technology (OT) Security And Information Technology (IT...
bySophiaJohnson39
 
Building an Intelligence-Driven Security Operations Center
byEMC
 
CIA Trifecta ISACA Boise 2016 Watson
byPatricia M Watson
 
Key Challenges Facing IT/OT: Hear From The Experts
byTripwire
 
The Ohio State Cyber Security Response.docx
bywrite5
 
Sonia randhawa speaks on cybersecurity and innovation
bySonia Randhawa
 
Pivotal Role of HR in Cybersecurity
byMatthew Rosenquist
 
Digitization
byBurraqITSloution
 
It Audit And Forensics
byJED Consulting Services LLC
 
Adapting for the Internet of Things
byTripwire
 
NZISF Talk: Six essential security services
byHinne Hettema
 
Top 3 security concerns for enterprises
byTaranggg11
 
operational technology vs information.ppt
byahsonbashir
 
Strategies for Managing OT Cybersecurity Risk
byMighty Guides, Inc.
 
Operation: Next Summit Takeaways
byaccenture
 
Ten Expert Tips on Internet of Things Security
byDean Bonehill ♠Technology for Business♠
 
expert tips
byMcolisi Tineth Ngwenya
 
Internet
byhetal001
 
Secure by design
byArun Gopinath
 

More from Andrea Vallavanti

PPTX
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
byAndrea Vallavanti
 
PDF
Eccellenze in digitale - Certificato (3)
byAndrea Vallavanti
 
PDF
B4
byAndrea Vallavanti
 
PDF
Attestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
byAndrea Vallavanti
 
PDF
abstract LNG world
byAndrea Vallavanti
 
PPTX
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
byAndrea Vallavanti
 
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
byAndrea Vallavanti
 
Eccellenze in digitale - Certificato (3)
byAndrea Vallavanti
 
B4
byAndrea Vallavanti
 
Attestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
byAndrea Vallavanti
 
abstract LNG world
byAndrea Vallavanti
 
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
byAndrea Vallavanti
 

Recently uploaded

PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
December Patch Tuesday
byIvanti
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
December Patch Tuesday
byIvanti
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 

HUMAN FACTOR AND IT/OT CORRELATION

  • 1.
    HUMAN FACTORS AND IT-OTCORRELATION Andrea Vallavanti ICT Manager
  • 2.
    DEFINITIONS The entire spectrumof technologies for information processing, including software, hardware, communications technologies and related services. In general, IT does not include embedded technologies that do not generate data for enterprise use. Is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.” IT OT
  • 3.
  • 4.
    IT AND OTCONVERGING TRANSPORTATION OIL&GAS HEALTHCAREDEFENSE MINING UTILITIES MANUFACTURING
  • 5.
    SECURITY/OBSCURITY AND STANDARDS A SHAREDSET OF STANDARDS AND PLATFORMA ACROSS IT&OT WILL REDUCE COST OF SW MANAGEMENT ….WILL REDUCE RISK COME FROM REDUCING MALAWARE AND INTERNAL ERRORS CYBERSECURITY NOT ONLY IN IT POINT OF VIEW BUT IN A «HOLISTIC» IT OT SECURITY POINT OF VIEW ACCEPTABLE POLICY WITH MOST OF OLDER GENERATION OT PLATFORM NO NEED OF EXTERNAL CONNECTION IT IS NO LONGER RELY AND THIS MAXIM BECAUSE OT PLATFORM HAVE EVOLVED TO USE COMMERCIAL GENERIC INFRASTRUCTURE WITH EXTERNAL WAN CONNECTION
  • 6.
  • 7.
    HUMAN TREATH Failure ofstaff to understand new threats. Increased use of social media by staff. Failure of IT staff to follow security procedures and policies General negligence/carelessness with websites and applications. Lack of security expertise with websites and applications
  • 8.
  • 9.
    WORKLIFE COMMON THREAT INFORMATIONTECNOLOGY & OPERATIONAL TECHNOLOGY
  • 10.
    IT & OTCONCERNS
  • 11.
    COMMON GROUND Security Analisyswith VA- PT . Highlight threats and remediation . Upgrade of firmaware and Sw and Integrity of the updates Idetifying & authenticating all devices within the system Define responsibilities and common rules of data interchange VA-PT have to be scheduled Awarness on threat for employee
  • 12.
  • 13.
    ENOUGH ??? EMPLOYEE HAVEA DEFINED A STRICTLY BOUNDARIES TO RESPECT OR IMPOSED BY AUTHOMATIC OR PREDEFINED RULES / HW EMPLOYEE EVEN IF TRAINED, NEED TO INTERACT DAILY IN DIFFERENT WAYS AND ONLY WITH A CLEAR UNDERSTANDING OF EXTERNAL/INTERNAL MENACE CAN BE AWARE SOMETIMES YES IF … SOMETIMES NO IF
  • 14.
    SECURITY EDUCATION SECURITY ASSESSMENT REMEDIATION PHASE INCIDENT INVESTIGATION Policy Procedures Cybersecurity fundamentals Penetration Testing Impactof PEN TEST with Risk Analysis Threat analysis Incident Response Impact on business Fill the Gap Budget € CYCLE OF SECURITY
  • 15.
    SOME BULLETS POINTS •INVESTING 76% LESS COMPARE THOSE WHO NOT RECEIVING TRAINING COMPANIES WITH PROGRAMS OF SECURITY AWARENESS • 50% OF PROBABILITY LESS OF INCURRING IN VIOLATION OF THE PERSONAL SAFETY COMPANIES WITH PROGRAMS OF SECURITY AWARENESS •ACCIDENTS DECREASE UP TO 80% •REDUCTION RANSOMWARE OF 50-60% •TRANSLATION OF CYBERSECURITY LIKE IT CONCET IN COMPANY CONCEPT •MEASURABLE RESULTS IN TERMS OF CYBERSECURITY AWARENESS GOOD CYBERSECURITY AWARENESS CAN DETERMINE
  • 16.
    PLATFORM FOR TRAININGAND ON LINE SKILL COMPETENCE ANALYSIS Determine in depth the skills requirements relating to workplace. Skill assessment also in function of the role covered in the company TRAINING MODULE Anti-phishing protection, protection and data destruction, secure approach to social network , physical security, smartphone security, web surfing, social engineering, email security and PASSWORD SIMULATED ATTACK E-mail phishing personalized with different level of difficulty. Employee learn also through mistakes and dedicated module can be tailored to fill the gap ANALYSIS AND REPORTS Security campaign report by : group, type of device, office, location (industrial or office)
  • 17.
  • 18.
    WHATEVER IS THEEXTERNAL AWARENESS October Cybersecurity Awareness Month: Every Employee Should Be A Level Of Security National Cyber Security Awareness Month: Security Tips for Enterprises and Employees Top online safety practices for companies & employees – Cyber Security Awareness Month 2016
  • 19.
    SUBJECTS INVOLVED Senior Manager LineManager All Employee Security Officers Short training Impact on the business Motivational training Computer based on access training Cybersecurity culture assessment Leading to the light side
  • 20.
    TOP – DOWNAPPROACH Senior Manager Line Manager All Employee Security Officers TOP DOWN WHY ? • When top executives lead by example and participate themselves, key messages are understood to be important by the masses. Leading by example is key. • Budget €/$ • Make it simple …Stick to max three topics • You cannot use the same materials that you intend to use for the general population. Executives have concerns that are unique to their job function
  • 21.
    OPTIMIZING CONTROL INVESTMENT Costof controls Cost of impact Optimum level of control investment Increasing control Costs Company with limited security control suffer relatively more information security breaches Beyond a certain point it is important to balance additional controls costs vs Cost coming from security breaches We clearly should not invest in additional controls unless we are convinced they are truly cost- effective
  • 22.
    REMIND THAT …. Employees makesimple mistakes which places them in a risk . Human error is responsible for 95% of all security incident Lax email habits: opening suspicious emails – click through website where attackers can then phish for details Weak Password easy to hack after personal information shared No backing data up Poor security habit outside work. Unptched vulnerabilities & connecting to unsecure Wi Fi networks .
  • 23.
    CONCLUSIONS WE MUST TACKLETHE HUMAN FACTOR AS WELL AS THE TECHNOLOGY PROACTIVELY MANAGING THE RISKS INVOLVES ASSESSING AND REASSESSINGALL THRETS , VULNERABILITIES ETC OVERALL INVOLVEMENT ON SECURITY TOP DOWN APPROACH THIS IS NOT A ONE- OFF «FIRE AND FORGET» OPERATION
  • 24.
    THANKS ! Andrea Vallavanti– ICT MANAGER - Mail to: andrea.vallavanti@oltoffshore.it : : https://goo.gl/Kgnoya Federprivacy Member
  • 25.
    "The relationship betweenthe IT and OT groups needs to be managed better, but more importantly, the nature of the OT systems is changing, so that the underlying technology — such as platforms, software, security and communications — is becoming more like IT systems," said Kristian Steenstrup, research vice president and Gartner fellow. "This gives a stronger justification for IT groups to contribute to OT software management, creating an IT and OT alignment that could be in the form of standards, enterprise architecture (EA), support and security models, software configuration practices, and information and process integration."
  • 26.
    IT and OTare converging in numerous important industries, such as healthcare, transportation, defense, energy, aviation, manufacturing, engineering, mining, oil and gas, natural resources, and utilities. IT leaders who are impacted by the convergence of IT and OT platforms should consider the value and risk of pursuing alignment between IT and OT, as well as the potential to integrate the people, tools and resources used to manage and support both technology areas. "A shared set of standards and platforms across IT and OT will reduce costs in many areas of software management, and reduced risks come from reducing malware intrusion and internal errors," Mr. Steenstrup said. "Cybersecurity can be enhanced if IT security teams are shared, seconded or combined with OT staff to plan and implement holistic IT-OT security. 'Security through obscurity' was an acceptable policy with most older-generation OT platforms because of their proprietary architectures and limited connection to IT. It is no longer possible to rely on this maxim, because OT platforms have evolved to use commercial generic infrastructures." With IT and OT converging, the scope of CIO authority may cater to the needs of planning and coordinating a new generation of operational technologies alongside existing information- and administration-focused IT systems. The key change for CIOs may be that their role moves from leading the IT delivery organization to leading the exploitation of the business assets of processes, information and relationships across all technologies in the enterprise — IT or OT, whether delivered, supported, or managed by the formal IT organization or elsewhere. "The intersection of IT and OT changes the relative importance of IT management disciplines for the IT organizations concerned. CIOs and other IT leaders need to evaluate and realign their roles and relationships to maximize the value of converging IT and OT," said Mr. Steenstrup. "CIOs have a great opportunity to lead their enterprises in exploiting information flows from digital technologies. By playing this role, they can better enable decisions that optimize business processes and performance."
  • 27.
    • Governance • We'llhelp you build the Security Policies, Standards, and Procedures that form the basis of your security program. From there we'll address each aspect of your enterprise, helping you select and implement the most appropriate technologies, tools and products to achieve your security and business goals. • Security Engineering • Human Element will show you how to implement engineering processes using secure design principles. We have assisted commercial and Government organizations to effectively apply security engineering and evaluation models. First, we'll hep you define the most appropriate security controls for your information systems based on your risk, threat, and regulatory environment. Then we'll define specific security architectures, designs, and solutions to mitigate potential vulnerabilities. We have experience engineering web-based systems, mobile systems, embedded devices, cyber-physical systems, and cryptographic solutions as well as site and facility physical security.
  • 28.
    • Governance • SecurityEngineering • Physical Security • Communications and Networks • Access Control - Identity and Access Management • Assessments and Testing • Security Network Operations Support • Application Security • Business Continuity and Disaster Recovery • Vulnerability Management • Intrusion Detection • Asset and Data Security • Human-Based Cyber Defense • Security Operations