Corporate Security Culture View from the T op What do we mean by - - PowerPoint PPT Presentation

corporate security culture
SMART_READER_LITE
LIVE PREVIEW

Corporate Security Culture View from the T op What do we mean by - - PowerPoint PPT Presentation

Apr 05, 2023 172 likes •332 views

Corporate Security Culture View from the T op What do we mean by Corporate Culture? Refers to the shared values, attitudes, standards, and beliefs that characterize members of an organization and define its nature Rooted in an

slide-1
SLIDE 1

Corporate Security Culture

View from the T

  • p
slide-2
SLIDE 2

What do we mean by Corporate Culture?

➢Refers to the shared values, attitudes, standards, and beliefs that characterize members of an

  • rganization and define its nature

➢Rooted in an organization's goals, strategies, structure, and approaches to labor, customers, investors, and the greater community. ➢An essential component in any business's ultimate success or failure.

https://www.inc.com/encyclopedia/corporate-culture.html

slide-3
SLIDE 3

Context

slide-4
SLIDE 4

Context (cont.)

US Department of Energy: Idaho National Lab

  • Cyber-Physical Grid

Protection

  • Critical Infrastructure

Assessments

  • US & International Security

Policy & Guidance

  • International Nuclear

Cybersecurity

slide-5
SLIDE 5

IT Infrastructure Operational T echnology (OT) Infrastructure Power Infrastructure

Operational systems were analog and protected by isolation. They were not digital, not networked, and not automated. All of that has changed.

Shortest History: Tech Evolution

slide-6
SLIDE 6

Shortest History: Notable Attacks

Aurora Stuxnet Shamoon Shodan Metcalf

200 2008 20 2020 20

Estonia Georgia Ukraine Ukraine NotPetya Trisis Ransomware

slide-7
SLIDE 7

Security Governance

slide-8
SLIDE 8

https://medium.com/cxo-magazine/the-missing-chief-security-officer-11979a54fbf9

slide-9
SLIDE 9

➢ “It’s time for organizations to appoint CSOs with both technical and business leadership attributes. Most CISOs are far too pigeonholed to effectively deal with the material nature of attacks and help CEOs navigate these turbulent times. Yesterday’s governance models don’t live up to today’s business realities.”

  • - Michael Assante, (RIP), former director of

critical infrastructure and ICS at SANS Institute and former CSO of American Electric Power.

CSOs vs CISOs

CSO = Chief Security Officer CISO = Chief Information Security Officer

slide-10
SLIDE 10

Problems When CISO Reports to CIO

1. Inevitable conflicts with their boss (the CIO), whose principal job is to deploy new technologies that drive profits and efficiencies 2. CISOs under CIOs aren’t in the position to align security priorities with the company’s other strategic business goals 3. CEOs and board members need constant and regular interaction with their company’s cybersecurity expert to build trust and

  • rapport. They don’t get that from people far down the
  • rganizational chart
slide-11
SLIDE 11

Utility Org Chart for Cybersecurity Environment (1)

slide-12
SLIDE 12

Utility Org Chart for Cybersecurity Environment (1I)

slide-13
SLIDE 13

An Exemplar – How to Measure Success

➢ First year at previous utility, socialized security staff with OT

  • perators and maintainers

➢ Now at Xcel – responsible for all aspects of security

➢OT/IT ➢Cyber/Physical ➢Safety ➢NERC CIPs

slide-14
SLIDE 14

Thanks for your attention. Happy to get your questions.