Security is people, processes, and technology. Of these, there's a reason why technology is listed last.
Gadgets simply don't suffice without people driving them in a consistent, smart manner.
I bring this up because of the focus on device-level controls, measures, and impact criteria in NERC CIP. It doesn't get much more technology-oriented than expecting a security solution to be all-in-one on a particular box, rather than based upon a combination of technical controls dispersed across the network, in combination with process controls and people at the helm monitoring.
Gadgets simply don't suffice without people driving them in a consistent, smart manner.
I bring this up because of the focus on device-level controls, measures, and impact criteria in NERC CIP. It doesn't get much more technology-oriented than expecting a security solution to be all-in-one on a particular box, rather than based upon a combination of technical controls dispersed across the network, in combination with process controls and people at the helm monitoring.
Very informative blog... Critical Infrastructure Protection (CIP) is the need to protect a region's vital infrastructures such as food and agriculture or transportation
ReplyDelete