SlideShare a Scribd company logo

OT Security Architecture & Resilience: Designing for Security Success

accenture
accenture

The document summarizes key discussions and takeaways from an OT cybersecurity summit. It includes quotes and summaries from various sessions on topics like the importance of prioritizing cybersecurity, achieving cyber resilience through architecture, innovations and trends in OT networks, applying standards like IEC 62443, common resilience myths, centralizing OT security management, and the role of automation. The document encourages readers to review the on-demand content from the summit and contact the author's team if they have any other questions.

Technology
1 of 11
Download to read offline
Designing for Security Success Architecture & Resilience
Jim Guinn, II Accenture Senior Managing Director LinkedIn: @Jim Guinn, II | Twitter: @jimmy_guinn Our improvement journeys are all different, but our end goal is the same – achieve operational integrity and cyber resilience. We are honored to have so many senior leaders and cybersecurity OT experts involved with this summit, sharing their experiences and insights to help others achieve the goal. The outpouring of support for this event has been amazing. It demonstrates how important knowledge sharing and community involvement are to moving the needle on industrial cybersecurity. What follows are key takeaways from each session. Bold statements from OT cybersecurity practitioners based on real-world experience advancing programs and tackling the same challenges facing your organization. We all know a lot can go wrong in an OT environment, which can impact health, safety and the environment. The last year has highlighted just how vulnerable our critical infrastructure is to cyber threats. And there's absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always. As you read through this document and listen to the replays, think about your upcoming projects and operational objectives and consider reframing your discussions to incorporate security. For example: “As we adopt 5G to gain extra bandwidth, how do we do that securely?” “We are planning to increase production securely.” “We need to enhance our operations securely with the use of robotics.” If we just embed the word security in everything we talk about and in everything we do, it then comes to the forefront of our minds. Review this guide. Share the on-demand content. And reach out if you have questions or just need a sounding board. My team is ready to collaborate to advance your program for whatever is next. Cheers, “There’s absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always.” Jim Guinn, II Copyright © 2022 Accenture. All rights reserved. 2 Watch the summit >
The Cybersecurity Imperative: Why embrace it? Session Overview Architectural imperatives for cyber resiliency Technology and innovation in modern OT networks What’s old is new – Using IEC 62443 for IIoT SDLC OT security resilience myths busted Centralizing OT cybersecurity management Automation—In promise, in practice Opening Keynote Operation: Next ‘22 Fundamentals & Structure Innovation & Technology Case Study Project Execution Investment & Risk Closing Keynote Designing for security success Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. The agenda covers: • zero-trust building blocks • cloud and IIoT integration • OT security program maturity • technology investments • risk and safety Architecture & Resilience
It’s impossible to have every angle nuanced… Get your four to six critical assets, critical processes really understood and quantify the financial risk.” Bob Dudley “ Muqsit Ashraf Accenture Bob Dudley Former CEO, BP Speakers The Cybersecurity Imperative: Why embrace it? Breaches continue to climb despite billions invested in cybersecurity. Are companies investing in the right security priorities? Bob Dudley provides his thoughts on why it has taken so long for executives to wake up to the challenges and what is needed to make cybersecurity a strategic priority for executives and the board. Key takeaways: • For a long time, cybersecurity was viewed as a technical problem, rather than seen as an operational risk and business continuity concern. • Priorities are changing as breach implications become more significant, including emerging case law that holds boards and executives accountable. Opening Keynote • Boards need to understand the problem, the language and the financial implications to a company. Time to move away from showing the board basic activity dashboards and begin reviewing the critical assets and business processes that are most vulnerable and quantify that risk. • Big wake-up call was when Accenture was able within a few weeks to take over BP’s oil refinery control systems. Immediately created a world-wide task force to update our asset security program. It took time and significant culture change to implement. • Crisis Management exercises helped our executive teams understand the communications process was far more complicated than they expected. Copyright © 2022 Accenture. All rights reserved. 4 Watch the full session on-demand >
Cyber resilience is not a technology challenge, it’s a business imperative.” Rob Boyce “ Rob Boyce Accenture Speakers Architectural imperatives for cyber resiliency Data, infrastructure and access— three components, when combined, can achieve a more comprehensive and resilient architecture. Organizations that have demonstrated cyber resilience success have taken leading practices from IT and OT and brought them together. These include: • Detailed understanding of your end-to-end value chain. The better your understanding, the easier it is to develop and implement strategies to secure the chain. • Updated IR and Disaster Recovery Plans. Often companies have plans that have not kept pace with changes in their value chain. • Understand what needs to be protected, where it is located, and how it is accessed. Fundamentals & Structure Companies make significant investments to make their data more accessible and actionable, but do not make similar investments to secure it. As a result, threat actors are placing more value on data. Design factors to safeguard data include: • Have strong segmentation between systems • Create snapshots of key infrastructure applications • Implement strong identity and access management practices Copyright © 2022 Accenture. All rights reserved. 5 Watch the full session on-demand >
“Any time we get to a single vendor solution for how to do visibility and intelligence sharing, we take a big risk on what that company can do in the future.” Jon Taylor Robert Marx Accenture Marysol Ortiz Accenture Jon Taylor Accenture Speakers Technology and innovation in modern OT networks Discussion of the threats, trends, innovations, and needs for improving OT security. Innovations • Security automation is being used to reduce incident response time. Trends • Companies have increased their OT security but government mandates, e.g., 100-day cyber sprints, are accelerating this. • Vendor awareness is growing as they realize that threats like ransomware are a risk to their own businesses and ability to deliver. They are now coming to sites with the expectation that security access protocols will be in place, which they will have to meet. Innovation & Technology Needs • Need to adopt a standardized, open-source application for network visibility. Open source generally leads to better security results. Additionally, clients are feeling the pain of proprietary protocols when changing vendors. • Need to greatly improve intelligence sharing across companies and industries. Threats • Vendors rarely track their hardware and software component and there is a lack of vulnerability information being shared. Clients need to be proactive and demand contract security be in every agreement. Copyright © 2022 Accenture. All rights reserved. 6 Watch the full session on-demand >
“The existing cyber risk is underestimated, especially in the OT.” Jan Kwiatkowski Bjorn Haan Accenture Jan Kwiatkowski Accenture Oliver Moeller Accenture Speakers What’s old is new— Using IEC 62443 for IIoT SDLC Our OT security pros clarify IEC 62443 standard’s syntax, requirements and extended application with additional conversation on business continuity management (BCM) in the OT space. Key takeaways: IEC 62443 is more than a holistic framework. • It considers governance as well as operational and technical architecture guidelines. It can also be leveraged to build secure products in the digital area. • In combination with ISO 27K, it’s a solid foundation to align and build agile, IT/OT converged governance and operating models. Bridge the cultural divide between IT and OT. • OT cybersecurity and IT/OT converged cybersecurity governance and operations require appropriate awareness and training for all impacted IT and OT stakeholders. Case Study Business Continuity Management: • Review and analyze your business processes and associated risk. • Are your supplier SLAs current? • Do you have staff available and trained to switch to manual processes? • Have an eye on environmental changes to your business. • Have a holistic point of view of your OT systems and supporting IT systems and have an umbrella plan in place. • For OT, you need business impact advisors in your processes, including OT, IT and the needed network technology to connect everything. Copyright © 2022 Accenture. All rights reserved. 7 Watch the full session on-demand >
Plans aren’t worth the paper they’re written on if they’re not exercised.” Tina Slankas “ Michelle DeLiberty Accenture Rouzbeh Hashemi Accenture Bryan Singer Accenture Tina Slankas Accenture Speakers OT security resilience myths busted Accenture OT security pros discuss common resilience myths and what is really needed to achieve security resilience. Myth #1: Tools Will Save Us • As soon as you put a tool in place it begins to age if you’re not actively maintaining it. • There is no tool that solves a problem; tools simply enable you to solve a problem. If you don’t have a strategy in place for how a tool should be used, you won’t get the benefits it provides. • There is no one category that does it all. Companies need to have threat prevention, detection and response controls in place. Myth #2: Architecture Will Save Us • Threat actors are continuously evolving their tactics, which puts static architectures at risk. Project Execution • Better approach is to shift to a proactive, dynamic architecture that has security integrated from the start. Myth #3: Compliance Will Save Us • Compliance measures are based on historic information. Threat actors are evolving faster than compliance measures evolve. • Compliance means you’ve created a checklist; it doesn’t mean you’ve achieved confidence you can recover from an incident. • Having a plan and tools for recovery aren’t enough. You have to test and practice that plan so everyone knows their responsibility and can act quickly once an incident occurs. Copyright © 2022 Accenture. All rights reserved. 8 Watch the full session on-demand >
“Being able to leverage the cloud can really help with some things that are historically the biggest challenges getting security programs right.” Justin Vierra Brad Hegrat Accenture Luis Luque Accenture Justin Vierra Accenture Speakers Centralizing OT cybersecurity management In an environment where introducing new tools can bring new risks, achieving cyber resiliency weighs heavily on good cyber hygiene and a properly engineered architecture. Here are some critical components: • As a bare minimum, introduce some type of Windows infrastructure management into your environment. • Understand what components are required within your complex systems and service those first. • A managed infrastructure is critical to understanding exactly how traffic is moving through your network. • An application whitelisting agent is a cheap, easy way to get endpoint protection for your OT network. Investment & Risk • Without a properly engineered on prem architecture, migrating to the cloud is going to complicate things. • Journey to the industrial cloud must encompass security from the start. • Adding a virtualization environment platform within your OT space will pay dividends for projects and projects to come. • Successful disaster recovery for OT is understanding how and what to recover, and in what order. • Right size your network infrastructure to the industrial process by mapping individual subnets to a segment or sub segment of your industrial process. This will allow you to start tracking things, not by IP address but by subnet. Copyright © 2022 Accenture. All rights reserved. 9 Watch the full session on-demand >
Automation — In promise, in practice “We want to use automation where we can and then have humans involved where they need to be.” Paul Scharre Gabby D’Adamo Accenture Jim Guinn, II Accenture Paul Scharre Center for a New American Security Speakers There’s no question that automation already plays a significant role in IT and OT system cybersecurity. As the threat landscape continues to grow, what role could/should automation play in OT security management? Advantages of automation • Helps systems be more efficient, more effective and safer. • Reduces tendency for human error. • Propagates system updates helping improve security. • Works well for repeatable, predictable processes. Closing Keynote Risks of automation • Takes humans out of the process removing them from potentially catching mistakes and issues. • Increases potential risk if a hacker infiltrates a system. • Can’t build automated systems to work in situations we can’t predict. Going forward • Automation adoption needs to be a risk-informed decision. • Start by looking for manual processes you can automate that will free up humans to focus on critical thinking problems. • Humans will still play a role – they need to know what automation is capable of and when to step in. Copyright © 2022 Accenture. All rights reserved. 10 Watch the full session on-demand >
Ready to step into next? Visit our website for expert insights on OT cybersecurity Discover more resources > Learn about our purpose- built OT Cyber Fusion Center Partner with us to advance your OT security program Leverage our test facility > Engage our OT cyber team > Take a virtual tour > Contact our team >

Recommended

Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Downaccenture
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 

Recommended

Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Downaccenture
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Zero trust strategy: cloud security by design
Zero trust strategy: cloud security by designZero trust strategy: cloud security by design
Zero trust strategy: cloud security by designaccenture
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeawaysaccenture
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 

More Related Content

What's hot

Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
Zero trust strategy: cloud security by design
Zero trust strategy: cloud security by designZero trust strategy: cloud security by design
Zero trust strategy: cloud security by designaccenture
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 

What's hot (20)

Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Zero trust strategy: cloud security by design
Zero trust strategy: cloud security by designZero trust strategy: cloud security by design
Zero trust strategy: cloud security by design
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 

Similar to OT Security Architecture & Resilience: Designing for Security Success

Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeawaysaccenture
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonPatricia M Watson
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economyaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
CLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYCLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYShivananda Rai
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 

Similar to OT Security Architecture & Resilience: Designing for Security Success (20)

Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeaways
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
111.pptx
111.pptx111.pptx
111.pptx
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
Securing the digital economy
Securing the digital economySecuring the digital economy
Securing the digital economy
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
CLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYCLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITY
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 

More from accenture

The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024accenture
 
The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023accenture
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education accenture
 
The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023accenture
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education accenture
 
Engineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibileEngineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibileaccenture
 
Digital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial SystemDigital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial Systemaccenture
 
More deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journeyMore deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journeyaccenture
 
The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023accenture
 
Reinventing Enterprise Operations
Reinventing Enterprise OperationsReinventing Enterprise Operations
Reinventing Enterprise Operationsaccenture
 
Semiconductor Gender Parity Study
Semiconductor Gender Parity StudySemiconductor Gender Parity Study
Semiconductor Gender Parity Studyaccenture
 
The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023accenture
 
Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented change Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented changeaccenture
 
Free to be 100% me
Free to be 100% meFree to be 100% me
Free to be 100% meaccenture
 
The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023accenture
 
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimentoMundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimentoaccenture
 
Pathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications IndustryPathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications Industryaccenture
 
The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023accenture
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accentureaccenture
 
Climate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | AccentureClimate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | Accentureaccenture
 

More from accenture (20)

The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024
 
The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
 
The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
 
Engineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibileEngineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibile
 
Digital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial SystemDigital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial System
 
More deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journeyMore deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journey
 
The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023
 
Reinventing Enterprise Operations
Reinventing Enterprise OperationsReinventing Enterprise Operations
Reinventing Enterprise Operations
 
Semiconductor Gender Parity Study
Semiconductor Gender Parity StudySemiconductor Gender Parity Study
Semiconductor Gender Parity Study
 
The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023
 
Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented change Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented change
 
Free to be 100% me
Free to be 100% meFree to be 100% me
Free to be 100% me
 
The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023
 
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimentoMundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
 
Pathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications IndustryPathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications Industry
 
The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
 
Climate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | AccentureClimate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | Accenture
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

OT Security Architecture & Resilience: Designing for Security Success

  • 2. Jim Guinn, II Accenture Senior Managing Director LinkedIn: @Jim Guinn, II | Twitter: @jimmy_guinn Our improvement journeys are all different, but our end goal is the same – achieve operational integrity and cyber resilience. We are honored to have so many senior leaders and cybersecurity OT experts involved with this summit, sharing their experiences and insights to help others achieve the goal. The outpouring of support for this event has been amazing. It demonstrates how important knowledge sharing and community involvement are to moving the needle on industrial cybersecurity. What follows are key takeaways from each session. Bold statements from OT cybersecurity practitioners based on real-world experience advancing programs and tackling the same challenges facing your organization. We all know a lot can go wrong in an OT environment, which can impact health, safety and the environment. The last year has highlighted just how vulnerable our critical infrastructure is to cyber threats. And there's absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always. As you read through this document and listen to the replays, think about your upcoming projects and operational objectives and consider reframing your discussions to incorporate security. For example: “As we adopt 5G to gain extra bandwidth, how do we do that securely?” “We are planning to increase production securely.” “We need to enhance our operations securely with the use of robotics.” If we just embed the word security in everything we talk about and in everything we do, it then comes to the forefront of our minds. Review this guide. Share the on-demand content. And reach out if you have questions or just need a sounding board. My team is ready to collaborate to advance your program for whatever is next. Cheers, “There’s absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always.” Jim Guinn, II Copyright © 2022 Accenture. All rights reserved. 2 Watch the summit >
  • 3. The Cybersecurity Imperative: Why embrace it? Session Overview Architectural imperatives for cyber resiliency Technology and innovation in modern OT networks What’s old is new – Using IEC 62443 for IIoT SDLC OT security resilience myths busted Centralizing OT cybersecurity management Automation—In promise, in practice Opening Keynote Operation: Next ‘22 Fundamentals & Structure Innovation & Technology Case Study Project Execution Investment & Risk Closing Keynote Designing for security success Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. The agenda covers: • zero-trust building blocks • cloud and IIoT integration • OT security program maturity • technology investments • risk and safety Architecture & Resilience
  • 4. It’s impossible to have every angle nuanced… Get your four to six critical assets, critical processes really understood and quantify the financial risk.” Bob Dudley “ Muqsit Ashraf Accenture Bob Dudley Former CEO, BP Speakers The Cybersecurity Imperative: Why embrace it? Breaches continue to climb despite billions invested in cybersecurity. Are companies investing in the right security priorities? Bob Dudley provides his thoughts on why it has taken so long for executives to wake up to the challenges and what is needed to make cybersecurity a strategic priority for executives and the board. Key takeaways: • For a long time, cybersecurity was viewed as a technical problem, rather than seen as an operational risk and business continuity concern. • Priorities are changing as breach implications become more significant, including emerging case law that holds boards and executives accountable. Opening Keynote • Boards need to understand the problem, the language and the financial implications to a company. Time to move away from showing the board basic activity dashboards and begin reviewing the critical assets and business processes that are most vulnerable and quantify that risk. • Big wake-up call was when Accenture was able within a few weeks to take over BP’s oil refinery control systems. Immediately created a world-wide task force to update our asset security program. It took time and significant culture change to implement. • Crisis Management exercises helped our executive teams understand the communications process was far more complicated than they expected. Copyright © 2022 Accenture. All rights reserved. 4 Watch the full session on-demand >
  • 5. Cyber resilience is not a technology challenge, it’s a business imperative.” Rob Boyce “ Rob Boyce Accenture Speakers Architectural imperatives for cyber resiliency Data, infrastructure and access— three components, when combined, can achieve a more comprehensive and resilient architecture. Organizations that have demonstrated cyber resilience success have taken leading practices from IT and OT and brought them together. These include: • Detailed understanding of your end-to-end value chain. The better your understanding, the easier it is to develop and implement strategies to secure the chain. • Updated IR and Disaster Recovery Plans. Often companies have plans that have not kept pace with changes in their value chain. • Understand what needs to be protected, where it is located, and how it is accessed. Fundamentals & Structure Companies make significant investments to make their data more accessible and actionable, but do not make similar investments to secure it. As a result, threat actors are placing more value on data. Design factors to safeguard data include: • Have strong segmentation between systems • Create snapshots of key infrastructure applications • Implement strong identity and access management practices Copyright © 2022 Accenture. All rights reserved. 5 Watch the full session on-demand >
  • 6. “Any time we get to a single vendor solution for how to do visibility and intelligence sharing, we take a big risk on what that company can do in the future.” Jon Taylor Robert Marx Accenture Marysol Ortiz Accenture Jon Taylor Accenture Speakers Technology and innovation in modern OT networks Discussion of the threats, trends, innovations, and needs for improving OT security. Innovations • Security automation is being used to reduce incident response time. Trends • Companies have increased their OT security but government mandates, e.g., 100-day cyber sprints, are accelerating this. • Vendor awareness is growing as they realize that threats like ransomware are a risk to their own businesses and ability to deliver. They are now coming to sites with the expectation that security access protocols will be in place, which they will have to meet. Innovation & Technology Needs • Need to adopt a standardized, open-source application for network visibility. Open source generally leads to better security results. Additionally, clients are feeling the pain of proprietary protocols when changing vendors. • Need to greatly improve intelligence sharing across companies and industries. Threats • Vendors rarely track their hardware and software component and there is a lack of vulnerability information being shared. Clients need to be proactive and demand contract security be in every agreement. Copyright © 2022 Accenture. All rights reserved. 6 Watch the full session on-demand >
  • 7. “The existing cyber risk is underestimated, especially in the OT.” Jan Kwiatkowski Bjorn Haan Accenture Jan Kwiatkowski Accenture Oliver Moeller Accenture Speakers What’s old is new— Using IEC 62443 for IIoT SDLC Our OT security pros clarify IEC 62443 standard’s syntax, requirements and extended application with additional conversation on business continuity management (BCM) in the OT space. Key takeaways: IEC 62443 is more than a holistic framework. • It considers governance as well as operational and technical architecture guidelines. It can also be leveraged to build secure products in the digital area. • In combination with ISO 27K, it’s a solid foundation to align and build agile, IT/OT converged governance and operating models. Bridge the cultural divide between IT and OT. • OT cybersecurity and IT/OT converged cybersecurity governance and operations require appropriate awareness and training for all impacted IT and OT stakeholders. Case Study Business Continuity Management: • Review and analyze your business processes and associated risk. • Are your supplier SLAs current? • Do you have staff available and trained to switch to manual processes? • Have an eye on environmental changes to your business. • Have a holistic point of view of your OT systems and supporting IT systems and have an umbrella plan in place. • For OT, you need business impact advisors in your processes, including OT, IT and the needed network technology to connect everything. Copyright © 2022 Accenture. All rights reserved. 7 Watch the full session on-demand >
  • 8. Plans aren’t worth the paper they’re written on if they’re not exercised.” Tina Slankas “ Michelle DeLiberty Accenture Rouzbeh Hashemi Accenture Bryan Singer Accenture Tina Slankas Accenture Speakers OT security resilience myths busted Accenture OT security pros discuss common resilience myths and what is really needed to achieve security resilience. Myth #1: Tools Will Save Us • As soon as you put a tool in place it begins to age if you’re not actively maintaining it. • There is no tool that solves a problem; tools simply enable you to solve a problem. If you don’t have a strategy in place for how a tool should be used, you won’t get the benefits it provides. • There is no one category that does it all. Companies need to have threat prevention, detection and response controls in place. Myth #2: Architecture Will Save Us • Threat actors are continuously evolving their tactics, which puts static architectures at risk. Project Execution • Better approach is to shift to a proactive, dynamic architecture that has security integrated from the start. Myth #3: Compliance Will Save Us • Compliance measures are based on historic information. Threat actors are evolving faster than compliance measures evolve. • Compliance means you’ve created a checklist; it doesn’t mean you’ve achieved confidence you can recover from an incident. • Having a plan and tools for recovery aren’t enough. You have to test and practice that plan so everyone knows their responsibility and can act quickly once an incident occurs. Copyright © 2022 Accenture. All rights reserved. 8 Watch the full session on-demand >
  • 9. “Being able to leverage the cloud can really help with some things that are historically the biggest challenges getting security programs right.” Justin Vierra Brad Hegrat Accenture Luis Luque Accenture Justin Vierra Accenture Speakers Centralizing OT cybersecurity management In an environment where introducing new tools can bring new risks, achieving cyber resiliency weighs heavily on good cyber hygiene and a properly engineered architecture. Here are some critical components: • As a bare minimum, introduce some type of Windows infrastructure management into your environment. • Understand what components are required within your complex systems and service those first. • A managed infrastructure is critical to understanding exactly how traffic is moving through your network. • An application whitelisting agent is a cheap, easy way to get endpoint protection for your OT network. Investment & Risk • Without a properly engineered on prem architecture, migrating to the cloud is going to complicate things. • Journey to the industrial cloud must encompass security from the start. • Adding a virtualization environment platform within your OT space will pay dividends for projects and projects to come. • Successful disaster recovery for OT is understanding how and what to recover, and in what order. • Right size your network infrastructure to the industrial process by mapping individual subnets to a segment or sub segment of your industrial process. This will allow you to start tracking things, not by IP address but by subnet. Copyright © 2022 Accenture. All rights reserved. 9 Watch the full session on-demand >
  • 10. Automation — In promise, in practice “We want to use automation where we can and then have humans involved where they need to be.” Paul Scharre Gabby D’Adamo Accenture Jim Guinn, II Accenture Paul Scharre Center for a New American Security Speakers There’s no question that automation already plays a significant role in IT and OT system cybersecurity. As the threat landscape continues to grow, what role could/should automation play in OT security management? Advantages of automation • Helps systems be more efficient, more effective and safer. • Reduces tendency for human error. • Propagates system updates helping improve security. • Works well for repeatable, predictable processes. Closing Keynote Risks of automation • Takes humans out of the process removing them from potentially catching mistakes and issues. • Increases potential risk if a hacker infiltrates a system. • Can’t build automated systems to work in situations we can’t predict. Going forward • Automation adoption needs to be a risk-informed decision. • Start by looking for manual processes you can automate that will free up humans to focus on critical thinking problems. • Humans will still play a role – they need to know what automation is capable of and when to step in. Copyright © 2022 Accenture. All rights reserved. 10 Watch the full session on-demand >
  • 11. Ready to step into next? Visit our website for expert insights on OT cybersecurity Discover more resources > Learn about our purpose- built OT Cyber Fusion Center Partner with us to advance your OT security program Leverage our test facility > Engage our OT cyber team > Take a virtual tour > Contact our team >