A 2022 Survey Research by (Industrial Defender) - "State of Operational Technology (OT) Cybersecurity" discovered that Reporting and Compliance remains the most popular areas for 2022 OT budget investments.
Top 4 Key CISO Duties
A quick recap of the most hostile security events by Black Hat, APTs, and Other Threat actors:10 Top Fortune 500 Companys that Got Compromised (Hacked!) in 2022
"Traditional approaches to securing Operational Technology and Industrial Control System do not adequately address current threats."- ( Control System Defence Control , Cybersecurity Advisory by NSA and CISA ).
The average cost of breach in 2021/2022 is $4.2million (world economic forum 2022)
The Average known Ransom payout is about USD $228,125 Q122 by (BlackFOG & Cyber Resque Alliance best Cyber insight 2022)
(Overview) A Systematic Risk Assessment Approach - NIST 800-30/ 800 -39
Step 1: Prepare and Conduct an assessment
Step 2: Generate information derived from evaluating organizations' risk framework
Step 3: Communicate Risk Result
Step 4: Review, Preserve and maintain assessment
Quantitative information risk Analysis: The Annual Loss Expectancy(ALE) = SLE *ARO, where (SLE) is Single loss Expectancy and (ARO) Annual Rate Occurance. SLE = AV x EF, where (AV)is asset value (EF) is the exposure factor. (Tsiakis, 2010, Boehme and Nowey, 2008)
Top 3 Reasons for increasing Cyber Attacks in 2022
6 Known persistent Trail Blazers - (Threat Actors and Origin)
Top 5 (APTs) Tactics, Techniques, and Procedures (TTPs) (client and server sides)
Top 6 most vulnerable Sector by 2022
Top 5 APT Protection Companies in 2022
Top 7 most used emerging security terminology- 2022
4 Implications of Security Negligence/inattention
NIST best frameworks for information security
( NIST Framework is characterized by 5 key Functions – Identify, Protect, Detect, Respond, Recover)
"The Category of Threat is based on information" - Joe WeinmanRefer to Common Criteria (ISO/IEC I5408) to evaluate requirements of risk policies and environmental analysis , CC conforms to ;(PP) Protection Profile , (ST) Security Targets, and (TOE) Target of Evaluation6'Ds of Security Evaluation (Design, Develop, Deployment, DocumentationX3)
Conclusion: Every business operation is currently experiencing an influx of adverse threat from both known and unknown sources, it is a choice to "Sink or Swim" as an organization, Top Security Exec must promptly Monitor, Frame, Assess risk in other to Responded to business operational security challenges. The essence of this Publication is to Highlight; Critical Updates on Information Security requirements, as well as inform security professionals, C-Suite executives, Top level management on the necessary security standard frameworks, metrics, and control policies as well as summarize security incidents and responses around the cybersecurity global ecosystem, geared toward creating cyber consciousness and developing more insights on information risk treatment plan.
Thanks for Reading.David Olugbenga