
![]() |
Charlotte Stonestreet
Managing Editor |
Home >Three-fifths of the industrial control industry has not deployed security configuration management
Three-fifths of the industrial control industry has not deployed security configuration management
20 January 2014
At the eighth annual American Petroleum Institute Cybersecurity Conference, Tripwire has announced the results of research comparing risk-based security management in the industrial sector to that of other industries.
Conducted during 2013 with the Ponemon Institute, the survey evaluates the attitudes of 1320 respondents from the US and UK.
The study has revealed that the industrial sector is less effective than other industries in deploying risk management controls and communicating effectively about security. While 51% use formal risk assessments to identify security risks (5% higher than the survey average), only 40% have fully or partially deployed security configuration management, differing from the survey average of 49%. And only 56% listed an "openness to challenge assumptions” as one of the top three features most critical to the success of a risk-based security management approach, 6% lower than the survey average.
"With the rapid escalation of critical infrastructure cybersecurity threats, industrial control organizations have a lot to do,” said Dwayne Melancon, chief technology officer for Tripwire. "It is encouraging that they are embracing a risk-based view of their operations at a higher than average rate, but this is not enough to protect them against determined attackers. It is imperative for this sector to get a handle on system hardening and configuration management practices to improve security and reliability.”
"Even though industrial sector organizations are actively considering security risks, they must also improve their willingness to elevate key risks to the executive level,” Melancon continued. "Security risks must be considered in context with overall business risk or the entire organization’s success will be in jeopardy.”
Tripwire is a provider of risk-based security and compliance management, enabling enterprises to effectively connect security to their business.
- Cisco & MAC Solutions partner
- All about efficiency
- 10 million Euros of production improvements
- Airbus UAS in first free flight
- Designed by engineers for engineers
- Marine technology moves into the digital age
- Robots expand reach beyond factories
- IoT device security advanced to thwart evolving threats
- Leading robotics event visits UK for first time
- Agricultural drones & robots used for disinfection operation
- No related articles listed