- Securing Things Newsletter
- Posts
- IT & OT/ICS Cybersecurity Policy(/ies)
IT & OT/ICS Cybersecurity Policy(/ies)
Deciding on the Policy Route [Securing Things by M. Yousuf Faisal]
M. Yousuf Faisal
December 15, 2024
Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Table of Contents
Hi Securing Things Community,
📢 Welcome to Deciding on IT & OT/ICS Cybersecurity Policy Route🛡️
An organisation that is just starting out on cybersecurity journey, and or specifically OT cybersecurity journey, would face the challenge to make a decision on whether to create:
(a) a single information / cybersecurity policy document with IT & OT policies together.
(b) a separate or new OT security policy document.
(c) and or, take a hybrid approach of the two above with additional supporting standards.
3 Themes Observed
In this newsletter, we’ll be tackling the above question and discuss these 3 approaches I’ve seen across the industry, certain criteria on which you need to make this decision, pros and cons and relevant industry best practices. Also, I’ll be sharing my most viewed social media posts, ways in which I can help, and your support.
Special Message:
Before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!
So lets dig in.
Together with:
Writer RAG tool: build production-ready RAG apps in minutes
RAG in just a few lines of code? We’ve launched a predefined RAG tool on our developer platform, making it easy to bring your data into a Knowledge Graph and interact with it with AI. With a single API call, writer LLMs will intelligently call the RAG tool to chat with your data.
Integrated into Writer’s full-stack platform, it eliminates the need for complex vendor RAG setups, making it quick to build scalable, highly accurate AI workflows just by passing a graph ID of your data as a parameter to your RAG tool.
Why is this such a big deal?
In the last several years (particular since Covid), I have came across several local, regional and or even global manufacturers that did not had an IT and or OT cybersecurity policies in place, or had some IT security policies and procedures bundled within the policy document, however, when it came to OT/ICS related security policies, none existed in almost all cases. Yes, true even end of 2024 for perhaps many.
These manufacturers were motivated to act mainly because of compliance mandates, audit demands, or as a response to a cyber incident.
Implementing a policy is crucial for enabling your IT and OT/ICS or operations teams to effectively apply security best practices across all facilities and locations. This approach ensures consistency and reliability, rather than depending on the diverse culture, knowledge, skills, and intentions of administrative and general staff.
Explore the problem statement and potential solutions with confidence as the following sections provide a detailed comparison of various approaches, document hierarchy, and process flow. Whether you're simply curious or aiming for proficiency, this guide offers the essential resources you need.
Together with:
Learn how to make AI work for you
AI won’t take your job, but a person using AI might. That’s why 800,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
And also:
There’s a reason 400,000 professionals read this daily.
Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.
Reply