This year, SecurityGate.io Co-Founder & Chief Product Officer Cherise Esparza was honored to share her perspective of the ever-changing OT/ICS cybersecurity industry in Miami, Florida on the main stage of S4x22, the largest conference for OT (Operational Technology) and ICS (Industrial Control Systems) security.
In her presentation “Essential Principles: The Key to Organizational Maturity”, Cherise discusses the stages that critical infrastructure companies move through as they mature their cybersecurity programs. She explains best practices for each stage so that organizations can efficiently evolve their cyber programs.
Watch the full presentation below.
(4:42) What Could Be Holding Us Back?
Cherise explains three things that could be holding us back from organizational maturity:
- People: Non-technical, non-security, and traditional IT leaders influencing industrial cybersecurity
- Process: Guidance and scrutiny from Board of Directors, government, and sector groups
- Tech: Usage of guardian solutions with “set it and forget it” mentalities
(7:53) It Starts and Ends with an Assessment
Everyone is doing assessments; specifically asset owners. The asset owners do assessments each day in order to demonstrate a path forward to maturity and provide a roadmap of their buying habits. If asset owners don’t have resources internally, they lean on consultant groups. Product-focused firms are also doing assessments.
“If we’re going to do assessments, we should do them right.”
(12:07) Where Do You Start?
With numerous regulations, frameworks, and guidance, it can be extremely overwhelming starting your journey to organizational maturity. Wherever you start, you should aim to answer a few things: What is my recovery time? What is the true impact? What threats is this going to disclose?
Cherise highlights three assessment models to use for driving organizational maturity: Business Impact Analysis, Gap Assessments, and Component Assessments.
(17:46) One Way to Chart Out Maturity
The industry evolves into four distinct phases of maturity: Prepare, Baseline, Accelerate, and Incorporate.
