Category: Enterprise Risk Management

Analysis of risk and the principles of mitigation using metrics and evidence rooted in causal analysis to protect and defend the enterprise.

Some ICS Reading Resources

Quick hit on some things for reading up on control system security. One of my favorites is Kurtz, R., (2006) “Securing SCADA Systems” this particular book is older, but it has a great section on comparing ICS security protocols. Meant…

Thinking about risk: Active defense

If we can agree… (e.g. Ryan and Ryan heuristic). Then most policy, mechanisms, and effort has in the past been at decreasing vulnerabilities. FISMA, IAVA’s, patches, etc. are all part of the mitigation of vulnerabilities. They are not countermeasures. This was…