The North American Electric Reliability Corporation (NERC):
... is asking operators to take another look at their risk assessment methodologies and conduct a new evaluation of critical assets and associated cyber assets. Too many organizations are starting their evaluations with the assumption that no system is critical until it is proved to be so. [NERC CSO] Assante suggested that they reverse the process and assume that every system is critical until it can be demonstrated otherwise.
You don't have to be a security expert to smell several rotten things in these few pages. More on this to follow ...
No comments:
Post a Comment