www.canadiansecuritymag.com

News
Focus On Cyber Security speaker profile: Murray Rosenthal, City of Toronto

Murray Rosenthal will be one of the featured speakers at Focus On Cyber Security on March 30 in Toronto. We asked Murray to provide a sneak peek at some of the major takeaways that attendees will learn from his session. For more on Murray and other speakers at Focus On Cyber Security, visit www.focusonseries.ca


March 3, 2016
By Canadian Security

What do you think is one of the biggest misunderstandings about cyber security?
 
That the cyber security scope of interest includes conventional information technology (IT)-type systems and applications. Cyber security has, as its focus, operational technology (OT)-type systems and applications in a critical infrastructure context.
 
How important is it for physical and IT security professionals to work collaboratively?
 
Very. Logical access controls on remotely, and isolated, hardware devices are of little protection if physical protection measures can be circumvented to compromise device integrity, and act as a beachhead for unauthorized network ingress and reconnoitering.
 
What will be some of the more important takeaways from your session?
 
· “Scope of interest” and “universe of discourse” are two (arcane) terms that you will grow to appreciate over time.
· This is not a drill. For your own good, adopt a programmatic approach to cyber security assurance.
· Culture eats strategy (and technology) for breakfast. No matter how defined your cyber security strategy may be, it will be destroyed by dark organizational culture.
· If your understanding of cyber security does not include architecture, you will necessarily (a) place the sustainability of your organization’s cyber security efforts in peril, and (b) make dangerous, and indefensible, assumptions about its design and operation.
· Grow up: you don’t know everything about cyber security, and hero culture is dead. If partnerships and intelligence exchange were ever considered critical for success generally, they are absolutely essential in the cyber security assurance context.