Focus On Cyber Security speaker profile: Murray Rosenthal, City of Toronto

What do you think is one of the biggest misunderstandings about cyber security?
 
That the cyber security scope of interest includes conventional information technology (IT)-type systems and applications. Cyber security has, as its focus, operational technology (OT)-type systems and applications in a critical infrastructure context.
 
How important is it for physical and IT security professionals to work collaboratively?
 
Very. Logical access controls on remotely, and isolated, hardware devices are of little protection if physical protection measures can be circumvented to compromise device integrity, and act as a beachhead for unauthorized network ingress and reconnoitering.
 
What will be some of the more important takeaways from your session?
 
· “Scope of interest” and “universe of discourse” are two (arcane) terms that you will grow to appreciate over time.
· This is not a drill. For your own good, adopt a programmatic approach to cyber security assurance.
· Culture eats strategy (and technology) for breakfast. No matter how defined your cyber security strategy may be, it will be destroyed by dark organizational culture.
· If your understanding of cyber security does not include architecture, you will necessarily (a) place the sustainability of your organization’s cyber security efforts in peril, and (b) make dangerous, and indefensible, assumptions about its design and operation.
· Grow up: you don’t know everything about cyber security, and hero culture is dead. If partnerships and intelligence exchange were ever considered critical for success generally, they are absolutely essential in the cyber security assurance context.