From: Defense One
Aliya Sternstein
The Obama administration has released a draft of computer security protocols for companies that operate key systems, such as chemical plants and the electric grid. The document admittedly does not address privacy issues.
***
For protection against insider attacks, the company should control who has access to certain physical facilities that house virtual operations, as well as control remote access to internal networks via smartphones and cloud applications. And the firm should tie cybersecurity procedures to human resources procedures during background checks and employee transfers.
To detect a breach as early as possible, an organization should perform automated “continuous monitoring” of odd network activity and physical continuous monitoring of events flagged by the automated monitoring. The business should also perform “personnel monitoring for cybersecurity events flagged by the detection system or process,” the documents state.
Leave a Reply