Engineering, Risk Management For Cyber-Physical Systems With Andrew Ginter Caffeinated Risk podcast

Artwork

Tech MBA Business News Tech News McCreight & Leece Risk Management Cybersecurity Cyber Risk Enterprise Security Risk Esrm

Player FM - Internet Radio Done Right

Tilføjet four år siden

Indhold leveret af McCreight & Leece. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af McCreight & Leece eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

<

<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/the-action-catalyst-2929203">The Action Catalyst</a></span>

<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/the-action-catalyst-2929203">The Action Catalyst</a></span> podcast artwork

<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/the-action-catalyst-2929203">The Action Catalyst</a></span> podcast artwork

1
The Action Catalyst

for 3 dage sidenfor 3d ago

Ugentligt+

The Action Catalyst interviews top leaders and achievers, sharing hard-earned tips and advice to help you uncover your inspiration and gain valuable insights to overcome setbacks, defeat mediocrity, and reach your goals in life, business, and beyond. Southwestern/Great American, Inc., dba Southwestern Family of Companies, for itself and its related entities and their assigns, reserves and retains all rights to their copyrighted materials and trademarks contained in this podcast.

Caffeinated Risk « »
Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter

for ca. et år siden 29:25

Del

MP3•Episode hjem

Indhold leveret af McCreight & Leece. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af McCreight & Leece eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints.
Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles. A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution.
Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.

… continue reading

47 episoder

#Tech #MBA #Business #News #Tech News #McCreight & Leece #Risk Management #Cybersecurity #Cyber Risk #Enterprise Security Risk #Esrm

Artwork

Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter

Caffeinated Risk

published for ca. et år siden

Del

MP3•Episode hjem

Indhold leveret af McCreight & Leece. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af McCreight & Leece eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints.
Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles. A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution.
Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.

… continue reading

47 episoder

#Tech #MBA #Business #News #Tech News #McCreight & Leece #Risk Management #Cybersecurity #Cyber Risk #Enterprise Security Risk #Esrm

Alle episoder

×

Artwork

1
SMB Resilience and lessons for larger organizations with Rochelle Clarke 30:44

for 11 dage siden30:44

30:44

At 45-50%, depending on your statistical source, there is no denying that small to medium sized businesses are a significant economic engine from both an employment and innovation perspective. In 1978 Microsoft numbered 11 people. Unfortunately small businesses are also the least likely to survive a major disruption, an experience that changed Rochelle Clarke's corporate leadership trajectory to a business founder. The Continuity Strength founder shares insights on the needs of small to medium businesses and how to develop resilience plans while simultaneously addressing the two biggest concerns of most SMB owners, time and money. Prior to founding Continuity Strength, Ms. Clarke was the Country Manager, Global Strategy for Heineken, a management consultant and is on multiple board and academic committees.…

Artwork

1
Addressing Risk and Cyber Resilience, the Alberta Approach - with Rachel Hayward 36:13

for 7 weeks siden36:13

36:13

A surprising number of digital innovations began in Alberta, be it the world's first public digital cellular network in 1985, the DNP3 industrial controls protocol and becoming the first Google international research lab in 2017. CyberAlberta is another innovative collaboration focused on strengthening the cyber resilience of Alberta organizations. At almost 330 billion annually, protecting the Alberta economy and it's citizens from digital attacks is an important mission. In a very candid conversation, Rachel Hayward, Executive Director of CyberAlberta shares both successes and challenges observed with cyber workforces and organizational readiness. Her previous tenure with the Alberta Privacy commissioner adds some additional nuance in these times of ever greater tests of personal rights.…

Artwork

1
Security Risk Management in an Open Data Environment with Michael Spaling 36:26

for 12 weeks siden36:26

36:26

Ever wondered how top universities protect their cutting-edge research from prying eyes while ensuring seamless access for their scholars? Join us as Michael Spaling, Principal Security Architect at the University of Alberta , takes us behind the scenes of this high-stakes balancing act. Just like any other large organization, research universities have many different stakeholder, operational and regulatory requirements, thousands of employees and tens of thousands of customers. In a strange twist, both Mr. Spaling and podcast cohost Tim McCreight are also recent recipients of industry awards , prompting a few questions that reveals some darker elements of social media while continuing to offer security leadership.…

Artwork

1
Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter 29:25

for 18 weeks siden29:25

29:25

The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints. Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles. A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution. Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.…

Artwork

1
Deviance Normalization & Risk Management with Marco Ayala 34:05

for 24 weeks siden34:05

34:05

Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any management system is our human tendencies. This episode explores how organizations can make slow, steady migration from first principles to risky undertakings without noticing. Marco Ayala, an operational technology cybersecurity expert and current Houston InfraGard president , joins this episode to further explore the reasons behind this normalization of deviance, a concept first introduced to OT cyber specialists at S4 in 2024 . Mr. Ayala is also CCE proponent and facilitator leading to a discussion on possible options for course correction back off the normalization path. Although solutions must always be tailored to work within organizational constraints, the early contributors to catastrophic outcomes associated with the Challenger space shuttle and Boeing 737 Max warrant exploration or we will inevitably repeat.…

Artwork

1
Managing Supply Chain Risk Management - with Darren Gallop 32:34

for 28 weeks siden32:34

32:34

Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) is a risk management area no organization can ignore. While SolarWinds is recent common reference in many SCM discussions, this episode's guest takes us back to Target's major data breach that resulted in significant changes to the PCI-DSS standard. Darren Gallop, a serially successful Canadian tech entrepreneur, recounts the early journey into the software as a service business up to his current role as CEO of Carbide . The episode talks frankly about the current challenges with supply chain management, but Mr. Gallop also shares where he sees bright lights on the horizon and a path forward for organizations willing to consider the shift.…

Artwork

1
Metawar and Fostering Resilience with Winn Schwartau 34:51

for 32 weeks siden34:51

34:51

Long before the Matrix captured peoples imaginations, Winn Schwartau was steadily offering red pills for those reading his many books on information warfare. A scholastic level researcher without the pretense, Mr. Schwartau has been recognized internationally as one of the leading security thinkers of our time and has a special capability for distilling complex security concepts into every day language and metaphor. In this episode Tim and Doug talk with Winn about the battle big tech is waging on our cognitive capabilities. Recorded just days before the release of Winn's latest book, this interview is a very frank examination of our current human state and some sound direction on how to counter the effects of coexisting with technology. Some sample chapters of the new book and links are available here: https://winnschwartau.com/metawar/…

Artwork

1
Resilience and I.R. Lessons Learned (the hard way) - with Adam McMath 34:31

for 39 weeks siden34:31

34:31

Almost all incident response plans include a "lessons learned" step, and in the post adrenalin phase that follows many breaches, reviewing what worked and what needs improving doesn't excite a lot of people. Adam McMath is clearly the exception, leading incident response activities in both the cyber realm and physical. How do resilience and incident response lessons learned while literally fighting fires translate into risk management practices within cyber security, is a good question explored in depth with this month's guest. Mr. McMath's experience and exuberance are evident throughout, with a great deal of additional content that will appear in a future espresso shot bonus episode.…

Artwork

1
ESRM a Transformation Catalyst with Radek Havlis 29:47

for 45 weeks siden29:47

29:47

Amongst the industry verticals classified as critical infrastructure, few would argue that telecommunications belongs in the top that list, placing even more weight on a risk management program due to cascading impacts. Consequently, safe reliable operations are essential for success while continuing to grow in a highly competitive marketplace. A security risk management challenge across many dimensions that has become an ESRM success story. This episode features Radek Havlis, Vice President, Director Business Resilience and Chief Security Officer at O2 Telefonica Germany sharing insights into O2 Telefonica's transformation toward a highly converged security model. An early advocate of ESRM, Mr. Havlis explains how the risk management philosophy remains consistent but the requirements for successful implementation can vary greatly by organization. The Telefonica journey started with visionary leadership and in less than three years has transformed the view of security as a business enabler.…

Artwork

1
Contingency Planning, Cyber Resilience and Incident Response 28:33

for 1 year siden28:33

28:33

Regulatory frameworks from PCI-DSS to NERC-CIP to the newly minted NIST CSF 2.0 each require organizations of all sizes to have cyber incident response plans. Most of us who have spent any time in cubicle filled office towers are familiar with fire drills to clear the building and gather staff at muster points, and that is as close as we get to the real thing. Unfortunately that same lucky streak will Unlike a fire drill, recent research estimates 85% of businesses will expereince a cyber incident annually , and many will find short-comings in their incident response plan. This episode explores a couple of recent news-worthy Canadian Cyber incidents, challenges with incident response plans and as always, how to use ESRM principles to further your program, even in a time of crisis.…

Artwork

1
The Business Context of Cyber Resilience with Steven J Ross 30:51

for 1 year siden30:51

30:51

Those running a business today who have not experienced disruption due to cyber issues or attacks know it is only a matter of time. Even if their organization is not directly targeted, the modern marketplace comprised of multiple, interconnected supply chains, means impact is unavoidable but this episode's guest, Steven J Ross contends planning, design and clear priorities can provide mitigating resilience . Steven J Ross, executive principal of Risk Masters International , is a recognized cyber security expert, specializing cyber resilience, recovery and business continuity. His decades of experience come through loud and clear with a somewhat unflinching perspective on the current digital threat landscape and the impact on organizations and individuals. In addition to leading a boutique risk management practice helping Finance, Health care, Defense and more , Mr. Ross has been the author of one of ISACA Journal's most read columns since 1998.…

Artwork

1
Building a Cyber Risk Management Program with Brian Allen 30:03

for 1 year siden30:03

30:03

The U.S. Security Exchange Commission defined new rules for cyber risk matters facing publicly traded corporations in July of 2023. Although the SEC's mandate is limited to publicly traded companies in the United States, where one regulator goes others are apt to follow. Brian Allen is the co-author of a brand new book putting form, structure and traceability around the SEC mandated requirement for a Cyber Risk Management Program. Mr. Allen was on of the original creators and advocates of the ESRM framework first published in 2013 , and has been practicing security risk management throughout his career. Caffeinated Risk is very please to bring a very candid conversation with a true thought leader in the risk management field to our ever growing family of listeners.…

Artwork

1
CyberPHA - OT Risk management With John Cusimano 31:59

for 1 year siden31:59

31:59

The ISA 99 standards body is one of the most recognized authorities on cyber physical security covering many aspects of a cyber security management system for industrial control systems including risk management. This episode features John Cusimano, former chairman of the ISA subcommittee responsible for authoring the risk management portion of the standard 62443-3-2:2020 Mr. Cusimano takes us back to the origins of the OT specific risk assessment process, originally dubbed CyberPHA, we also explore how the methodology can be managed and percieved at different levels of the organization as well as how this approach can safely carry organizations into a future that includes cloud computing. John is currently the Vice President for Operational Technology Security at Armexa , more than 30 years experience in OT and one of the early thought leaders in this unique areas of cyber security and risk management.…

Artwork

1
Science, Crime and Workforce Development with Dr. Martin Gill 31:52

for 1 year siden31:52

31:52

Security and crime are often in close proximity but not always studied together. This month's episode features Martin Gill a criminologist who made the study of crime and security his life's work. After a decade as a lecturing professor at the University of Leichester, Mr. Gill started Perpetuity Research i n 2002 and continues to provide very high quality research, both qualitiative and quantitiative, on what works -- and more importantly what does not -- on many different areas of the security field. In addition to leading the annual Security Research Initiative reports, Martin Gill is also the a contributing author and editor of many criminology and security textbooks including " The Handbook of Security " -- now in it's third edition.…

Artwork

1
ESRM a Decade In and The Emergent Threat Landscape 29:52

for 2 years siden29:52

29:52

Post GSX conference , which included an in-depth review of ESRM and an interview with former U.S. president George W Bush, this episode considers how enterprise security risk management has stood the test of time as well as how risk analysis will need to evolve . Financial receptors can be found in almost every organizational risk matrix but how do those decisions change with modern ransomware attacks? How does a threat intelligence program contribute to organizational defense and resilience?…

Velkommen til Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

Lyt til 500+ emner

Lyt til dette show, mens du udforsker