It is not rare for OT Security to end up in some form of organisational no-man’s-land
This interesting interview with Andy Norton puts things in perspective around IT and OT Security (“The top 5 cybersecurity threats to OT security” – IT Security Guru – 11 November 2021).
Many CISOs complain of communication problems with their business. They are not being listened to. They are not getting the budget they think they should get. They feel their business prioritises against security too often.
It has been a recurring theme amongst information security professionals for the best part of the last 15 years, and it is rooted in a wide range of factors, amongst which the profile of the CISO is often a dominant limitation.
People simply trust other people
This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan).
At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for change around cyber security, I was asked a challenging question on which I would like to elaborate:
I have been involved with information security matters for almost 20 years and started writing regularly on the topic in 2015.
