|
|
 | ||||||||||||||||||||||||||
|
1
The report provides an analysis of security, risk and compliance practices utilities are using. It also offers guidance to help utility employees responsible for information security in their efforts to raise awareness and create 'building blocks' for their companies' security cultures, as well as guidance for creating key metrics and using them to improve the level of security.
"There is a lack of common process and procedure across IT and operations groups," says Usman Sindhu, senior research analyst for Utilities and Oil and Gas at IDC Energy Insights. "Security professionals are constantly occupied in managing compliance and protecting infrastructure from external threats. However, they're gradually paying attention on the culture of security that is built upon metrics and measuring progress."
A few key findings from the report include:
· Security budgets and priorities are improving, but most budgets focus on compliance centering on NERC and CIP activities
· Utility professionals, particularly on the operations side, are still missing in-depth system and process visibility
· Risk management practices are not consistent. Many utilities struggle with implementing a risk strategy based on security metrics, while some mature companies are implementing common processes and procedures across IT and operations
· Many security leaders report concerns over increased threat activity such as advanced persistent threat
Click the link below for more on the report and to order.
|
|
|
|
||||||||||||||||||||||
|
|
|
|
Talk Back
