Đang tải bảng tin…
CSO Online00 bình luận8 phút đọc
What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan
A principal specialist at a pipeline operator shares a practical 90-day plan for applying zero trust principles to Operational Technology (OT) environments. The plan acknowledges that NIST SP 800-207 was designed for IT networks, not 24/7 industrial systems, and focuses on three phases: mapping assets and identities at the IT/OT boundary (days 1-30), containing vendor remote access with quick wins like MFA and brokered connections (days 31-60), and building a maturity scorecard aligned with TSA, NERC CIP-013, and CISA requirements (days 61-90). The approach emphasizes framing zero trust as a functional principle rather than an abstract architecture, focusing on IT/OT convergence points like jump hosts and remote access paths, and tying actions to existing regulatory requirements.
Nguồn: https://www.csoonline.com/article/4189605/what-cisos-need-to-tell-the-board-about-zero-trust-in-ot-a-90-day-communication-and-action-plan.html. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Đề xuất cho bạn
TechCentral03 phút
Telcos agree plan to tighten Sim registration under Rica
South Africa's mobile operators, coordinated through the Association of Comms & Technology (ACT), have agreed a framework to strengthen SIM card registration and combat SIM fraud. The framework introduces enhanced identity verification, tighter registration controls, improved compliance monitoring, and closer cooperation with law enforcement. It serves as an interim industry-led measure while ACT simultaneously pushes for legislative reform of Rica's section 40, which governs SIM registration. Key issues addressed include the bulk pre-registration of SIMs by distributors ('pre-Rica'd' cards) and packaging that exposes SIM identifying numbers. Proposed solutions include biometric authentication at registration points and secure SIM packaging. The Competition Commission was consulted to ensure the inter-operator coordination does not raise competition concerns.
