http://www.eetimes.com/author.asp?section_id=8&doc_id=1320907
By Carolyn Mathas
EE Times
2/6/2014
I just noticed the results of a report commissioned by the Institution of
Engineering and Technology (IET) called "Using Open Source Intelligence to
Improve ICS & SCADA Security." The report suggests that information that
engineers place on social media, in blogs, and in papers is sufficient to
mount cyberattacks. In this case, the attacks involved utilities. However,
it shouldn't matter what industry is front and center -- only that this
may be a side door in.
The basis for the IET's concern was a survey of 250 small and midsized
enterprises. Half were aware of the government's Cyber Security Strategy,
and just 14% said cyberthreats were "the highest priority."
I have a question: How have you been trained/warned/advised regarding the
use of social media, written papers, articles, blogs, etc. and how they
relate to security? This report concentrated on the UK, but life isn't
that much different on this side of the pond.
Did you receive any university-level training regarding the role of the
individual in security breaches? Was this a part of the new-hire training
at your company? What did you learn, and where did you learn it, as to how
much information is too much? Maybe this is covered in nondisclosure
agreements you sign upon corporate entry as part of an HR exercise?
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
