big corporations, cyber-security mistakes
The inside job
Securing a high-stake facility has specific requirements.

As a start let’s clarify what is considered a high-stake facility. A safety critical infrastructure is a term used mostly by governments to describe the kind of facility that if something goes wrong the safety and/or well-being of masses will be affected negatively. That is a wide term including facilities related to:
• the world or state economy
• a country’s’ protection and interests
• facilities related to public protection such as police, agencies: CIA, NSA, Europol, Interpol, civil defense etc
• mass transportation mediums such as airplanes and ships
• nuclear facilities
• NASA and European Space Agency
• Chemical facilities
• Weapon manufacturers
• Financial institutions controlling worldwide economy
• High-tech companies with cutting-edge technology
• Top 500 companies or businesses with billions in revenue

Obviously, this is not an exhaustive list and you might wonder why I have included some of the aforementioned as examples for safety critical infrastructures when the classic term does not include them. Well, terms in technology must be revisited and I always base my professional opinion on custom evaluation of the impact in the worst-case scenario.
The most important thing to remember is that for such facilities it is crucial for their security to be outstanding. From design, to implementation, to operation and control the security must be close to spotless. That is because their threat level is extremely high.

Today thought I would like to focus to just one component for such facilities which is the most essential; people. Something that is considerable even in lower threat facilities and businesses, but its impact is lower as well so while scaling up in threat level we must step up our game plan for the insiders’ selection.

Want a little help?
cyber-security approach, philosophy, business, protection
Obviously, this is not an exhaustive list and you might wonder why I have included some of the aforementioned as examples for safety critical infrastructures when the classic term does not include them. Well, terms in technology must be revisited and I always base my professional opinion on custom evaluation of the impact in the worst-case scenario.
The most important thing to remember is that for such facilities it is crucial for their security to be outstanding. From design, to implementation, to operation and control the security must be close to spotless. That is because their threat level is extremely high.

Today thought I would like to focus to just one component for such facilities which is the most essential; people. Something that is considerable even in lower threat facilities and businesses, but its impact is lower as well so while scaling up in threat level we must step up our game plan for the insiders’ selection.

The selection of people must be strategic for two reasons:
1) To increase the effectiveness of protection based on their skills, expertise and experience and
2) Most importantly minimize or avoid the intrusion of attackers with inside knowledge especially on essential departments functioning protection inside the facility. It is a common pattern for attackers to try to penetrate in the very early stages of the facility establishment as the security is still under progress, they will be able to leave on purpose security holes or even discover security holes created by mistake, critical information can be in plain side especially if essential departments do not function properly or do not have full control which is a common scenario.

Evaluating people’s threat level for the business is an artful process as you will need to build their profile bit by bit and on a continues base. An essential part in this process is going to be a good relationship establishment with the local and international police and establishing assets as informants.

You think I am overreacting?

Let me tell you a secret. No matter how secure your facility is, the people who will design it, set it up, operate it and their ability to evaluate the threat level, select the right people, compartmentize information for the remaining of the staff is a non- negotiable for your facility’s protection.

Just keep in mind that if you fall in the category of safety critical infrastructures you have a responsibility to select the right people and at the same time you protect your facility survival. Security has become the most valuable asset for business survival.

One last thing, stress is not one of the characteristics of the right security professional. At the times they must perform more, which is basically always, they must be able to have a clear head and perform to the fullest of their capabilities. I believe the best way it has been described was by Will Smith. He said, and I quote, “You must realize that the point of maximum danger is the point of minimum fear”. When you are protecting safety critical facilities you have already established familiarity with risk and fear does not exist in your vocabulary.

Over to you now.
1) How important do you believe it is the selection of all of your insiders for your business protection and survival?
2) What measures would you consider essential to establish better control over your business protection from insiders with malicious purposes?
Apply what you learn immediately.
cyber-security approach, philosophy, business, protection
RELATED POSTS:
YOUR PROTECTION SPHERES

YOUR PROTECTION SPHERES

Your Protection spheres Click below if you prefer to listen. Learn how to become unpredictable here... Last night I met with my very good friend and extremely talented worldwide successful composer Marios Joannou Elia. Marios is one of the most...

security-script-benefits

security-script-benefits

How to write the best security script to follow - Why your business needs security policies & procedures Click below if you prefer to listen. Free Quick start guide: Master your business Protection An essential part of security is the...

Subscribe

and get the latest updates

Almost there!

Cyber attacks are here to stay and hackers are not waiting.

 

Get an insider information on threats & solutions.

We promise to keep your name and email address safe.You can unsubscribe at any time

 

 

You have Successfully Subscribed!

Almost there!

Get An Insider Information On Threats & Solutions.

 

This form collects information we will use to send you free resources & updates about promotions, special offers, and news. 

We promise to keep your name and email address safe.You can unsubscribe at any time.

For more info you can read our Privacy Policy.

You have Successfully Subscribed!