Intelligent CISO Issue 53 | Page 72

A formal collection management framework ( CMF ) is critical to the identification of available evidence because it reduces investigation time and highlights monitoring gaps .

FIVE BEST PRACTICES FOR CYBER- INCIDENT PREPAREDNESS IN DATA CENTRE OT ENVIRONMENTS

Omar Al Barghouthi , Regional Director , Middle East at Dragos , considers five best practices that allow data centre security teams to avoid disaster and attempts to highlight to OT-focused threat actors that they aren ’ t in for an easy ride .
ompanies running

C data centres in today ’ s threat environment implicitly understand that cybersecurity is paramount . Data centres stand as a prime target for cybersecurity adversaries seeking to steal sensitive data and disrupt business operations . However , in most instances , the investments in data centre cybersecurity focus solely on the IT systems contained within the facility .

Security architects assume that the Operations Technology ( OT ) control systems that power , cool and otherwise run the building are naturally
Omar Al Barghouthi , Regional Director , Middle East at Dragos secure because they ’ re theoretically disconnected from data centre networks . Meanwhile , data centre architects primarily concern themselves with physical security and disaster-related risks to these critical environments . And so , the industrial control systems ( ICS ) infrastructure comprised of underlying systems like building automation systems , electric power monitoring systems , HVAC controls , alarm systems and entry badging systems remain quietly overlooked from a cybersecurity perspective .
There is a lot at stake here – physical damage , legal costs , repair costs , reputation and the impact that downtime has on operations and morale . Attacks on some OT systems even have widereaching health and safety implications . So , let ’ s establish five best practices that allow data centre security teams to avoid disaster .
1 . Know your environment
Knowing the environment in detail shapes the first step in being able to secure it . Everything from network topology and asset inventory to the minutiae of security-tools ’ configuration settings and the details of security policies should be documented and readily available to analysts . Having to gather this information ad hoc will be a drain on time and budget . Platforms that grant comprehensive ,

A formal collection management framework ( CMF ) is critical to the identification of available evidence because it reduces investigation time and highlights monitoring gaps .

granular views of the environment will accelerate investigations .
2 . Have a plan
Once the environment is understood in depth , Incident Response Plans ( IRPs ) give detailed descriptions of the actions and roles that come into play when an incident occurs . They define what constitutes an incident and when flags should be raised , and with whom . They provide templates for documenting occurrences and actions and lay the foundations for effective forensics
72 www . intelligentciso . com