By common sense, systems isolated from the network will have immunity from cyber attack over the wire but still be vulnerable to infected removable media upon physical insertion. Just like the boat above. You don’t worry about attack from sharks but what about crocodile in shallow water?

As cybersecurity practitioner, we must have holistic understanding of the target operating environment, business objective and adverse consequence. We should not simply say my roles look after architecture and other issues need to talk to relevant team mates regarding cyber risks, cyber operations etc.

With complete understanding, impose viable (not necessarily technical) controls for high impact consequence by reducing likelihood as much as practical.

Don’t just follow textbook knowledge – these are for reference only and must be digested what is applicable in own environment for helping asset owners with recommended optimal investment rather than overkill. Adding controls only creates complication and does not guarantee more secure. Indeed, more controls will demand resource to sustain the effectiveness and increase likelihood of operation mistakes.

Leave a Reply