Resilience guide for universities

Improving railroad cyber-threat resilience

Cyberattacks against critical infrastructure have been increasing dramatically and have been well-reported in the press. What has not been as widely noted is that the nature of the adversary has changed. The term “advanced persistent threat” refers to an adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly…


IBM: 77% of Enterprises Don’t Have a Cybersecurity Incident Response Plan

It’s important to have non-IT-security people on this team because an attack will affect multiple business groups.

The majority of companies — 77% of respondents — don’t have a cybersecurity incident response plan applied across the enterprise, according to a study conducted by the Ponemon Institute and paid for by IBM.

One of the primary reasons for this is the well-documented security skills shortage. “It’s a major, major problem for security generally but it’s particularly acute in incident response because it’s a newer discipline,” said Ted Julian, vice president of product management and co-founder of IBM Resilient.

IBM bought Resilient, an incident response company, in 2016. The 2019 Cyber Resilient Organization is the vendor’s fourth annual benchmark study on cyber resilience — how an enterprise aligns its prevention, detection, and response capabilities to manage and mitigate threats against its data and IT infrastructure. For the report, Ponemon surveyed more than 3,600 security and IT professionals globally…


Resilience guide for universities

The third edition of the guidance document, Resilience in Higher Education, was aired at the annual Aucso conference of university security chiefs of security, at Aston, last week, by lead reviewer and author, Dr Lucy Easthope LLB MSc FEPS FHEA FRAI, Director of Whatever Next Productions Ltd. Mark Rowe digests the guide, now available to Aucso members as a download from the association website.

As Prof Dame Janet Beer put it in a foreword to the 217-page document: “Universities are increasingly complex and operational activity is interlinked. It is crucial for all university staff to see resilience as a part of their own role and for all departments…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s