Question

What are the general security processes that assist with data integrity and data protection? I need a comparison of the specifics of the security processes for OT vs IT with some examples of differences between their processes.

Answer 1

Answer:-

What are the general security processes that assist with data integrity:-

We live in an age of data. In modern organizations data is being consumed and generated at unprecedented levels, frequently exchanged between multiple individuals, systems, and processes. Data integrity has become a major institutional challenge as big data analytics increasingly drives decision-making. To guarantee data integrity, organizations need to establish strong quality management practices that will help protect and maintain data during collection, processing and storage.

Data cleaning and maintenance

Research by The Data Warehouse Institute (TDWI) reported that data quality issues can cost US businesses more than $600 billion annually because data cleansing efforts accounts for 30-80% of the preparation process of most big data projects. Yet decision-makers do not take action with their bad data until it manifests itself into high-impact costly problems. An essential first step in producing information that translates into business performance and profitability is data cleaning.

A data cleaning approach should satisfy several requirements. First of all, it should detect, eliminate or correct all errors and inconsistencies. It should also be a continuous process that supports system health in order to maintain data integrity. As a proactive solution, the Data Integrity Gateway (DIG) tool integrates with an institution’s information system and centralizes cleanup projects in a single repository. By automating processes, delegating tasks, and monitoring data cleanup, DIG helps maintain data quality throughout its life-cycle.

Data entry training & accountability

Data integrity starts at the source – the user. Manual data entry can result in errors that compromise analytical results meant to guide business decisions. That’s why it is vital that staff members with system access are properly trained on data entry and upload protocols. There are several steps to consider when training:

• Training should be an active, evolving process in response to operational needs.
• An easy-to-understand document with procedures should be readily available for reference.
• System administrators should assign correct level of access to users based on their training and role.
• Auditing processes should be put into place so that individuals can be held accountable for any inaccurate data entered into the system.

Data validation rules

Even with a proper training plan in place, there is always room for human-error when a company includes manual data entry in their operations. By using data validation rules, administrators can ensure data integrity by controlling and restricting the values that users can enter into their system. By protecting information from accidental alteration, validation rules provide additional security and data quality assurance - a natural requirement for accurate analytics.

What are the general security processes that assist data protection?:-

Limit Data Access

Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone's access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.

This means it is necessary for businesses to limit the data access. Organization's should determine what an employee needs access to and ensure they have access to only what they need. Not anything else. These all limitations could help organizations to manage their data more efficiently and ensure it is being safeguarded from theft or loss.

According to Dircks, Bomgar CEO,

With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage, and monitor privileged access to their networks to mitigate that risk. The findings of this report tell us that many companies can’t adequately manage the risk related to privileged access. Insider breaches, whether malicious or unintentional, have the potential to go undetected for weeks, months, or even years – causing devastating damage to a company.

Identify Sensitive Data

For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.

Although sensitive business data is only probably around 5-10% of your total business data, a data compromise involving sensitive or personal data could result in an immense loss of reputation and revenue to a company. If we go back to access management and rights, we should be putting more strict measures on sensitive data over other business data.

Pre-Planned Data Security Policy

When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.

As with access management and rights, employee access could be identified easily and you would remain aware of which users in your organization could have potentially been breached. It's important to remember that a policy and process plan is only as good as it's last revision. Technology, industry regulation and best practice is always changing. Someone therefore needs to own this policy and process guide and always look at new ways of updating it to keep it relevant.

Strong and Different Passwords for Every Department

Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.

Additionally, using the same passwords for different programs and access is also a risk. Once your password is cracked, a hacker will try the same password on all major accounts you own.

Therefore, organizations should keep unique passwords for all employees as well as the departments. This can be easily managed using a password manager tool and ensuring that all employees receive proper data security training and password tips.

Where possible, it is also advised that multi-factor authentication is used. Adding another step to a password login means another step that hackers need to crack, making the hack much more unlikely and difficult. Some good examples of multi-factor authentication include biometrics, push notifications to phones, smartcards and token authentication.

Regular Data Backup and Update

Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.

In addition, the data should be protected through updated software and efficient antivirus tools. However, to attain this, you must have progressive and efficient IT department. Make sure you are hiring someone with the right skills who you can trust to do the job properly.

*******************************************************************************************************************************

comparison of the specifics of the security processes for OT vs IT:-

IT vs.OT

IT is dynamic

Comprised of fluid, intertwined technology stacks, IT has a lot of moving parts—which means it also has an incredible number of exploit variants. From network to compute to application to data and more, IT teams are responsible for safeguarding every layer in a stack with its own brand of add-on security (e.g., VPN, SEIM, NGFW, DLP).

On top of that, these security teams are caught up in a perpetual game of cat and mouse with attackers who always seem to have the advantage and be at least one step ahead. It’s a never-ending cycle of identifying new viruses, updating malware signatures, closing security holes, etc.

OT is deterministic

OT systems are engineered for specific, measured, prescribed actions based on content, and not context. That’s determinism. Things only happen one way—the way they were designed to act. If given a certain input, they will always produce a certain output, time and time again. It’s an either/or. For example, you open a valve or you close a valve. There are no in-betweens.

No question, the OT threat landscape is scary, but because of its deterministic environment, the nature of attacks is not as dynamic as in the IT world—and the primary security focus becomes about ensuring control.

IT: Data is king

IT is about digital information storage, retrieval, transmission, and manipulation. Most businesses want to ensure smooth data flow. For example, Amazon wants to be sure identities are verified, that credit cards are working, and that searches and purchase histories can be used to offer up “you so need this, too” suggestions. None of these crosses over into the physical realm of process control and manual manipulation.

OT: Process is king

OT is all about process control, which is why it’s not germane to think about things in the same way you would in the IT world, where defenses are layered (at times, seemingly ad infinitum) onto technology stacks. Industrial organizations typically run a small suite of control applications, and maybe a few more to help manage and maintain systems. For the most part, the environment remains relatively static.

IT: Gateways are everywhere

More gateways mean a larger attack surface. And considering that 60 percent of network traffic is bots, it’s no wonder attackers only need to be right once—yet another reason IT guys are one step behind the bad guys. It’s nearly impossible to keep up.

OT: Fewer gateways

Fewer gateways, fewer avenues for attackers to pursue. The key is reinforcing armaments at those known gates, moats, and tunnels from the start.

IT: Confidentiality is priority #1

In order of importance, priorities are: confidentiality, integrity and availability (the CIA triad). First and foremost, businesses and consumers expect financial, medical and personal data to remain private.

OT: Control is priority #1

In OT, an additional priority tops the list, while the rest are flip-flopped. The new order: control, availability, integrity, and confidentiality. Control equates to safety because, in this environment, loss of control could have dire consequences. Next is availability (e.g., we expect to have water at the flick of a faucet), then integrity (e.g., we expect that water to be clean and pure), and finally, confidentiality.

examples:-

From the explanations above we can see that, traditionally at least, IT and OT have had fairly separate roles within an organization. However, with the emergence of the Industrial Internet and the integration of complex physical machinery with networked sensors and software, the lines between the two teams are blurring.

Remember that portion of the IT definition I highlighted earlier, “In general, IT does not include embedded technologies that do not generate data for enterprise use”?

Well, one of the main reasons these industrial systems and appliances are being brought online is to deliver smart analytics - using data generated from the machines to modify and optimize the manufacturing process. Generating data for enterprise use? That’s starting to sound more like traditionally IT territory.