Writing on information security governance, risk management, and operational security in manufacturing environments. Practitioner perspectives on IT/OT security, business continuity, and what actually works at enterprise scale.
Writing on information security governance, risk management, and operational security in manufacturing environments. Practitioner perspectives on IT/OT security, business continuity, and what actually works at enterprise scale.
12 items under this folder.
Dale Peterson's OTI Impact Score addresses the industry signal problem. The partner it needs is organisational resilience, the ability to coordinate internally before communicating externally.
Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.
Dale Peterson asks where the evidence is that OT asset inventory reduces incidents. From building a global OT security programme across 40+ manufacturing sites, here are the answers.
Recovery targets derived from a solid BIA are the right foundation. But five realities sit outside that formal scope, and they're where plans actually break down in practice.
AI-driven vulnerability discovery is outpacing OT remediation cycles. What manufacturing security teams need to know about software composition visibility, response planning, and the growing gap between known and fixed.
Without understanding the full system context, risk assessments default to compliance control catalogue validation. Security concepts, widely used in military classified systems, offer a better path.
How new EU regulations reshape supplier relationships and procurement strategy, even if you don't manufacture digital products
Most organisations start with standardised control catalogues and work backwards to justify coverage. Few start with business context, threat landscape, and actual vulnerabilities to determine which controls reduce risk and which waste resources.
A Norwegian court case delivers a €5.6 million lesson on business continuity, supplier management, and why manufacturing executives can't outsource operational accountability
Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.
Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. The hardest root causes to analyse are those buried in decisions we never understood we were making.
Threshold-based IR coverage, pre-approved suppliers, and using preventative services strategically