‹ All episodes

br3akp0int Security Podcast

OT Security-Vendor Risk Management | Vikash Tiwari

February 23, 2023 br3akp0int/Vikash Tiwari Season 1 Episode 3
br3akp0int Security Podcast
OT Security-Vendor Risk Management | Vikash Tiwari
Info
br3akp0int Security Podcast
OT Security-Vendor Risk Management | Vikash Tiwari
Feb 23, 2023 Season 1 Episode 3
br3akp0int/Vikash Tiwari

TOPIC: OT Cyber Security - Vendor Risk Management

Industrial Control Systems are used in critical infrastructure such as utilities, oil & gas, Aviation, Medical Industry and vehicle manufacturing . Some examples - Industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems.

Since the entire OT ecosystem is often managed by vendors, managing vendor risk becomes very important. Tune in to the episode to listen how we can follow a 'Defence in Depth' approach when working with Vendors in this space.



GUEST: Vikash Tiwari,  IT Audit Manager @ ADQ

Vikash is an experienced cyber security professional with 14 years+ in  various cyber security domains like Information Security / I&T Audit, VAPT and IT / OT GRC area. He was working as Sr. Cyber Security consultant with TUV Rheinland LLC Oman and currently with ADQ.  He has been focusing on Cloud Security Audits, DevSecOps, Critical Infrastructure Security and IIOT security areas..


Recommended Reading/Resources for vendor risk management in OT:

  1. https://sharedassessments.org/ (dedicated resources for Vendor risk Assessment)
  2. Cobit 2019 - enrich resource for monitoring and managing I&T controls objectives, can be downloaded from ISACA website freely.
  3. https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99
  4. https://www.sans.org/industrial-control-systems-security/- SANS for ICS Security 

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy
Share
Apple Podcasts Spotify Amazon Music Overcast Castro Castbox +
Show Notes

TOPIC: OT Cyber Security - Vendor Risk Management

Industrial Control Systems are used in critical infrastructure such as utilities, oil & gas, Aviation, Medical Industry and vehicle manufacturing . Some examples - Industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems.

Since the entire OT ecosystem is often managed by vendors, managing vendor risk becomes very important. Tune in to the episode to listen how we can follow a 'Defence in Depth' approach when working with Vendors in this space.



GUEST: Vikash Tiwari,  IT Audit Manager @ ADQ

Vikash is an experienced cyber security professional with 14 years+ in  various cyber security domains like Information Security / I&T Audit, VAPT and IT / OT GRC area. He was working as Sr. Cyber Security consultant with TUV Rheinland LLC Oman and currently with ADQ.  He has been focusing on Cloud Security Audits, DevSecOps, Critical Infrastructure Security and IIOT security areas..


Recommended Reading/Resources for vendor risk management in OT:

  1. https://sharedassessments.org/ (dedicated resources for Vendor risk Assessment)
  2. Cobit 2019 - enrich resource for monitoring and managing I&T controls objectives, can be downloaded from ISACA website freely.
  3. https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99
  4. https://www.sans.org/industrial-control-systems-security/- SANS for ICS Security 

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy