The Importance of good process in maritime cyber security
Dr Adrian Venables.
Date: 22nd March 2018
Followed by Tea, Coffee & Biscuits.
Time: 1pm - 2pm
Location: FASS meeting Room 2
The use of the cyber security triad of confidentially, integrity, and availability is well established in describing the necessary attributes to ensure that information is safeguarded. To achieve each of these elements, another trio of factors is often considered comprising people, process and technology. Although advocates of this triptych of capabilities have previously acknowledged the equal status of each one, increasing importance is now being placed on the technology and people components and less on the process aspect. This has been demonstrated by some cybersecurity practitioners who have emphasised that security technology is at the heart of the enterprise and in the increasing focus of training and upskilling people who have been largely regarded as the greatest single vulnerability in any organisation.
This has resulted in the role of process attracting less interest in terms of resources and emphasis, which is now at risk of becoming the significant weakness within an overall security posture. This paper seeks to address this shortcoming by considering how the role of the process element of cybersecurity can be emphasised by highlighting its importance and, in using the maritime sector as a case study, what factors should be considered by policy makers to produce effective and efficient processes to align the technological and people elements as part of a comprehensive cyber security strategy.
Dr Adrian Venables, served in the Royal Navy for 24 years as a Communications, Warfare, and Intelligence officer and was responsible for the provision and security of a range of Information Systems worldwide, including the management of specialist teams deployed to operational theatres.
Since leaving the Service, he has published a series of journal articles and research papers on the cyber threat landscape and its use by state and non-state actors for espionage, sabotage, and subversion within the maritime environment. A Commander in the Royal Naval Reserve, independent cyber security consultant and honorary researcher at Lancaster University, he has worked for both government and industry clients advising on computer security, including a part time role at the UK’s Defence Cyber School. A Certified Information System Security Professional and Certified Information System Manager, he holds seven computing and cyber security based degrees and is a Chartered Information Technology Professional Fellow of the British Computing Society, Chartered Engineer Member of the Institution of Engineering Technology and Fellow of the Chartered Management Institute.
Defence Cyber School can be found at: https://www.da.mod.uk/colleges-and-schools/technology-school/defence-cyber-school
The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details.