Who is responsible for OT security standards?

Security & GRC

Engineering18%

IT56%

Joint IT (driver) with Engineering19%

Joint Engineering (driver) with IT5%

784 PARTICIPANTS

5.5k views3 Upvotes2 Comments

Sort by:

CIO in Energy and Utilities3 years ago

It is a joint effort between Operation Function and IT in our case.

Information Security Managing Consultant in Services (non-Government)6 years ago

Pending on the size and scale of the organization this should be a joint/combined effort. For separation of duties (audit and compliance) more than one group should always have insight and responsibility for oversight regardless the size and scale of the operation(s).

Content you might like

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?

The "CLOUD Act" is a U.S. law that conflicts with EU data sovereignty by allowing U.S. authorities to access data stored on U.S. company servers, even if that data is physically located in the EU or Asia.

In this context, are the CIOs /CTOs considering alternative to SharePoint online? As the documents stored in SharePoint are directly exposed to this risk, even if MS claim to provide encryption.

Yes, active exploring alternatives57%

No, not considered as risk43%

Seeking expert / legal advice, but no rush

View Results

Do you think quick patching is key to security, or is testing patches just as important as applying them?

Speed is key!33%

Balance (test then patch)57%

It depends on the severity of the bug9%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

Who is responsible for OT security standards?

Sort by:

Content you might like

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?

Do you think quick patching is key to security, or is testing patches just as important as applying them?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go