Thriving in a world of change is a catchy tag line and very apropos for cyber security challenges.
Discovering things you can change, large and small; to achieve business objectives is the most fun part of the user conference. Specifically at the UC, security advice was prioritized into the ‘biggest bang for your buck’ technical things you should do:
- Use Whitelisting Techniques
- Upgrade your PI Software
- Upgrade your Operating System (Use Windows Server Core for Servers)
- Least Privileges (Use Windows Integrated Security, Do not use piadmin)
Empirical data shows the top 4 strategies together would have mitigated over 85% of intrusions.
http://www.dsd.gov.au/infosec/top-mitigations/top35mitigationstrategies-list.htm
As an added claim based on patch reduction statistics alone, effectiveness over 95% can be expected for assets running on Windows Server Core.
Stay tuned for posting of security related OSIsoftUC 2013 presentations!