Following the first part of the return on the 3rd CTO Cybersecurity Forum (which is reachablehere) in the afternoon of Thursday, April 25, there were two tracks of choice and ours was to participate in the workshop on the Critical Information Infrastructure Protection (CIIP) led by David POLLINGTON from Microsoft Security in partnership with FIRST (Forum for Incident Response and Security Teams).
From the outset, the master session insisted that while it is Microsoft, during the workshop there will be no sale of any product of the firm’s employment, but rather to share State of the art and best practices for CIIP and what is being done at Microsoft to get there.
The workshop was divided into two parts:
- Critical Infrastructure Protection: Concept and Continuum: on the definition and contours of the Critical Infrastructure (CI) concept.
- A Framework for Critical Information Infrastructure Risk Management, which offered us a set of process dedicated to the identification and management of risks in our CIIs(Critical Information Infrastructures).
For this purpose, two books were given to us, each focusing on a part of the workshop.
Speaking about CIIP, we should already be able to differentiate what is Critique and what isn’t. The criticality notion is variable from one state to another, there are no fixed patterns on it. However, some areas are included in several Critical Infrastructures models / catalogs in the example of Energy, Finance, Water, Transport, Food, Public Safety, …
…. Netx of this article can be found here !