Scribd Logo
Upload

Welcome to Scribd!

  • Industrial Information System Management System: Security Controls Identification and Implementation

    Uploaded by

    awanyoudee_444593545
    13 views10 pages

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views10 pages

    Industrial Information System Management System: Security Controls Identification and Implementation

    Uploaded by

    awanyoudee_444593545

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    I-ISMS

    Revision 1

    1 NP Factory, Ltd.

    2 Plant Floor

    3 Industrial Information System


    4 Management System

    5 Security Controls Identification and

    6 Implementation

    7 Nathan Pocock

    8 https://our.intranet/path/to/document.docx

    Copyright 2016 Nathan Pocock


    1 NP Factory, Ltd. Industrial Information System Management System

    I-ISMS
    Industrial Information System
    Revision 1 (28)

    Management System

    Security Controls Identification and


    Implementation

    Editor: Nathan Pocock

    Authors: Nathan Pocock

    1 Security

    2 PRIVATE

    654740949.docx Path: /conversion/tmp/activity_task_scratch/654740949.docx


    Version: 1 Revision 28 Keywords: security, controls
    Pages: 9 Last Saved by Nathan Pocock on 09/23/2016

    NP Factory, Ltd.
    [Company Address]
    Plant Floor
    I-ISMS
    704-491-5840
    Manager Pocock

    Copyright 2016 Nathan Pocock 2


    Industrial Information System Management System Security Controls Identification and Implementation

    1 Executive Summary

    2 A framework for storing information about the various security controls that exist within the facility for
    3 providing physical and electronic security.

    4 Revision History

    Revision Author Date

    Initial creation Nathan Pocock 18-Sep-16

    Copyright 2016 Nathan Pocock 3


    1 NP Factory, Ltd. Industrial Information System Management System

    1 Contents

    2 1 Instructions 5

    3 2 Overview 6

    4 3 Security controls 6

    5 4 Security Controls Matrix 7

    8 Figures

    9 No table of figures entries found.

    10

    Copyright 2016 Nathan Pocock 4


    Industrial Information System Management System Security Controls Identification and Implementation

    Copyright 2016 Nathan Pocock 5


    1 NP Factory, Ltd. Industrial Information System Management System

    2 Instructions

    1 This page provides quick instructions for using this guide:

    2 1. Read the Overview to gain a simple understanding of the need for this document
    3 2. Modify the Security controls below
    4 3. Adjust the security columns in the Security Controls Matrix below and then complete the table.
    5 4. Add, edit, and remove table entries and categories as necessary.

    6 Finally, delete this page.

    Copyright 2016 Nathan Pocock


    1 NP Factory, Ltd. Industrial Information System Management System

    3 Overview

    1 There are many ways to protect both physical and electronic assets. This document contains a list of
    2 security controls in use by NP Factory, Ltd.

    3 A security control can be something physical, such as a lock/key, or something electronic like a
    4 login/password, or key-card etc.

    4 Security controls

    5 The following security controls shall be utilized:

    6  Physical:
    7 o Lock/Key:................................for doors, windows, cabinets, cages, panels, etc.
    8  Electronic:
    9 o Login (username/password)...for access to computers, networks, and software
    10 o Anti-virus................................protection from malware threats
    11 o Firewall...................................protection from network-based threats
    12 o IDS/IPS...................................protection from advanced anomalies
    13 o File access permissions.........protection from unauthorized access of file system
    14 o MAC filtering...........................filtering based on network adapter MAC address
    15 o IP filtering...............................port and address filtration
    16  Policy/Rules.......................................rules defined in documents

    Copyright 2016 Nathan Pocock


    1 NP Factory, Ltd. Industrial Information System Management System

    5 Security Controls Matrix


    Layer / Required Control Control

    Rules / Policy
    Switch / MAC
    Login / code

    File access
    Lock / key

    Anti-virus
    <other 1>

    <other 2>

    Firewall

    IP Filter
    IDS/IPS
    PHYSICAL ENVIRONMENT CONTROLS
    Plant floor access (doors, windows, vents, emergency escape, etc.) X
    Offices within the plant floor X
    Filing, cabinet systems, and desk drawers etc. X
    Storage rooms X
    Computer systems, servers, and networked industrial devices etc. X
    Computer storage racks and/or rooms X X

    NETWORK LEVEL CONTROLS


    Network physical access X X X X
    Unauthorized device access detection X X
    Unauthorized intrusion detection X
    Network segmentation of devices and logical networks X X X
    Wireless network (if present) X X
    Log management X
    Device management X X

    Copyright 2016 Nathan Pocock


    Industrial Information System Management System Security Controls Identification and Implementation
    Layer / Required Control Control

    Rules / Policy
    Switch / MAC
    Login / code

    File access
    Lock / key

    Anti-virus
    <other 1>

    <other 2>

    Firewall

    IP Filter
    IDS/IPS
    COMPUTER SYSTEM CONTROLS
    General usage X X X X X
    Authorized user access only X
    Detection of unauthorized access X X X
    Detection of unauthorized data-changes X X
    Patch management X
    Application hardening (whitelisting, blacklisting, etc.) X X X
    Backup drives, devices, and/or other media X X

    DEVICE LEVEL CONTROLS


    Device settings/configuration X X
    Cabling (power, communications, etc.) X X
    Protocol / communications filtering / hardening X X X
    Cyber-attack detection X X
    Unauthorized access detection X X X X X

    APPLICATION LAYER CONTROLS


    SCADA systems X X
    Other process control based applications X X
    Unauthorized access to file system X X

    Copyright 2016 Nathan Pocock 9


    1 NP Factory, Ltd. Industrial Information System Management System

    Layer / Required Control Control

    Rules / Policy
    Switch / MAC
    Login / code

    File access
    Lock / key

    Anti-virus
    <other 1>

    <other 2>

    Firewall

    IP Filter
    IDS/IPS
    Unauthorized access to/from the network and/or internet X X X
    Other applications… X X X X
    Backup (settings, configuration, data, etc.) X

    Copyright 2016 Nathan Pocock 10

    You might also like