Overview Planning, operating, and maintaining an effective response to cybersecurity risks can be a daunting exercise for many asset owners. They must address the cybersecurity of automation and related systems across their entire life cycle, from specification and development to operations and maintenance. Although they are not directly responsible for all activities, asset owners must understand the requirements and translate these into responsibilities for those performing the tasks required.
Eric Cosman |
The lifecycle of an automation solution provides the context or back-ground for defining processes and associated roles. If defined in sufficiently general terms, it can be applied easily across a wide range of situations and help improve communications and cooperation between the various contributors and stakeholders. This is a major goal for people involved in standards development efforts since it would enable broader use of their work.
Many of the available standards, frameworks and guidelines for cybersecurity stress the need to address the people and process elements of the response in addition to technology. However, it is often left up to the reader to define the needed processes and associated roles. This requires a detailed understanding of business processes and organizational structure, including identification and definition of roles and responsibilities. Although the details may vary by situation, the fundamentals are often common.
A general-purpose lifecycle model includes the definition of several principal roles that are not industry specific. By using these general definitions, it is possible to provide guidance that can be applied broadly.
#Cybersecurity #PAuto @arc_advisory
No comments:
Post a Comment