Building a security program over time and with the involvement of multiple work disciplines supports the creation of a program that truly protects your organisation and ensures its safe and reliable operations. This phased approach allows time for trial and error and to incorporate lessons learned into your security program. This approach also positions your organisation well once a regulatory standard is mandated for your industry. The company that builds security best practices over time into their everyday project list has only a small step to close the gap to full compliance. Long-term planning also has the advantage of allowing organisations to introduce and socialise the concept of security over time. Implementing a security program requires far
www.industry20.com
more than simply installing technology and turning it on. If employees are not familiar with, or do not support the security program’s concepts and controls, they will not implement them. And without active support and endorsement of a security program, the results will not achieve the desired level of security. From an economic standpoint, long-term planning provides flexibility in terms of spreading the cost and effort over time and other budgets and initiatives. For example, a detailed inventory of cyber assets is a fundamental building block for any security program. This information could be gathered during the regular day-to-day interactions of users at plant facilities, or perhaps an inventory program could be planned and assigned
to summer students. Planned upgrades to assets and units could incorporate the future needs of a security program and include small additions like domain controller builds or network equipment upgrades. In this way, the information and infrastructure required to support a security program can be built over time.
The Author
is the Global Business Leader at Honeywell Industrial IT Solutions.
Final statement A philosophical shift is required in order to move forward and implement a truly manageable, scalable security program, which will contribute to the safe and reliable operation of a facility’s critical infrastructure. Holding out to the end will not only mean delaying effort, but may also seriously affect the success of a security program and the cost to implement it.
industry 2.0
- technology management for decision-makers | november 2012
45