Wednesday, April 10, 2013
Industrial Control System Standard of Practice
All.Net presents our standards of practice decision framework for securing industrial control systems. These decisions provide an overarching basis and many specifics surrounding what we currently view as a reasonable and prudent approach to addressing information protection for industrial control systems. While there may be many other approaches that might also meet the need, we hope that these will provide guidance and discussion within the community, and we use them as a starting point in our practice to help guide consistent quality and performance within our own team and in customer engagements.
This content is part of a process used by our affiliated companies as developed over many years. We identify these issues, characterize the environment, and apply these decision points by interacting with clients and applying our expertise to help form overall architecture and its component parts. Typically, decisions are reviewed both internally and externally in an iterative fashion so that as we discover things that require changes, those changes ripple through the overall standard to keep it up to date and relevant.
In many cases, this standard of practice is used starting with an as-is review, identifying a desired future state, doing what, by then, is a relatively straight forward gap analysis, and then characterizing a workable transition plan for the organization. In our more agile approach, we undertake only an initial and periodic as-is and future state analysis, understanding that the reduced time and cost in assessment leads to more resources available for acting on the results, and that planning is less certain and less permanent when we are moving at a faster pace.