INDUSTRIAL AND IT MANAGEMENT SECURITY
As I have said, the Security of the IT Infrastructure, taken as a whole, encompasses the security of the Information System and the Security of the connected Industrial and/or high-tech equipment such as for example research laboratory equipment, medical equipment or that of the functionalities of a company or institution.
The IT Infrastructure is understood as comprising all the operational elements essential for the effective, efficient and proactive use of technology in general, information and data.
The IT Infrastructure is therefore made up of visible and/or physical elements such as computers, servers, personnel, all physical installations including programmable and connected industrial or high-tech equipment. But it is also made up of invisible and/or intangible elements such as networks, data and storage, virtual facilities and software, to which must be added processes, policies, training, security, mobile and virtual functionalities.
IT Infrastructure Security is the set of means, tools, techniques, policies and methods that guarantee:
– that only competent persons or other authorised systems intervene on the system, on the physical or virtual installations and on the functionalities and that only competent persons or other authorised systems have access to the data, whether sensitive or not and,
– the confidentiality, integrity and availability of such data.
The security of industrial and/or high-tech equipment or the security of the functionalities of a company or institution differs from the security of the Information System because it requires the implementation of different means and measures of protection, among which the following can be mentioned:
- Prevention and sensitization of operators and stakeholders to good practices,
- A thorough knowledge of the network infrastructure to detect potential faults (mapping),
- The implementation of a continuous monitoring approach for industrial systems and flows,
- Constant monitoring of threats and vulnerabilities,
The objective of the security of industrial and/or high-tech equipment or the security of the functionalities of a company or institution is to reduce risk areas without harming business objectives.
Thus, we will use a:
- Physical access control,
- Intrusion detection,
- Use of industrial components and equipment integrating authentication or trade protection systems,
- Updating of supervision software solutions (SCADA) to benefit from the latest developments in safety,
However, there is no point in rushing to these means of protection without first carrying out a risk analysis.
The analysis of risks in the area of Industrial and/or high-tech equipment or the analysis of the functionalities of a company or institution can begin either by drawing up a list of assets to be protected classified according to their order of importance for the activity of the company or institution, followed by an analysis of the impact in the event of a loss, or by drawing up a table of risks which will be sorted according to their level of dangerousness and the probability of their occurrence.
In order to draw up the impact analysis, those affecting the infrastructure and production capacity (more or less long interruption), people (injuries, deaths) and the environment (pollution) must be taken into consideration, without omitting the impact on the national economy.
In our next article we will develop this impact analysis and especially we will address the problems related to the interconnection of networks.
To respect our commitment we offer you the total protection of your offices, your data and Online File Sharing at 50% of the normal price.
This offer is valid until Mai 31st 2020.