Wed Jun 12 19:47:25 PDT 2013

Management: How does the enterprise manage the ICS information protection program?

Options:

Option 1: Use the ICS security management approach shown in the depiction.
Option 2: Use an externally mandated approach.

Decisions:

IF External requirement MANDATE another apprach,
THEN Use the externally mandated approach.
OTHERWISE Use the identified ICS security management approach shown in the depiction..

Security Management
Uses Power and Influence
to Control the Protection Program.
Organizational Governance
Business Processes
Human Actuators & Sensors
Management Processes Elements
Act Management Obs
Yes Policy
Yes Standards
Yes Procedures Yes
Yes Documentation Yes
Auditing Yes
Testing Yes
Yes Technology
Yes Personnel Yes
Incidents Yes
Yes Legal Yes
Yes Physical Yes
Yes Knowledge
Yes Training Yes
Yes Awareness Yes
Yes Organization Yes
ICS security managed business processes

Basis:

Enterprises manage by structures involving people with power and influence and organizational elements.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved