Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

Published byRandell McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004."— Presentation transcript:

1 ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004

2 2 ISA–The Instrumentation, Systems, and Automation Society Agenda n Status n Identified Improvements n Plans for ongoing meetings

3 3 ISA–The Instrumentation, Systems, and Automation Society Status n 24 sections identified l 3 sections and 5 sub-sections with no content n 3 annexes identified l 2 annexes with no content

4 4 ISA–The Instrumentation, Systems, and Automation Society General Improvements n Make the document of more practical use by providing examples, checklists, etc. n More information on components “attached” to M&CS: l e.g., historians, optimizers, supervisory systems n Personnel and personnel policies l aligned with TR #1

5 5 ISA–The Instrumentation, Systems, and Automation Society General Improvements n Better description or definition of policies, procedures, programs, etc. n More in depth treatment of existing network security functions and features during inventory and assessment phase n Addition of more details on configuration management and change control

6 6 ISA–The Instrumentation, Systems, and Automation Society Sections 1 through 5 n Supporting information & background n No specific changes discussed

7 7 ISA–The Instrumentation, Systems, and Automation Society 6: Developing a Program n Outlines basic approach n Introduces security lifecycle model n Comments: l business case topic has to be written l creating a program vs. extending an existing program (IT and process safety) l policies vs. standards l functional or performance characteristics with security implications

8 8 ISA–The Instrumentation, Systems, and Automation Society 7: Define Risk Goals n related to the question of “what’s different” n expand with examples n may be appropriate to combine with section 6, or more appropriately, section 9 n check against changes to lifecycle model

9 9 ISA–The Instrumentation, Systems, and Automation Society 8: System Assessment n Include safety instrumented systems and burner management systems n Go back to introduction to make sure that the basic reference model is well described and understood; know the scope

10 10 ISA–The Instrumentation, Systems, and Automation Society 9: Conduct Risk Assessment n Should the specifics of this section be placed in an annex? current version is 12 pages n Focus on general principles in the text

11 11 ISA–The Instrumentation, Systems, and Automation Society 10: Select Countermeasures n Reference change mgmt in TR1 n Section 10.2: Address Vulnerabilities l Comprehensive treatment of steps to address vulnerabilities

12 12 ISA–The Instrumentation, Systems, and Automation Society 11: Procure Countermeasures n build vs. buy n this is where compromises have to be made n the only step listed is “create spec”, but there are other steps, such as evaluate alternatives

13 13 ISA–The Instrumentation, Systems, and Automation Society 12-17: Testing n Treat these sections as a group

14 14 ISA–The Instrumentation, Systems, and Automation Society 18: Finalize Operations Measures n Management of changes is referenced in 18.3; is this similar to that in 10.3? n section 18.4 says to establish audit frequency; may want frequency not be public

15 15 ISA–The Instrumentation, Systems, and Automation Society Sections 19 through 21 n These sections are empty in the first release n Section 19: Addition of guidance on routine security reporting and analysis n Section 20: Addition of guidance on periodic audit and compliance measures n Section 21: Add guidance on re-evaluation of security countermeasures, when triggered by external events and/or audit and assessments.

16 16 ISA–The Instrumentation, Systems, and Automation Society Annexes n Include a typical “business case” as a separate annex n Annex B: l This section is empty in the current release l More examples and guidance on audit and vulnerability assessment processes l Include checklists as examples l This may be the appropriate place to relocate material from section 9 l Make some general statements about appropriate content

17 17 ISA–The Instrumentation, Systems, and Automation Society Additional Improvements n Annex C: Supplier Practices l we need to be challenged to “raise the bar” on the security of products offered. l PCSRF is doing this, as is CIDX; do we have to do so also? l How do we hold suppliers accountable? l This topic may be big enough for another working group?

18 18 ISA–The Instrumentation, Systems, and Automation Society Meeting Schedule and Plans n Regular conference calls l Set up ASAP l Start with weekly or bi-weekly and move to monthly

Download ppt "ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004."

Similar presentations

Radiopharmaceutical Production

Radiopharmaceutical Production
Microsoft Operations Framework (MOF) 4.0

Microsoft Operations Framework (MOF) 4.0
Status of Extensible SCCS-SM Concept Green Book 12 February 2013 1.

Status of Extensible SCCS-SM Concept Green Book 12 February
1 Femto Cell System Overview S.P0139-0 Status Update to CDG and Femto Forum Fukuoka, Japan, September 2010.

1 Femto Cell System Overview S.P Status Update to CDG and Femto Forum Fukuoka, Japan, September 2010.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
Systems Analysis and Design in a Changing World

Systems Analysis and Design in a Changing World
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.

More CMM Part Two : Details.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Information Security Policies and Standards

Information Security Policies and Standards
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
CBIIT Quality Assurance Process Preston Wood NCI CBIIT Government Quality Representative (GQR) January 2014 RS.

CBIIT Quality Assurance Process Preston Wood NCI CBIIT Government Quality Representative (GQR) January 2014 RS.
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
Self Declaration Protocol EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.

Self Declaration Protocol EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
Seafood HACCP Alliance for Training and Education Chapter 10 Principle 6: Establish Verification Procedures.

Seafood HACCP Alliance for Training and Education Chapter 10 Principle 6: Establish Verification Procedures.
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Dr. MaLinda Hill Advanced English C1-A Designing Essays, Research Papers, Business Reports and Reflective Statements.

Dr. MaLinda Hill Advanced English C1-A Designing Essays, Research Papers, Business Reports and Reflective Statements.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google