Security Framework
11: Security Configuration and Management
11 SECURITY CONFIGURATION AND MANAGEMENT
Changes to the environment and the discovery of new vulnerabilities and threats will require updates to policy, firmware and software, so the security features of an Industrial Internet of Things system must be configurable and manageable, not statically defined. In addition, the deployed versions must be carefully controlled, configured and managed.
Periodic security compliance reports are often mandated and certainly advisable. Network and endpoint configurations should be analyzed periodically to report deviations from all relevant policies and to summarize compliance postures.
Figure 11-1: Functional Breakdown for Security Configuration and Management
Security management must determine the security objectives of the system to be managed. These security objectives should identify the techniques to be used to ensure the confidentiality of information, the integrity of the endpoint and communications, and the availability of the system functions required for management.
11.1 SECURE OPERATIONAL MANAGEMENT VS. SECURITY MANAGEMENT IIoT system management has two related concerns.
Operational management is the configuration of the operational functionality of the system and its endpoints, including provisioning, operating system settings, physical and logical network settings, and the application configurations for the operational process.
IIC: PUB: G4: V1.0: PB: 20160926- 105-