Industrial Internet Security Framework v 1.0 | Page 120

Security Framework 11: Security Configuration and Management Figure 11-8: Flow of Management Data Privacy should be factored into the system design to protect the sensitive data, anonymize it, and control the data’s retention period and storage location, ensuring that it is properly deleted. Privacy-sensitive data should be documented to ensure that there is adequate awareness of it. It should be managed based on policies governing access rights and consent/revocation, and sharing with third parties. Careful management over the ownership of data is required to keep the security data safe from unintended modification. The access control must be enforced on the endpoint, such as in the configuration on a device or in the database of the management server, and in the communications between endpoints. 11.10 SECURITY MODEL & POLICY FOR CHANGE MANAGEMENT Changes to regulatory policy, industry standards and new directives should trigger review of the security model. Any update affects the organization policy hierarchy. For example, when regulatory policy strengthens network access controls, these changes must be reflected in the organizational policy by setting access rights to certain networks to match the directives from the regulatory policy. Changes in organizational security policy similarly require adjustment to the machine policy for security control settings, configurations and security controls. All policy updates must be carefully controlled and tracked with an audit trail. IIC:PUB:G4:V1.0:PB:20160926 - 120 -