Industrial Internet Security Framework v 1.0 | Page 50

Security Framework 7: IISF Functional Viewpoint Endpoint Monitoring and Analysis includes integrity checking, detecting malicious usage patterns, denial of service activities, enforcement of security policies and analytics that track security performance indicators. Endpoint Data Protection provides controls to preserve the integrity, confidentiality and availability of its data. Endpoint Security Model and Policy governs the implementation of security functions on the endpoint. Endpoint protection relies on Endpoint Physical Security and establishing the Endpoint Root of Trust. The root of trust determines the confidence in the system and its identity, and ensures integrity and access control to its resources. Once established, the endpoint state must be maintained and tracked in accordance with the system model and policy. Endpoint Monitoring & Analysis is responsible for ensuring the prevention, detection and recovery from any activity deviant from policy, while Endpoint Configuration & Management ensures that all changes made to the endpoints are performed in a controlled and managed manner. Endpoint Data Protection is responsible for protecting access and preventing tampering with data-at-rest and data-in-use on the endpoint through encryption, isolation and access control. Data protection spans all data on the endpoint, including configuration, monitoring, and operational data. The overall security of endpoint is defined in the security policy and enforced through the security model for all controls. 7.4 COMMUNICATIONS AND CONNECTIVITY PROTECTION Protection of communications and connectivity provides physical security of the endpoint connectivity to the network, protecting Information Flow in the Network, and Cryptographic Protection of communications between endpoints. These two functions, in the diagram below, are supported by areas that traverse the four building blocks at the top layer: Network Configuration & Management, Network Monitoring & Analysis, Communicating Endpoint Protection, and Physical Security of Connections. IIC:PUB:G4:V1.0:PB:20160926 - 50 -