Industrial Internet Security Framework v 1.0 | Page 56

Security Framework
•

7: IISF Functional Viewpoint

Monitoring Data Protection refers to all data generated by the system in response to
tracking current state and changes of key system parameters, indicators and activities
relevant in ensuring system trustworthiness.

The data protection strategies for each type of data fall into three categories:
•

•
•

Data-at-Rest (DAR) is data in persistent storage, for example, on a long-term networkattached cloud storage drive, on a local USB drive, or in a solid state disk (SSD) on an edge
device.
Data-in-Use (DIU) is data placed in non-persistent storage such as random access memory
(RAM) and CPU caches and registers.
Data-in-Motion (DIM) is data moving between two or multiple connected endpoints.

Data, whether in-motion, in-use, or at-rest, must be protected against unauthorized access and
uncontrolled changes by applying functions such as confidentiality controls, integrity controls,
access control, isolation and replication. The level of protection should be commensurate with
the impact of data loss or falsification, and the retention period should be defined.

7.8

SECURITY MODEL AND POLICY

The Security Model & Policy covers regulatory, organizational and machine levels of security (see
Figure 7-8). The Security Policy describes the security objectives of the system, and the Security
Model is a formal representation of security policies enforced in the system. Various security
models may be applicable in a system, and the scope of these models may address different
security functions or security domains within it. Security Model & Policy encompasses all security
aspects of the system including how to protect endpoints, communications and data. It also
defines what is to be monitored, analyzed and recovered and who and how changes may be
made to all aspects of the system.

IIC:PUB:G4:V1.0:PB:20160926

- 56 -