Industrial Internet Security Framework v 1.0 | Page 106

Security Framework 11: Security Configuration and Management Security management is the management of the security controls on an endpoint, including the addition and removal of security controls, the setting of security policy, and enablement of extracting security events and logs. Operational management should be separated from security management so that security controls processes can evolve independently. Secure operational management involves protecting the operational management process and functions to ensure the integrity and confidentiality of changes made to operational elements of the system including endpoints, communications, monitoring, and management systems. Figure 11-2: Secure Operational Management Both implement policy to configure the settings on the endpoints, and a misconfiguration on either the system or the security may result in vulnerability. The sensitive nature of the endpoints, the applications and the data requires especially diligent care in the separation of concerns between these areas, though the line between them is often blurred. Operational management must interact with operational monitoring. There should also be a separation between operational events and security events. Security events from the endpoints and communications are used by security monitoring to evaluate security and identify gaps that must be remediated. The operational management and monitoring controls are specific to the system’s operational process, as opposed to the security management and monitoring, which can be the same across different operational processes. For example, the setting of credentials, the definition of network data channel rules and the identification of the destinations for security event data are all required across various operational processes, though the actual settings may vary from endpoint to endpoint. A common security API across all the endpoints making up the operational process isolates the security process from the operational process, independent of the make, model and IIC:PUB:G4:V1.0:PB:20160926 - 106 -