Security Framework 1 : Overview
1 OVERVIEW
This document is relevant to enhancements to existing implementations and new implementations . It provides guidance for improving organizational approaches , processes and the use of technologies for creating a trustworthy system .
Subsequent revisions of this document may consider additional details or topics as needed .
1.1 PURPOSE
The purpose of this document , ‘ Industrial Internet of Things , Volume G4 : Security Framework ’ ( IISF ) is to identify , explain and position security-related architectures , designs and technologies , as well as identify procedures relevant to trustworthy Industrial Internet of Things ( IIoT ) systems . It describes their security characteristics , technologies and techniques that should be applied , methods for addressing security , and how to gain assurance that the appropriate mix of issues have been addressed to meet stakeholders ' expectations .
This document is also a reference for the Industrial Internet Consortium ’ s testbeds that already span verticals such as smart grid , transportation , industrial maintenance and others . The security evaluations of these testbeds will provide continuous feedback that will be used to update the information here in subsequent revisions of this document .
1.2 SCOPE
This work is an expansion of the discussion on security in ‘ Industrial Internet of Things , Volume G1 : Reference Architecture ’ ( IIRA , [ IIC-IIRA2016 ]). The reader should be familiar with that document , as many of the terms and concepts used here are defined there .
This security framework identifies and explains how risks associated with security and privacy threats may be identified , evaluated and mitigated using technologies and processes . Privacy and other system characteristics are mentioned where it relates to specific security concerns within the document , but this document is not intended to be a tutorial on privacy , safety or other characteristics defined in the IIRA .
This document is informational in nature and not a normative technical specification . It does not contain specifications for conformance or compliance . Implementations may use a variety of mechanisms to address the concerns noted in the document .
1.3 AUDIENCE
The audience for this document includes owners , operators , system integrators , businessdecision makers , architects and any stakeholder with interest in security and related key system characteristics . Business decision makers can use this document to guide the development of interoperable technologies and solutions related to security , balancing it with other stakeholder requirements . Owner , operators and system integrators can use it as a common starting point of system conception and design related to security .
IIC : PUB : G4 : V1.0 : PB : 20160926 - 11 -