Industrial Internet Security Framework v 1.0 | Page 51
Security Framework
7: IISF Functional Viewpoint
Figure 7-4: Functional Breakdown for Communications and Connectivity Protection
Communication and connectivity security should consider the following functions for protecting
and controlling data-in-motion.
Physical Security of Connections ensures that the physical connectivity layer (cables, radios) to
the network is protected.
Communicating Endpoints Protection provides some of the functional security building blocks,
such as cryptographic keys, to secure communication between endpoints.
Cryptographic Protection uses cryptographic technologies to protect authenticity of
communicating parties and integrity and confidentiality of exchanged data and metadata.
Information Flow Protection ensures that only permitted kinds of messages and content reach
sensitive systems and networks by isolating network flows using network segmentation and
perimeter protection technologies.
Network Configuration and Management controls updates to all network elements and provides
enforcement of security policy and configuration for the communications, including network
segmentation, cryptographically protected communications settings, and configuration of
gateways and firewalls.
Network Monitoring and Analysis collects network data for analysis and includes intrusion
detection, network access control, deep packet inspection and network log analysis.
Data-in-Motion Protection provides controls to preserve the integrity, confidentiality and
availability of its data.
IIC:PUB:G4:V1.0:PB:20160926
- 51 -