Unrestricted / © SiemensAG 2016. All Rights Reserved.
Best Practice for Security.
SIS Specific recommendations
•
Include the security requirements in the Safety
Requirement Specification (SRS)
•
Linking the security risk assessment into the
process hazard analysis
•
The personnel responsible for Cyber Security to be
engaged during each phase of the SIS lifecycle.
•
The organization responsible for Safety should be
involved during each phase of the Security lifecycle
•
Safety Manuals should document security
countermeasures
•
SIS vendor to supply security concepts
•
SIS system should be designed with defence in
depth strategy
•
Cyber Security Risks due to the BPCS / SIS
Integration should be considered.
•
Any events associated with the SIS security
countermeasures should be logged and
continuously monitored.
•
A documented plan should be in place that specifies
how responses to intrusion demands are addressed
and responded to.
•
The SIS system software and the cyber security
protection software should be updated as needed.
When SIS workstations are updated, an authorized
person should be present.
•
Guidance on how to implement remote access for
the SIS.