Industrial Internet Security Framework v 1.0 | Page 46

Security Framework 7 : IISF Functional Viewpoint
7 IISF FUNCTIONAL VIEWPOINT
7.1 SECURITY BUILDING BLOCKS
The functional viewpoint of the security framework comprises six interacting building blocks , as shown in Figure 7-1 . They are organized into three layers . The top layer comprises the four core security functions : endpoint protection , communications and connectivity protection , security monitoring and analysis , and security configuration management . These four functions are supported by a data protection layer and a system-wide security model and policy layer . These three layers comprise the functional viewpoint of the industrial internet security framework .
Figure 7-1 : Security Framework Functional Building Blocks
Endpoint protection implements defensive capabilities on devices at the edge and in the cloud . Primary concerns include physical security functions , cyber security techniques and an authoritative identity . Endpoint protection alone is insufficient , as the endpoints must communicate with each other , and communications may be a source of vulnerability .
Communications and connectivity protection uses the authoritative identity capability from endpoint protection to implement authentication and authorization of the traffic . Cryptographic techniques for integrity and confidentiality as well as information flow control techniques protect the communications and connectivity .
Once endpoints are protected and communications secured , the system state must be preserved throughout the operational lifecycle by security monitoring and analysis and controlled security configuration management for all components of the system .
These first four building blocks are supported by a common data protection function that extends from data-at-rest in the endpoints to data-in-motion in the communications . It also encompasses all the data gathered as part of monitoring and analysis function and all the system configuration and management data .
IIC : PUB : G4 : V1.0 : PB : 20160926 - 46 -