Industrial Internet Security Framework v 1.0 | Page 55
Security Framework
•
7: IISF Functional Viewpoint
Security Model & Policy for Change Management is the process that governs security
configuration management functions.
To change the configuration on security controls, the security model should be transformed into
actionable settings in the security policy, including the identification and configuration for the
endpoints and their connectivity. The level of granularity for configuration and management of
the system varies depending on the systems and trust requirements capture in system security
model and policy.
7.7
DATA PROTECTION
Data is pervasive throughout the IIoT system. Each set of data has a different lifecycle, time of
relevancy and potential risk associated with its compromise. The threat may result from its
modification, interception or duplication. The effects of attacks on data vary from immediate
change in system behavior to more subtle negative behavior in the future.
Figure 7-7: Functional Breakdown for Data Protection
Figure 7-7 shows a functional breakdown of the building blocks for data protection in the security
framework. Different types of data to protect include:
•
•
•
Endpoint Data Protection refers to operational and security related data used, stored or
moved through the endpoint.
Communications Data Protection addresses all data pertaining to the operations of the
network communications and connectivity and the data transmitted across these
connections between endpoints.
Configuration Data Protection is all the data relating to the security or operational
configuration of the system including all endpoints and connections.
IIC:PUB:G4:V1.0:PB:20160926
- 55 -