What to consider when designing or implementing IO related processes.
The 10 Integrated Operations Security Principles are all about defining domains of security and protecting those domains and the information within. These are important principles that are necessary to protect the information, and following these principles will help ensuring appropriate protection.
The 10 principles are:
1. Agree baseline security measures between stakeholders
2. Define clear boundaries of responsibility
3. Establish contracts
4. Ensure all data has clear ownership
5. Trust authentication done by source
6. Ensure activity logging
7. Establish multilayer protection
8. Be open
9. Use role- and asset-based access
10. Show social responsibility.
Today in the Oil and Gas Industry there are some companies that have made a lot of progress in addressing these principles internally. However many companies are lacking in most areas. Once several stakeholders are included the total solution will normally have very weak security that it which will take a long time and a lot of effort to correct unless it is considered up-front. This weak security may even be a showstopper for an important collaboration process between stakeholders and therefore prevent major savings being made