Subscribe to be notified for updates: RSS Feed

Bensy Alexander Daniel

IT Compliance Analyst, IT Security , Abu Dhabi Company for Onshore Petroleum Operations Ltd. (ADCO)

Bensy Alexander Daniel is currently working for Abu Dhabi Company for Onshore Petroleum Operations Ltd. (ADCO) as an IT Compliance Analyst has 10 years of experience in the IT Security, Risk Management and Audit space. He has been instrumental in the design, implementation and maintenance of a comprehensive Information Security Management System across the fields and terminals of ADCO based on ISO 27001 / ISA 62443 standards to secure their integrated control and safety systems. Prior to ADCO, Bensy has been working in a leading security consulting firm and has enabled several companies across various verticals such as government, banking, construction, credit card manufacturing etc. to design and implement an information security management system based on ISO 27001 / ADSIC and service management system based on ISO 20000. Bensy holds an MBA in Systems & Marketing, a Bachelor of Engineering (BE) degree in Electronics and Telecommunication and has the following certifications - CISA, CISM, CGEIT, CISSP & ITIL Expert.

Integrating Security in the System Development Life Cycle for Industrial Control Systems

Industrial Control System Cyber Security

Abstract: With the advent of aggressive and sophisticated cyber security attacks on Industrial Automation and Control Systems (IACS), organizations have taken the subject of cyber security as a key component of its overall IACS lifecycle strategy. While impossible to eliminate all risks from the organizational operations, one of the most effective ways to protect organization assets is through the incorporation of risk management and security into the System Development Life Cycle (SDLC) of IACS. SDLC is the overall process of developing, implementing, and retiring information systems through a multistep process from initiation, analysis, design, implementation, maintenance to disposal. Industrial Automation and Control Systems which supports the automation of production processes have a long implementation lifecycle and life span as compared to traditional IT systems. Hence, conducting modifications and obtaining shut down windows in a live production plant environment have substantial financial, operational and HSE implications. Incorporation of security stage gates in the system development life cycle of IACS ensures that the overall cost of incorporating security controls is much lower as compared to introducing them in a live production plant after commissioning. This whitepaper describes the phased approach towards incorporating security in the System Development Life Cycle (SDLC) of IACS from initiation till disposal. Such a defined approach ensures that a consistent and repeatable process is established for all the functional teams to follow and also creates accountability to incorporate security stage gates at relevant phases thereby providing assurance to the top management regarding the overall security posture of the system.

Copyright 2013 DMS Global - Design by DMS Cybernation