controlgesab
Newbie

About controlgesab

Biography:

Much has been said and written about the Critical Infrastructure Protection Act (CIP Act) since its publication in 2011. Guided by the comprehensive security vision that this regulation promulgates, we will focus in this article on providing a practical approach to compliance through the use of a control center.

The entity that is designated as a critical operator has the obligation to identify the strategic or critical infrastructures it owns and, on them, perform a comprehensive risk analysis, assessing any type of threat, physical or logical, that could lead to a service interruption.

The importance of this risk analysis is significant, as it will allow the establishment of protection strategies to be carried out, prioritizing protection against the threats with the greatest impact, whether of physical or logical origin. Thus, the protection plans defined by the PIC Law (Operator Security Plan and Specific Protection Plans for each infrastructure) will be aimed at reducing the impact of those threats that pose the greatest risk to the availability of this type of environment.

The Integrated Security Control Center (ISCC)

The reality is that many of the large companies likely to be declared critical operators already have a Control Center, which can be a focal point for compliance with the law.

Usually these facilities are oriented to the monitoring of physical security alarms, access control, CCTV or industrial SCADA systems. Some companies are already taking advantage of the infrastructure and capabilities of these centers to approach protection from a holistic perspective. Thus, these ISCCs can have functions such as the following:

Detection of both physical and logical intrusions: the combination of events from both worlds gives us greater detection power, a more global view of security problems. In this way, it would be possible to detect, for example, access to a computer whose owner is not in the building.
Comprehensive support for investigation and forensic analysis: thanks to the information handled in the CCSI, it is possible to provide both logical and physical evidence that allows an incident to be traced in its entirety. For example: physical access control records, CCTV camera records, computer access logs, etc. For example, the perpetrator of multiple international telephone calls from a telephone terminal whose owner was not present could be identified.
Security incident response and escalation: the ISCC has a complete overview and can therefore coordinate a response to the incident, regardless of the type of measures required. For example, in the event of a fire in a company building, the personnel inside who must be evacuated, including critical employees who must be moved to an alternative backup facility, could be identified immediately.
Maintaining a comprehensive security scorecard: it makes it easier for the company's security manager to understand and be aware of all the risks they actually face, as well as their ability to respond to them in an agile manner. The CCSI becomes a centralized source of data that supports the decision-making and reporting needs of the company's management or external organizations such as the CNPIC itself.

Location:

España