Defining the Principal Roles in Cybersecurity

By Eric Cosman

Category:
ARC Report Abstract

Overview

Planning, operating, and maintaining an effective response to cybersecurity risks can be a daunting exercise for many asset owners.  They must address the cybersecurity of automation and related systems across their entire life cycle, from specification and development to operations and maintenance. Although they are not directly responsible for all activities, asset owners must understand the requirements and translate these into responsibilities for those performing the tasks required.

Reducing Cybersecurity Risks

The lifecycle of an automation solution provides the context or back-ground for defining processes and associated roles.  If defined in sufficiently general terms, it can be applied easily across a wide range of situations and help improve communications and cooperation between the various contributors and stakeholders.  This is a major goal for people involved in standards development efforts since it would enable broader use of their work.

cybersecurity risks cybersecurity%20risk.jpgMany of the available standards, frameworks and guidelines for cybersecurity stress the need to address the people and process elements of the response in addition to technology.  However, it is often left up to the reader to define the needed processes and associated roles.  This requires a detailed understanding of business processes and organizational structure, including identification and definition of roles and responsibilities.  Although the details may vary by situation, the fundamentals are often common.

A general-purpose lifecycle model includes the definition of several principal roles that are not industry specific.  By using these general definitions, it is possible to provide guidance that can be applied broadly.

ARC Advisory Group clients can view the complete report at ARC Main Client Portal or at ARC Office 365 Client Portal

If you would like to buy this report or obtain information about how to become a client, please Contact Us    

Keywords: Cybersecurity, Asset Owner, Supplier, System Integrator, Service Provider, ARC Advisory Group.

 

Engage with ARC Advisory Group