Security Best Practices

The intent of this section is to simplify and provide guidance in reducing the vulnerability or exposure of the ICS infrastructure. This can include administrative best practices such as management and operational controls in several scenarios to improve the security implementation.

As security encompasses many aspects to consider, an Administrator will identify and develop the appropriate security policies unique to his environment. This task can become time-consuming for even experienced system administrators, therefore, the recommendations outlined here should be used as part of an overall security strategy.

Security is not a one-time activity. It is an integral part of the system life-cycle. The activities described in this document generally require either periodic updating or appropriate revision, thus it should be considered a “living document”.