In our last three posts, we looked at three tools you already use to help provide a safely functioning system at the front end – HAZOP, HAZID, and Failure Modes, Effects, and Criticality Analysis (FMECA) – and recommended their use for CyberSecurity. In our most recent post, we looked specifically at utilizing HAZIDs for CyberSecurity. We’ll now take a look at utilizing the FMECA for the same purpose.
How can we make our FMECA’s address CyberSecurity? First by following an established FMECA process starting with Discovery:
Then, include the following in the initial sets of documents:
- System Network Topology including all access points
- External Users including contractor access, application access, classes of users
- Internal Users including application access, classes of users
- Access policies
- User responsibilities
- Management of Change Policy
- Formats for operational access logs
- Current activity logs for existing or “as like” assets
- Typical network traffic
In the workshop phase of the FMECA focus on CyberSecurity Risks:
- Security breach or hacker attack
- Loss or compromise of customers data
- Loss or compromise of employee data
- Loss or compromise of intellectual property and trade secrets
- DDoS attack
- Monetary loss
- Violation of laws and regulations
- Virus/ransomware attack
- Damaging downtime
- Reputational damage
- Physical data loss
Finally, in the Reporting Phase ensure that CyberSecurity is emphasized:
That’s it for recognizing CyberSecurity in your FMECA. Next, we’ll recap putting CyberSecurity into your projects using the HAZOP, HAZID and FMECA tools.
Read the blog entries on our website – www.athensgroupservices.com, join our LinkedIn Group, and subscribe to our newsletter.