资产管理或者说——我是如何学会不再拖延的.pdf

《资产管理或者说——我是如何学会不再拖延的.pdf》由会员分享，可在线阅读，更多相关《资产管理或者说——我是如何学会不再拖延的.pdf（12页珍藏版）》请在三个皮匠报告上搜索。

1、Asset Management or:How I learned to stop kicking the can down the roadPresented by:Nikolas Upanavage,P.E.EPC Perspective2Engineering Requirements Identification Design DrawingsProcurement Specifications Material RequisitionsConstruction Work packages Field Change RequestsStartup Energization Loop T

2、ests Configuration changes3SANS ICS Critical Controls 2 and 5Source:Robert M.Lee and Tim Conway.(2022).The Five ICS Cybersecurity Critical Controls White paper.SANS Institute4Standards/Regulations/Frameworks/GuidanceIEC/ISA 62443-2-1:CM 1.1 Asset Inventory Baseline;CM 1.4 Change Control 62443-2-4:SP

3、.06.02 Base Requirement Inventory Register ISA-TR84.00.09-2024 Part 1:4.2.15 Cyber config and change managementNIST 800-53/800-82:CM-8 SYSTEM COMPONENT INVENTORY Nuclear 10 CFR 73.54”identify those assets that must be protected against cyber attacks”Reg Guide 5.71:Appendix C,C.11.9 Component Invento

4、ry NEI 08-09:Appendix E,10.9 COMPONENT INVENTORYWhy should we care about asset inventories?Arguments against:Asset inventory will never be 100%accurate Too many resources needed to maintain Well have a software tool to do this for us Other cyber design requirements are higher priority56Kicking the c

5、anIn my experience,with so many competing requirements and design focal points,asset inventory tends to be pushed down the road.Credit:Jurassic Park,dir.Steven SpielbergCredit:Explorers,dir.Joe Dante7Construction/StartupCentralized automated tools not useful when physical connections are not complet

6、e.https:/ Unknown Author is licensed under https:/creativecommons.org/licenses/by/3.0/Under Floor Cable Runs Str 2 by Robert.Harker is licensed under https:/creativecommons.org/licenses/by/3.0/8Factory Acceptance TestingLow risk opportunity to gather asset dataData often availabl