Introduction

In the previous chapter, you were introduced to terminology and practices associated with physical security management. In this chapter, the discussion moves to logical access control models and practices associated with IT and OT networks.

These policies should be designed to reflect the three objectives associated with the classical model of information security: confidentiality, integrity, and availability (CIA). However, recall from Chapter 5, “Cybersecurity Essentials for ICS,” that in an OT environment, an AIC approach is typically more important than the traditional CIA efforts used in IT network environments.

The sheriff on any network is the network administrator. In network environments, these are the people responsible for implementing the organization's security policies on the network equipment. In larger organizations, specialized administrative roles are typically created to handle different aspects of the network's operation. This may include having separate server and network administrators. The server admin or system administrator (sysadmin) is responsible for the ...