SlideShare une entreprise Scribd logo

IT Security for Oil and Gas Companies

Richard Cole
Richard Cole
TechnologieBusiness
1  sur  3
Télécharger pour lire hors ligne
JPT (Jun 2004): IT Security for Oil and Gas Companies Page 1 of 3 June 2004 Special Features IT Security for Oil and Gas Companies Richard Cole, Enterprise Consulting Services (ECS), and Bret Thomas, Enterprise Management Infrastructure Solutions (EIS) Distinguished Author Series Richard Cole is Chief Operating Officer for Enterprise Consulting Services (ECS), a Houston-based technology firm that specializes in global network security through Departments professional services deployment and remote systems. Bret Thomas is CEO of Enterprise Infrastructure Solutions (EIS), a Houston-based firm specializing in global Deepwater network security consulting for numerous Fortune 500 companies. E&P Since information technology (IT) infrastructure is now integral to a company's entire Coiled operations, threats to network security are not just "an IT issue" anymore but one for Tubing management as well. One of the key threats facing oil and gas companies today is the Applications ability of anyone to download sophisticated software programs off the Internet. Advanced software programs can be downloaded from numerous software vendors Heavy Oil and hacker sites that allow anyone to have complete, real-time access to a company's network system, either internally through the Internet or through the company's remote-access systems. With these tools loaded locally, a hacker can discover a company's complete IT topology, including all of its network devices, without anybody at the company ever knowing it. This occurs if there is no adequate network visibility to Full-Length see what is occurring within the system. Technical Papers Today's buzz phrase is "remote agents." Although these agents serve a useful purpose in network system management by allowing remote management of a 2004 Editorial company's entire infrastructure to keep it optimized, they also can be used against a Calendar company's network. That's because once installed, they can provide a remote control of the system to hackers who successfully breach security and, once successful, can then take over the company's network. In addition, a hacker can make a backup of confidential information without affecting any part of the active network and can retrieve data at any time. This can happen because there are no industry standards to protect these databases and the company's confidential information. Insiders Are the Largest Threat The bad news for company management is that most hackers are not attacking from the outside but are company employees, contractors, one-time solution providers, or even sales associates from large software or hardware vendors. The common issue with the oil and gas industry is that, historically, it has not kept pace in guarding against increased hacker access or in the sophisticated levels of remote-access software. Traditionally, companies have hired network system administrators to be responsible for securing information resources but have provided them with limited, if any, technological security tools or network visibility tools. Network vulnerabilities should be considered of red-level importance for oil and gas companies that have operations in some of the world's most politically volatile regions where it is difficult to definitively know who is actually associated with whom. Many people who appear "safe" (including those having successfully passed background checks) have access to computers within the company's infrastructure and can gain unauthorized access to critical information. If data logs exist that document these activities, it is an extremely time-consuming task to review and analyze the logs to http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004
JPT (Jun 2004): IT Security for Oil and Gas Companies Page 2 of 3 determine if an event actually occurred and, if so, to what extent. Five-Part Solution An IT security breach? How serious could that be? Given the threats to IT network security within the oil and gas industry, what can IT security vulnerabilities strike right at management proactively do? Initially, it the core of oil and gas operations. For must gain an understanding of the basics example: of security threats and solutions by working in conjunction with the company's IT department. Then, it must develop a At a large Houston-based E&P comprehensive security program and company, a vendor's software implement it. Essentially, it's a five-part package (being used legitimately solution beginning with the most important: at the company) fell into the infrastructure visibility. hands of a contractor. After gaining unauthorized access to several network systems, the That visibility should allow continuous contractor "mirrored" the monitoring of the company's IT network's information, showing infrastructure including a company's real-time transactions, onto a switches, routers, and network hardware storage device. Mirroring the port configurations. It includes monitoring caused a significant drain on actual cabling and connectivity, transport bandwidth, slowing the mechanisms (fiber, copper, or wireless), capabilities of the primary system and the protocols that are used to to the point that the company had communicate. difficulty with daily operations. Another oil and gas company The second part of the solution involves belatedly noticed that several monitoring the company's information thousand barrels of oil were transport, data, and application systems missing. Consequently, its and, additionally, the servers and desktops accounting department spent a they run on. The most widely accepted substantial amount of time poring approach is the broadest one: monitoring over financial information in an the application structure by employing a attempt to uncover the problem, full-featured product that monitors all which actually involved computer and business applications in real manipulation of the company's time. These are the most important, network system. critical, and vulnerable because this is where a company's data are stored. As a result, it had to replace the missing barrels and incur the resulting revenue The third part of the solution focuses on loss. security-analysis software. The company's security-application group needs to be able to identify and defend in real time unauthorized access through firewalls or unauthorized access to applications and databases. The fourth part enables companies to stop any unauthorized processes in real time. This is typically accomplished with an application suite specifically designed for protecting resources from unauthorized use. Different from security-analysis software, security management suites allow a company to prevent unauthorized processes from even starting. Additionally, it provides a traceable and accountable transaction log from beginning to end of the unauthorized process. The most sophisticated is the fifth part of the solution: the custom-configuration component. This enables the four solution applications to interoperate and deliver a single-user interface that identifies the health of the company's data and communications infrastructure. By properly establishing policies, procedures, and operational models, companies that have the best visibility throughout the infrastructure can determine their security needs http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004
JPT (Jun 2004): IT Security for Oil and Gas Companies Page 3 of 3 on the basis of specified applications and data. The more sensitive data can be determined "high-level security." This allows companies to adjust their security posture in real time, thus enabling them to operate the network at the highest efficiency and productivity levels with maximum security without hindering corporate profitability. The Outlook The IT security future for the oil and gas industry appears considerably brighter than in recent years, with the industry largely adopting standards that previously had not been followed. The industry is becoming more sophisticated in using advanced application suites and methodologies that aid in implementing the solutions outlined. In addition, a growing number of professionals within the oil and gas industry are implementing advanced-support mechanisms that address both infrastructure security and infrastructure productivity. The bad news is that hackers have ready access to an increasingly wide array of tools and are becoming more sophisticated in their ability to gain access to network systems. To combat this, second-generation applications go well beyond even those used in the late 1990s. These applications are more robust, more intelligent, more user-friendly, and much more manageable. Most of the first-generation applications required months and thousands of man-hours to deploy, while today's applications can be deployed in weeks, and some within days. In addition, these second-generation tools operate on united platforms, which means their operation considers all layers of the network, and they are critical for the convergence of various technologies. The tools to deploy against IT security threats and vulnerabilities are better than ever but are useless if company management is not proactive in taking initiatives to implement these tools. http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004

Recommandé

Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 

Recommandé

Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_CMR WORLD TECH
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionApani Enterprise Security Software
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 

Contenu connexe

Tendances

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_CMR WORLD TECH
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 

Tendances (20)

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 

Similaire à IT Security for Oil and Gas Companies

Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxtoltonkendal
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptxMinnySkyy
 
eForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensicsMag
 
Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?GENIANS, INC.
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks Abaram Network Solutions
 

Similaire à IT Security for Oil and Gas Companies (20)

Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docx
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptx
 
eForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teaser
 
Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks
 

Plus de Richard Cole

Richard Cole Professional Portfolio
Richard Cole Professional PortfolioRichard Cole Professional Portfolio
Richard Cole Professional PortfolioRichard Cole
 
Richard B Cole Biography
Richard B Cole BiographyRichard B Cole Biography
Richard B Cole BiographyRichard Cole
 
Richard Cole Résumé
Richard Cole RésuméRichard Cole Résumé
Richard Cole RésuméRichard Cole
 
Alliance Group Research (AGR) Corporate Presentation
Alliance Group Research (AGR) Corporate PresentationAlliance Group Research (AGR) Corporate Presentation
Alliance Group Research (AGR) Corporate PresentationRichard Cole
 
Internet-based business model revs up savings for auto dealers
Internet-based business model revs up savings for auto dealersInternet-based business model revs up savings for auto dealers
Internet-based business model revs up savings for auto dealersRichard Cole
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsRichard Cole
 

Plus de Richard Cole (7)

Richard Cole Professional Portfolio
Richard Cole Professional PortfolioRichard Cole Professional Portfolio
Richard Cole Professional Portfolio
 
Richard B Cole Biography
Richard B Cole BiographyRichard B Cole Biography
Richard B Cole Biography
 
Richard Cole Résumé
Richard Cole RésuméRichard Cole Résumé
Richard Cole Résumé
 
Alliance Group Research (AGR) Corporate Presentation
Alliance Group Research (AGR) Corporate PresentationAlliance Group Research (AGR) Corporate Presentation
Alliance Group Research (AGR) Corporate Presentation
 
Internet-based business model revs up savings for auto dealers
Internet-based business model revs up savings for auto dealersInternet-based business model revs up savings for auto dealers
Internet-based business model revs up savings for auto dealers
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systems
 
Richard Cole SoQ
Richard Cole SoQRichard Cole SoQ
Richard Cole SoQ
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

IT Security for Oil and Gas Companies

  • 1. JPT (Jun 2004): IT Security for Oil and Gas Companies Page 1 of 3 June 2004 Special Features IT Security for Oil and Gas Companies Richard Cole, Enterprise Consulting Services (ECS), and Bret Thomas, Enterprise Management Infrastructure Solutions (EIS) Distinguished Author Series Richard Cole is Chief Operating Officer for Enterprise Consulting Services (ECS), a Houston-based technology firm that specializes in global network security through Departments professional services deployment and remote systems. Bret Thomas is CEO of Enterprise Infrastructure Solutions (EIS), a Houston-based firm specializing in global Deepwater network security consulting for numerous Fortune 500 companies. E&P Since information technology (IT) infrastructure is now integral to a company's entire Coiled operations, threats to network security are not just "an IT issue" anymore but one for Tubing management as well. One of the key threats facing oil and gas companies today is the Applications ability of anyone to download sophisticated software programs off the Internet. Advanced software programs can be downloaded from numerous software vendors Heavy Oil and hacker sites that allow anyone to have complete, real-time access to a company's network system, either internally through the Internet or through the company's remote-access systems. With these tools loaded locally, a hacker can discover a company's complete IT topology, including all of its network devices, without anybody at the company ever knowing it. This occurs if there is no adequate network visibility to Full-Length see what is occurring within the system. Technical Papers Today's buzz phrase is "remote agents." Although these agents serve a useful purpose in network system management by allowing remote management of a 2004 Editorial company's entire infrastructure to keep it optimized, they also can be used against a Calendar company's network. That's because once installed, they can provide a remote control of the system to hackers who successfully breach security and, once successful, can then take over the company's network. In addition, a hacker can make a backup of confidential information without affecting any part of the active network and can retrieve data at any time. This can happen because there are no industry standards to protect these databases and the company's confidential information. Insiders Are the Largest Threat The bad news for company management is that most hackers are not attacking from the outside but are company employees, contractors, one-time solution providers, or even sales associates from large software or hardware vendors. The common issue with the oil and gas industry is that, historically, it has not kept pace in guarding against increased hacker access or in the sophisticated levels of remote-access software. Traditionally, companies have hired network system administrators to be responsible for securing information resources but have provided them with limited, if any, technological security tools or network visibility tools. Network vulnerabilities should be considered of red-level importance for oil and gas companies that have operations in some of the world's most politically volatile regions where it is difficult to definitively know who is actually associated with whom. Many people who appear "safe" (including those having successfully passed background checks) have access to computers within the company's infrastructure and can gain unauthorized access to critical information. If data logs exist that document these activities, it is an extremely time-consuming task to review and analyze the logs to http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004
  • 2. JPT (Jun 2004): IT Security for Oil and Gas Companies Page 2 of 3 determine if an event actually occurred and, if so, to what extent. Five-Part Solution An IT security breach? How serious could that be? Given the threats to IT network security within the oil and gas industry, what can IT security vulnerabilities strike right at management proactively do? Initially, it the core of oil and gas operations. For must gain an understanding of the basics example: of security threats and solutions by working in conjunction with the company's IT department. Then, it must develop a At a large Houston-based E&P comprehensive security program and company, a vendor's software implement it. Essentially, it's a five-part package (being used legitimately solution beginning with the most important: at the company) fell into the infrastructure visibility. hands of a contractor. After gaining unauthorized access to several network systems, the That visibility should allow continuous contractor "mirrored" the monitoring of the company's IT network's information, showing infrastructure including a company's real-time transactions, onto a switches, routers, and network hardware storage device. Mirroring the port configurations. It includes monitoring caused a significant drain on actual cabling and connectivity, transport bandwidth, slowing the mechanisms (fiber, copper, or wireless), capabilities of the primary system and the protocols that are used to to the point that the company had communicate. difficulty with daily operations. Another oil and gas company The second part of the solution involves belatedly noticed that several monitoring the company's information thousand barrels of oil were transport, data, and application systems missing. Consequently, its and, additionally, the servers and desktops accounting department spent a they run on. The most widely accepted substantial amount of time poring approach is the broadest one: monitoring over financial information in an the application structure by employing a attempt to uncover the problem, full-featured product that monitors all which actually involved computer and business applications in real manipulation of the company's time. These are the most important, network system. critical, and vulnerable because this is where a company's data are stored. As a result, it had to replace the missing barrels and incur the resulting revenue The third part of the solution focuses on loss. security-analysis software. The company's security-application group needs to be able to identify and defend in real time unauthorized access through firewalls or unauthorized access to applications and databases. The fourth part enables companies to stop any unauthorized processes in real time. This is typically accomplished with an application suite specifically designed for protecting resources from unauthorized use. Different from security-analysis software, security management suites allow a company to prevent unauthorized processes from even starting. Additionally, it provides a traceable and accountable transaction log from beginning to end of the unauthorized process. The most sophisticated is the fifth part of the solution: the custom-configuration component. This enables the four solution applications to interoperate and deliver a single-user interface that identifies the health of the company's data and communications infrastructure. By properly establishing policies, procedures, and operational models, companies that have the best visibility throughout the infrastructure can determine their security needs http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004
  • 3. JPT (Jun 2004): IT Security for Oil and Gas Companies Page 3 of 3 on the basis of specified applications and data. The more sensitive data can be determined "high-level security." This allows companies to adjust their security posture in real time, thus enabling them to operate the network at the highest efficiency and productivity levels with maximum security without hindering corporate profitability. The Outlook The IT security future for the oil and gas industry appears considerably brighter than in recent years, with the industry largely adopting standards that previously had not been followed. The industry is becoming more sophisticated in using advanced application suites and methodologies that aid in implementing the solutions outlined. In addition, a growing number of professionals within the oil and gas industry are implementing advanced-support mechanisms that address both infrastructure security and infrastructure productivity. The bad news is that hackers have ready access to an increasingly wide array of tools and are becoming more sophisticated in their ability to gain access to network systems. To combat this, second-generation applications go well beyond even those used in the late 1990s. These applications are more robust, more intelligent, more user-friendly, and much more manageable. Most of the first-generation applications required months and thousands of man-hours to deploy, while today's applications can be deployed in weeks, and some within days. In addition, these second-generation tools operate on united platforms, which means their operation considers all layers of the network, and they are critical for the convergence of various technologies. The tools to deploy against IT security threats and vulnerabilities are better than ever but are useless if company management is not proactive in taking initiatives to implement these tools. http://www.spe.org/spe/jpt/jsp/jptmonthlysection/0,2440,1104_1585_0_2505730,00.html 6/1/2004