Emerson v3.1.0 Manuale Utente
www.emersonprocess.com/deltaV
DeltaV Security Manual
October 2014
3.3.2 Security event handling ....................................................................................................... 63
3.3.2.1 Event logging and reporting......................................................................................... 63
3.3.2.1.1 General security event handling ........................................................................... 63
3.3.2.1.2 User activities....................................................................................................... 63
3.3.2.1.3 Log of failed login attempts.................................................................................. 63
3.3.2.1.2 User activities....................................................................................................... 63
3.3.2.1.3 Log of failed login attempts.................................................................................. 63
3.3.2.2 Event monitoring.......................................................................................................... 64
3.4 Security certifications................................................................................................................... 64
3.4.1 Vendor products .................................................................................................................. 64
4 Patching .................................................................................................................................... 65
4.1 General patching policy ............................................................................................................... 65
4.1.1 Operational impacts............................................................................................................. 66
4.1.2 Patch list management ........................................................................................................ 68
4.1.3 Patching timeliness............................................................................................................... 69
4.1.4 Policies and procedures ....................................................................................................... 70
4.1.2 Patch list management ........................................................................................................ 68
4.1.3 Patching timeliness............................................................................................................... 69
4.1.4 Policies and procedures ....................................................................................................... 70
4.2 Microsoft Windows updates......................................................................................................... 71
4.2.1 Introduction ........................................................................................................................ 71
4.2.2 Windows non-security updates............................................................................................. 71
4.2.3 Security updates .................................................................................................................. 71
4.2.2 Windows non-security updates............................................................................................. 71
4.2.3 Security updates .................................................................................................................. 71
4.3 DeltaV workstation hotfixes ......................................................................................................... 72
4.4 DeltaV Controller and I/O hotfixes................................................................................................. 73
4.4 DeltaV Controller and I/O hotfixes................................................................................................. 73
5 Backups and disaster recovery.................................................................................................... 74
5.1 Overvie........................................................................................................................................ 74
5.2 Backup/Recovery capability ........................................................................................................ 74
5.3 Backup strategy............................................................................................................................ 75
5.2 Backup/Recovery capability ........................................................................................................ 74
5.3 Backup strategy............................................................................................................................ 75
6 Cyber security services............................................................................................................... 76
6.1 Standards, policies and procedures .............................................................................................. 76
6.2 Confidentiality agreements ......................................................................................................... 76
6.3 Standards committees................................................................................................................. 76
6.4 Security contact ........................................................................................................................... 76
6.5 System change procedures........................................................................................................... 77
6.6 Incident Response Policies and Procedures................................................................................... 78
6.7 System hardening......................................................................................................................... 78
6.8 Conducting security risk assessments .......................................................................................... 78
6.9 Use of troubleshooting tools ........................................................................................................ 78
6.2 Confidentiality agreements ......................................................................................................... 76
6.3 Standards committees................................................................................................................. 76
6.4 Security contact ........................................................................................................................... 76
6.5 System change procedures........................................................................................................... 77
6.6 Incident Response Policies and Procedures................................................................................... 78
6.7 System hardening......................................................................................................................... 78
6.8 Conducting security risk assessments .......................................................................................... 78
6.9 Use of troubleshooting tools ........................................................................................................ 78
iv