CHAPTER 1: SECURITY PRINCIPLES 2.

IDS and IPS

MODULE 3: SECURITY CONTROL 3. Access Control

4. Antivirus Software

Security Control 5. Encryption

 It pertains to the physical, technical, and 6. Authentication Mechanism

administrative mechanisms that act as
safeguards or countermeasures prescribed for an
information system to protect the confidentiality,
integrity and availability of the system and its
MODULE 4: GOVERNANCE ELEMENTS
information.
TYPES OF SECURITY CONTROL
1. Physical Control Governance Element

2. Administrative Control  It refer to the principles, structures, and

processes that guide decision-making,
3. Technical Control coordination, and management within the
network.

PHYSICAL CONTROL

 It refers to measures taken to physically protect

assets, resources, or individuals from
unauthorized access, damage, theft, or harm.
Examples are:
1. Surveillance Camera
2. Biometric
LAWS & REGULATION
3. Identity Cards
 It refers to the body of legal rules, statutes,
4. Alarm System regulations, and principles that govern various
ADMINISTRATIVE CONTROL aspects of industrial activities.
 These are established by governments at the
 Also known as Procedural Controls. local, national, and international levels to
 These are security measures implemented regulate industrial operations.
through administrative or managerial policies,  Ensure safety.
procedures, guidelines, and practices.
 Protect the environment.
Examples:  Promote fair competition and safeguard the
rights of workers and consumers.
1. Security Policies and Procedures
Laws and Regulations in Industrial Network:
2. Security Training and Awareness Programs
1. Health and Safety Law
3. Personnel Security Measures
2. Environmental Law
4. Access Control Policies
3. Product Liability Law
5. Incident Response and Reporting Procedures
4. Intellectual Property Law
6. Compliance and Auditing Processes
5. Employment Law
7. Change Management Procedures
6. Trade Law
TECHNICAL CONTROL
7. Competition Law
 Also known as logical controls.
 These are security measures implemented 8. Data Privacy and Security Law
through technology to protect information
9. Contract Law
systems, networks, and data from unauthorized
access, alteration, or destruction.
Examples:
1. Firewall
1. HEALTH AND SAFETY LAW
 It is ensure the protection of workers and the
public from occupational hazards and risks
associated with industrial activities.
 These laws may cover areas such as workplace
safety, equipment standards, hazardous materials
handling, and emergency response protocols.
2. ENVIRONMENTAL LAW
 It regulate industrial activities to minimize their
impact on the environment and natural
resources.
 These laws may include regulations on air and
water pollution, waste management, emissions
control, and conservation efforts.
3. PRODUCT LIABILITY LAW
 Govern the legal responsibilities of
manufacturers, distributors, and sellers for the
safety and quality of their products.
 These laws hold companies accountable for any
harm or injury caused by defective or unsafe
products and may impose liability for damages
and compensation.
4. INTELLECTUAL PROPERTY LAW
 Protect the rights of industrial companies to their
innovations, designs, trademarks, and
copyrights.
 These laws include patents, trademarks,
copyrights, and trade secret protections, which
enable companies to safeguard their intellectual
assets and maintain a competitive edge in the
market.
5. EMPLOYMENT LAW
 It regulate the relationship between employers
and employees in industrial workplaces.
 These laws cover areas such as wages, working
hours, benefits, anti-discrimination practices,
and health and safety standards for workers.
6. TRADE LAW
 Promote fair competition and prevent
anticompetitive practices that may harm
consumers or restrict market competition.
 These laws prohibit activities such as
pricefixing, market allocation, monopolistic
behavior, and unfair business practices.
7. COMPETITION LAW
 Promote fair competition and prevent
anticompetitive practices that may harm
consumers or restrict market competition.
 These laws prohibit activities such as
pricefixing, market allocation, monopolistic
behavior, and unfair business practices.
8. DATA PRIVACY AND SECURITY LAW
 It regulate the collection, use, storage, and
protection of personal and sensitive data in
industrial operations.
 These laws impose requirements for data
handling practices, security measures, and
notification obligations in the event of data
breaches.
9. CONTRACT LAW
 It governs the legal agreements and obligations
between parties involved in industrial
transactions, including manufacturers, suppliers,
distributors, and customers.
 These laws establish rights, duties, and remedies
for breaches of contract and ensure
enforceability of contractual agreements.
STANDARD
 It is a documented set of guidelines, criteria,
specifications, or requirements established by
authority and used as a reference for ensuring
consistency, quality, safety and performance in a
particular field or industry.
Key Characteristics of Standard:
1.Consistency and Uniformity
2.Quality Assurance
3.Interoperability
4.Safety and Risk Management
5.Regulatory Compliance
1. CONSISTENCY AND UNIFORMITY
 Refer to the adherence to standardized
processes, procedures, specifications, and
quality across various aspects of industrial
operations.
CONSISTENCY
o Refers to the reliability and
predictability of outcomes or
performance over time.
o It involves maintaining a steady level of
quality, and efficiency in operations,
regardless of variations in external
factors or inputs.
UNIFORMITY
o It involves ensuring that all components,
procedures, and outputs conform to
established standards or specifications.
o This can include uniformity in product
design, manufacturing processes, safety
protocols, measurement standards.
2. QUALTIY ASSURANCE
 It refers to the systematic processes, procedures,
and practices implemented to ensure that
products or services meet specified quality
standards and requirements.
 It encompasses a range of activities aimed at
preventing defects, errors, and inconsistencies in
production processes, thereby ensuring that the
final output meets or exceeds customer
expectations. 1. SAFETY PROCEDURE
3. INTEROPERABILITY
 It refers to the ability of various systems,
devices, machines, and software applications to
communicate, exchange data, and work together
seamlessly within an industrial environment.
4. SAFETY AND RISK MANAGEMENT
 Identifying hazards, specifying safety measures,
and establishing guidelines for minimizing risks
and preventing accidents or harm to users,
workers, or the environment.
5. REGULATORY COMPLIANCE
 Align with regulatory requirements and
industryspecific regulations by providing
guidelines and benchmarks for organizations to
demonstrate compliance and meet legal
obligations in areas such as safety,
environmental protection, and consumer
protection.
2. MANUFACTURING PROCEDURE
POLICY
 It refers to a set of guidelines, rules or principles
established by an organization to govern various
aspects of its operations, practices, or behavior.
 To ensure the smooth operation of facilities, the
safety of workers, compliance with regulations,
and the achievement of organizational goals.
PROCEDURE
PROCEDURE
 It refers to a documented set of steps or
instructions outlining how to perform a specific
task, operation, or process within an
organization.
 It provide detailed guidance to employees,
contractors, or stakeholders on the proper
sequence of actions, methods, tools, and
resources required to achieve a desired outcome
efficiently, safely, and consistently.
3. MAINTENANCE PROCEDURE
EXAMPLES OF PROCEDURE:
1. Safety Procedure
2. Manufacturing Procedure
3. Maintenance Procedure
4. Quality Control Procedure
5. Administrative Procedure
 These are established guidelines and protocols
designed to prevent accidents, injuries, and
hazards in the workplace.
 It provides specific steps and actions that
employees, contractors, and visitors must follow
to maintain a safe working environment.
EXAMPLES OF SAFETY PROCEDURE
a) Personal Protective Equipment (PPE)
b) Machine and Equipment Safety
c) Hazardous Material Handling
d) Emergency Response
e) Electrical Safety
f) Fire Safety
g) Chemical Safety
h) Workplace Ergonomics
i) Safety Training and Communications
 Also known as a Production Process.
 Refers to a series of steps and activities that are
systematically followed to transform raw
materials, components, or resources into
finished products.
EXAMPLES OF MANUFACTURING
a) Product Design and Development
b) Materials Procurement and Inventory
Management
c) Production Planning and Scheduling
d) Manufacturing Operations
e) Quality Control and Inspection
f) Packaging and Labeling
g) Maintenance and Repair
h) Continuous Improvement
i) Compliance and Regulations
 It is systematic steps and activities required to
ensure the reliability, availability, and
 performance of equipment, machinery, or
facilities over time.
 These are essential for preventing equipment
failures, minimizing downtime, optimizing
performance, and extending the lifespan of
assets.
4. QUALITY CONTROL PROCEDURE

 It is a systematic steps and activities

implemented to ensure that products, processes,
or services meet specified quality standards and
requirements.
 These are essential for detecting defects,
preventing non-conformities, and maintaining
consistent quality throughout the production
process.
 It involve various inspection, testing, and
verification activities aimed at identifying and
addressing quality issues to ensure customer
satisfaction and compliance with regulatory
requirements.
5. ADMINISTRATIVE PROCEDURE

 It refer to the structured processes and

guidelines established to manage administrative
tasks, operations, and functions within an
organization.
 These procedures ensure that administrative
activities are performed efficiently, consistently,
and in compliance with organizational policies,
regulations, and best practices.

EXAMPLES OF ADMINISTRATIVE
PROCEDURE
a) Human Resource Management
b) Finance and Accounting
c) Procurement and Purchasing
d) Facilities Management
e) Documentation Control and Records
Management
f) Compliance Management
g) Information Technology Management
h) Meeting and Event Management
i) Travel and Expense Management
j) Communication and Correspondence