A vital aspect of IIoT security governance is implementing a security program that is practical and actionable. In a constantly evolving threat landscape, it is a challenge for industrial adopters of IIoT to decide where and how to invest their limited security resources. Defining a security program by considering models such as SMM and C2M2 (USE-C2M2) can help organizations to right-size security mechanisms and investments.
The IIoT security program decides the resilience and reliability of the production environment, which directly impacts business goals, reputation, and the financial fate of an organization. That's why an organization's business-level stakeholders should directly engage and approve the security program. Many organizations may already have an IT security program, which is typically governed by the enterprise IT team. An IIoT security program involves both IT and OT environments and should either align with or build on top of existing...