Workforce Management: Introducing a Policy Rules Engine to Industrial Security Adrian Fielding, Honeywell Damian Vassallo, RightCrowd

Size: px

Start display at page:

Download "Workforce Management: Introducing a Policy Rules Engine to Industrial Security Adrian Fielding, Honeywell Damian Vassallo, RightCrowd"

Norman Warner
8 years ago
Views:

1 2015 Honeywell Users Group Europe, Middle East and Africa Workforce Management: Introducing a Policy Rules Engine to Industrial Security Adrian Fielding, Honeywell Damian Vassallo, RightCrowd

Together these solutions ensure that process, plant, people and environment are safer and more secure than ever before.

2 Integrated Protective Solutions Honeywell s Integrated Protective Solutions deliver Safety Shutdown, Fire & Gas, Physical and Cyber Security holistically across process facilities. Together these solutions ensure that process, plant, people and environment are safer and more secure than ever before. They include independent yet interrelated layers of protection to prevent, detect and mitigate potential safety and security risks and threats. Ensuring Safety & Security of your Workforce Honeywell International All Rights Reserved

3 Abstract Workforce Management: Introducing a policy rules engine to Industrial Security, Damian Vassallo RightCrowd and Adrian Fielding Honeywell This presentation will explain the emerging workforce assurance space and the methodologies for implementing an attribute based access control system The conversation will focus on defining attributes and policies that a rules engine could enforce; i.e. near real time condition based access control When incorporated as part of an over-arching industrial security program, organizations can leverage powerful and robust business process that aids and improves business performance Honeywell International All Rights Reserved

4 Workforce Assurance Purpose Mental Model Link Org Management to Business Function Resource Management Improve throughput $ per hour / $ per person Process Structure Reaction Honeywell International All Rights Reserved Improve the visibility and productivity of the business by: Mitigating physical security, safety and compliance vulnerabilities. Automating and standardizing people processes to improve productivity. Enabling the better management of our people and their costs in realtime.

5 Link Org Management to Business Process Purpose Collaboration between different areas of the company HR, Finance, Operations, Compliance Assurance across the spectrum of Logical and Physical Logical HR, Payroll, Active Directory, Task Applications Physical - Networks and Facilities (Data Centres, Vaults, Industrial Sites) THIS IS CHANGE Honeywell International All Rights Reserved

6 Link Org Management to Business Process Purpose. Security events Location data, when "root" account is accessed (console of a server) Authorization to grant access Non-repudiation (Who is the Owner?) Multi-Level approval link to Org Chart and Area Owners Separation of duties Validation checks differ Internal v 3 rd Party contractors or visitors Honeywell International All Rights Reserved

7 Link Org Management to Business Process Outcome Risk Reduction - Certainty that a task has been carried out Process Automation Less manpower has achieved cost efficiency Honeywell International All Rights Reserved

8 Resource Management Throughput Limit access to those who are approved, authorized, accredited and accounted for Background checks EHS (Compliance/Certifications) Appropriate commercials Seamless Interdepartmental process Chain of Approval / Delegation Immediacy One touch Termination (Logical and Physical) Employee, Contractor or Visitor Honeywell International All Rights Reserved

9 Resource Management Outcome Compliance Full audit trail of data What was it changed from What was it changed to Reporting information packaged in real time map to specific requirements and for specific users Honeywell International All Rights Reserved

10 Business Improvement Mitigate Risks to Business Interruption Converge with DVM to increase / improve security performance Plan for peak periods and flow of workforce (Shutdowns) Correlate multiple data feeds Asset information to Personnel information Pre-emptive Business Continuity/Evacuation Plans Ensuring / Insuring Brand Reputation Timeliness responding to emerging / ongoing crises Sophistication to IT Security Advanced Persistent Threat / Insider Threat Honeywell International All Rights Reserved

11 Conclusion Workforce Assurance requires clear approaches to logical and PHYSICAL security Something you Own Something you Know Something you Are Prepare for aggression at a Cyber Level What are the sources and where can they be mitigated Situational Awareness of Assets and People Visibility and Value Trust NO SILVER BULLET Honeywell International All Rights Reserved

12 Level of Maturity Logical / Physical Maturity Curve Workforce Assurance Maturity Model 1. Unaware 2. Tactical 3. Focused 4. Strategic 5. Pervasive Total lack of awareness Spreadsheet Information One-off report requests No Business sponsor Security in charge Limited users Data inconsistency and ad hoc systems Specific focus on a business need (e.g. attribute based management or fatigue management or contractor mobilization) Funding from business units on a project by project basis Specific set of users are realising value Business Objectives drive Workforce Assurance with Performance Management Strategies Deploy an enterprise metrics framework Governance policies are defined and enforced Establish a balanced portfolio of standards Information is trusted across the company Workforce Assurance is extended to suppliers, customers and business partners Workforce Assurance analytics are inserted into and around the business processes Unsupported Structures Accessing Business Improvement TM aiding with Health, Safety and Security decisions to support workforce assurance compliance reporting Honeywell International All Rights Reserved

13 Experiences from CXO CEO COO CFO CIO CSO Zero Harm Licence to Operate Who is working for me today? Are they known, authorised, accredited and accounted for at all times? Contractor Reconciliation (Plan v Actual) hours ROI of Mobilization expenditure Logical and Physical Identity Management Interoperability between systems Corporate Security Reduce Risk / Establish Standards Automate Security Policy and Procedures Honeywell International All Rights Reserved

Ellipse The Enterprise Asset Management (EAM) solution for asset intensive industries

Ellipse The Enterprise Asset Management (EAM) solution for asset intensive industries Ellipse is a fully-integrated Enterprise Asset Management (EAM) application suite providing complete visibility and