Oil & Gas
Oil and gas firms have formidable cybersecurity risks and privacy concerns — their importance to the global economy overall makes them a prime target for hackers and other malicious actors.
GET A DEMO
The Regulatory Burden
Oil and gas facilities are governed by numerous national security regulations because they qualify as critical infrastructure.
Moreover, the design of drilling facilities has become enormously complicated, with industrial controls and Internet-enabled systems intersecting. That gives rise to many more possible attack points that must be secured and monitored at all times.
Under the Pipeline Security Guidelines, developed and managed by the Transportation Security Guidelines, oil & gas concerns must inventory their operating technologies (defined as systems that control and monitor physical equipment). All cyber-enabled “OT” is deemed critical infrastructure by the Department of Homeland Security and therefore should implement the NIST Cybersecurity Framework for Critical Infrastructure.
As employers, oil and gas companies also have all the usual regulatory obligations around personal data (HIPAA, Gramm-Leach-Bliley, GDPR). Plus security risks for corporate financial and operational data not related to pipeline operations (intellectual property, for example).
Compliance Objectives
Both the pipeline industry guidelines and the NIST critical infrastructure guidance include steps such as risk assessment, response planning, mitigation, training and protective technology to keep essential assets as far away from threats as possible.
For security officers building a compliance strategy, those obligations translate into several practical steps that a compliance management system will need to do:
-
Inventory all the systems that control physical assets and their connectivity to the rest of the IT infrastructure.
-
Assess the starting security posture of their own systems and any third parties they use.
-
Identify security gaps they must fill to meet regulatory requirements.
-
Establish mitigation steps that might be necessary and assign them to control owners.
-
Monitor usage of IT services to see whether new third parties are on the network.
-
Conduct any news risk assessments might be necessary as new regulations emerge.
Guides
Webinars
Articles
The Difference Between Vulnerability Assessment and Vulnerability Management
Read ArticleCCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act
Read ArticleHow Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions
Read ArticleCompliance Offers Internal Stakeholder Value: Automation as Transmogrifier
Read ArticleRisk Management Automation and Customer Engagement: Rupees in the Grass
Read Article7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior
Read ArticleCybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month
Read ArticleProtecting Your Corporate Website as an Enterprise Risk Management Strategy
Read ArticleCloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven
Read ArticleLegal Liability in Information Security: How Compliance Can Be Used to Protect Assets
Read ArticleWebinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy
Read ArticleHow to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide
Read ArticleWhen to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleSmarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleWhat is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More
Read Article“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets
Read ArticleJoin Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets
Read ArticleZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates
Read ArticleZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support
Read ArticleHow to Tell if it is Time to Start a Compliance Program [Infographic]
Read ArticleA Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen
Read ArticleChanges Are Coming For The Trust Services Principles And Criteria – Are You Ready?
Read ArticleSelecting the Right Service Organization Control Report for Outsourced Operations
Read Article
FAQs
Oil & Gas related Use Cases
Learn how we can fit into your business.
Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.
