MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saša Aksentijević, PhD

8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD

1/13

Information Security Cost Management inOffshore SMB ICT Companies

SaaAksentijevi1, Edvard Tijan2

1 Saipem SpA Croatian Branch

Alda Colonnella 2, Rijeka, Croatia

Tel: +385 51 65 17 00 Fax: +385 51 65 17 81 E-mail: [email protected]

2 University of Rijeka, Faculty of Maritime Studies

Studentska 2, 51000 Rijeka, Croatia

Tel: +385 51 33 84 11 Fax: +385 51 33 67 55 E-mail:[email protected]

MIPRO 2013..
mailto:[email protected]:[email protected]


2/13

Statement of the Problem

Companies belonging to offshore SMB ICT segment are subjected to various

costs arising from several sources like: legal compliance, alignment with best

practice guidelines and standards, employee education, basic computer and

network infrastructure security and cost of SaaS/cloud solutions.

Furthermore, such companies usually have very limited financial resources,

yet they are often involved in large projects working for major offshore

installation contractors. In this paper the authors will outline basic costs of

information security management systems in offshore SMB companies andpropose a simple model to continuously monitor and control them


3/13

Overview of offshore operations in oil&energy sector

Term offshore is nowadays usually used for oil and gas drilling operations that are

conducted in the ocean

Common offshore installations constructed during offshore operations are: drilling rigs,floating production storage and offloading vessels, natural gas platforms, oil platformsand

offshore wind farms


4/13

Characteristics of offshore projects

Very complex, require large capital base, modern technology and best

human resources

Diverse in length, from short term to long term

Include several subcontractors using diverse methodologies

Usually connected with large risks that have to be quantified to be

managed

Key success drivers: health, safety and sustainability

Contracts are typically stipulated very close to project start

Usually executed in difficult areas (harsh environment, politically

unstable countries, technically challenging environment, logistics

problems, war zones)


5/13

Goals of offshore risk project management

Realistic and reasonable cost and schedule contingencies

Understanding the probability of cost overrun and schedule

delays

Understanding the accuracy of cost estimate or project

schedule

Ensuring that project teams identify and properly

communicate risks and implement risk mitigation plan


6/13

Requirements of offshore ICT security

Legal framework transcends several nations

Different business context, so existing legal requirements are not

easily applicable to offshore ICT security Best practice ISMS systems do not evaluate influence of investments

in SMS to companys or project financial results

SMB companies lack financial and human resources

ISMS management viewed as minimal cost or technical discipline

SMB ICT companies tend to accept unreasonably high risk levels Business financing sector does not recognize importance of ICT

security in offshore SMB ICT companies


7/13

Proposal of model for SMB companies working on

offshore projects

Proposal of portfolio model, consisting of baseline ICT security and

project portfolio ICT solutions

Baselineoffshore

SMB ICTsecurity

Project ASMB ICTsecurity

Project BSMB ICTsecurity

Project CSMB ICTsecurity

Project DSMB ICTsecurity

Project ESMB ICTsecurity


8/13

Cumulative baseline SMB offshore ICT security

BaselineSMB

offshoreICT security

Legal requirements

Best practicerequirements

Risk assessmentapproach requirements


9/13

Legal requirements of SMB ICT offshore companies

Legalrequirements

National legalrequirements

Local legalrequirements

Maritime law specificrequirements


10/13

Best practice requirements

Best practicerequirements

Technical best practiceframeworks

ISMS best praticeframeworks

Best practices of projectmanagement


11/13

Risk assessment approach of SMB offshore ICT

companies

Risk

assessment

approach

requirements

SMB offshore ICT assets

Asset threats

Asset vulnerabilities


12/13

Expected developments in the near future

Shift towards cloud based solutions not always easily applicable in

offshore projects

Offshore project clients prefer standard and well-proven solutions andmeasures to achieve goals of ICT security on projects

Host countries are likely to continue implementing strict measures for

control of information

Local infrastructure in host countries continues to be lacking,

consequence is reliance on foreign solutions

Cost of required local certification continues having major impact on

cost effectiveness

Hidden and sunk costs will have a big impact on efficiency of SMB

ICT companies on offshore projects


13/13

Information Security Cost

Management in Offshore SMBICT Companies

THANK YOU FOR YOUR PATIENCE!

Documents

MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saša Aksentijević, PhD