CSA Z246.1-17 pdf download – Security management for petroleum and natural gas industry systems.
3 Definitions
The following definitions shall apply in this Standard:
Adversary — any individual, group, organization, or government that conducts activities detrimental to an operator’s assets or has the intention and capability to conduct such activities.
Note: An adversary con include political and terrorist groups, criminals, disgruntled employees, and private interests; an adversary can also include site insiders, site outsiders, or the two acting in collusion.
Source: Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries.
Asset — any person, facility, material, information, business reputation, or activity that has value to an operator.
Asset attractiveness — an assessment of the perception of value of an asset from an adversary’s perspective that influences the likelihood of a security incident, based on factors such as location, ease of access, size, and vulnerability, with consideration being given to the threat environment.
Asset characterization — the systematic identification and ranking of assets that, if destroyed or damaged, could result in adverse consequences to the operator.
Note: Asset characterization can Include surrounding and supporting infrastructure. This process will allow the operator to determine which assets require further evaluation under the security risk management process.
Countermeasure — a temporary action or activity taken as a reaction to mitigate a specific security threat.
Industrial control system (ICS) — a local/remote monitoring and control system normally containing distributed control systems (DCS) and/or programmable logic controller (PLC) computer-based systems connected to field devices to monitor and control facilities.
Intrusion detection system — a system designed to detect the entry or attempted entry of a person or vehicle into an area.
Management of change — a systematic process used to ensure internal and external changes are continually evaluated in order to assess the potential impact that change will have on the security management program (SMP).
Measure — an action or activity intended to improve one or more aspects of the security system to mitigate security risks/threats.
Operator — a corporation, or a person, including an owner or delegate, who
a) is in control of part or all of a petroleum and natural gas industry system and is accountable for its day-to-day operations;
b) has operational responsibility for any petroleum and natural gas industry system; or c) has direct operational control of part or all of a petroleum and natural gas industry system.
Owner — a corporation, or a person, other than a lien holder, who has an asset or title to a petroleum and natural gas industry system, facility, or equipment and is
a) responsible for the ongoing operation of a petroleum and natural gas industry system; or b) in charge of managing the operation of a petroleum and natural gas industry system, if all or part
of the petroleum and natural gas industry system are owned jointly by different persons.
Physical security – security systems and architectural features that are intended to provide protection. Note: Examples include security fficers, fencing, doors, gates, wall, turnstiles, locks, intrusion detection systems, vehicle barriers, and hardened glass. Source: Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. Policy – a high-level statement of the overall intentions and directions of an organization. Post orders – written directions informing designated security guards of what they are required to do in the event of a security-related incident or threat. Procedure一a documented series of steps followed in a definite order to carry out an activity. Process – a series of activities, tasks, decision points, and resources to support a policy. Risk – the measure of potential damage to or loss of an asset based on the probability of an undesired occurrence. . Security incident – a security-related occurrence, threat, or action that has led to or could potentally lead to adversely affecting people, the environment, assets, and economic stability. Security management program (SMP) – an ongoing process to ensure security threats and associated risks are identified and managed with appropriate mitigation and response procedures to prevent and minimize the impact of security incidents adversely affecting people, the environment, assets, and economic stability.CSA Z246.1-17 pdf download.