| | September 20169CIOReviewDefense in depth is another strategy for protecting systems and dataopportunity to take advantage of emerging "industrial internet of things" technology that is transforming many industries. We assessed the applicability of existing and upcoming technologies on our operations and established an innovation path to build the foundation required to take advantage of emerging technologies. We focused on intelligent equipment, advanced analytics, connecting people at work and on the move, and providing seamless access to a "context aware" digital oilfield. This will enable us to move from merely understanding the past to seeing and improving the future.Innovation and the introduction of leading technologies also bring risks associated with having a more digitized and interconnected environment. Cyber security is part of the early stages of strategy development for each of the technologies we consider, and cannot be an afterthought. We must design security into every solution because the cost to address security once a technology has been applied can be very expensive and often is less effective. As a result, our enterprise architecture team must have the skills to recognize security implications and engage our cyber security team during the strategy development phase. This step reduces the risk of losing data or control before the solution is operational."Defense in depth" is another strategy for protecting systems and data. We employ multiple layers of protection based on industry best practices, which are part of a larger cyber-security roadmap that provides solutions and supports a lifecycle of prevention, detection, containment, and eradication of cyber intrusions.Our cyber security roadmap was developed methodically to align with business requirements and impacts, while clarifying operational risks and identifying critical business data. We have focused resources on the most important business objectives without impeding productivity. It also establishes key indicators and metrics that allow us to measure performance. These metrics include progress toward meeting implementation deadlines for business critical projects, measuring, and reporting on identified threats and mitigation activities, performing third-party vulnerability assessments, and regularly measuring the response to mitigation of identified vulnerabilities. Exceptions to controls add risk to the organization and are documented and regularly audited.As the cyber threats constantly evolve, we must remain vigilant in our efforts to protect systems and data. Staying connected to the industry and participating in workgroups, government-led activities, and information sharing forums is essential for staying on top of existing and new threats and approaches to mitigate them. Controls, operational manuals, configuration guides, and written procedures are continuously optimized to increase their effectiveness.Any IT innovation and systems cyber security implemen-tation must focus on improving operational excellence in ev-ery aspect of our business, resulting in production that is more profitable and supporting our efforts to increase the recovery of reserves while improving margins. Our IT investments and in-novations have focused on improving data security and quality, making "the right data" available to the "right people at the right time, every time" and applying appropriate analytics to improve operations and decision-making. By profitably growing our pro-duction, we grow the company. Yanni Charalambous
<
Page 8 |
Page 10 >
