Reducing Cybersecurity Risks for a Gas Organization by Creating an Information Security Program Public

The energy sector has seen an increase in cyber-attacks over the last decade, with little signs of a trough in the foreseeable future. At a granular level, gas organizations have also bore the burden of some of these attacks within the sector. In light of the increase in cyber-attacks, gas organizations can do their part in reducing cyber risk and help stem the rise in attacks. In this sense, gas organizations can utilize an information security program and the respective program components to mitigate the cyber risk that confronts their firm. This research endeavor focuses on these components and how some gas organizations have implemented them in their information security program. The primary question of this research study is to determine: What role does an information security program play in reducing the cyber risk that a gas organization faces? Within the confines of this research endeavor, I examine the different components of an information security program and then juxtapose these components against the real world application of these components in a gas organization. As a result of the subsequent examination, I have developed the ISP (Information Security Program) Model. The model itself resembles a honeycomb and demonstrates the interdependency of each component within an information security program.

README