SlideShare a Scribd company logo
GUIDANCE ON SECURITY
for engineers and technicians
www.engc.org.uk/security
ENGINEERING COUNCIL
Security
Security can be defined as the state of relative freedom from threat or harm
caused by deliberate, unwanted, hostile or malicious acts. It operates on a
number of levels ranging from national security issues to countering crime.
It includes preserving the value, longevity and ongoing operation and
function of an enterprise’s assets, whether tangible or intangible, and the
handling of privacy issues such as the protection of personally identifiable
information.
The role of engineers and technicians
The behaviour of people is central to any engineering enterprise and
the security of its operations, products and services. Assets can be
compromised by individuals through lack of knowledge, carelessness,
complacency and deliberate non-compliance. Therefore, in addition to
physical, technological and process aspects, security must necessarily
involve consideration of people and their potential behaviour, both in their
professional duties and when sharing information including when using
social media.
Appropriate and proportionate security should be an integral part of the
design and operation of an asset, and encompasses its whole lifecycle. It
must recognise that threats and vulnerabilities change and evolve over time.
Good security can enable business benefits and competitive advantage by
protecting key assets and services, and engendering trust.
By following the six principles within this guidance, engineers and
technicians should be able to:
•	reduce the vulnerabilities in assets, systems or operations
•	provide early warning of potential threats
•	reduce opportunities for unauthorised or gratuitous access to information
to plan hostile acts and/or the compromise of design and intellectual
property
•	explain and manage security risks in an appropriate and proportionate
manner
•	minimise the potential impact of security breaches or failures on their
work, clients, services and the supply chain
•	improve the resilience, reliability, effectiveness and trustworthiness of
their product, process or service
•	enable economic and societal benefits to be realised securely
This guidance sets out six key principles to guide engineers
and technicians in identifying, assessing, managing and
communicating issues about security. It also describes their
associated responsibilities to society and generally being
security-minded.
	Adopt a security-minded approach to your
professional and personal life
	Apply responsible judgement and take a
leadership role
	Comply with legislation and codes, understand
their intent and seek further improvements
	 Ensure good security-minded communications
	Understand, comply and seek to improve lasting
systems for security governance
	Contribute to public and professional awareness
of security
Security is referred to both explicitly and implicitly in several Engineering
Council documents including the UK Standard for Professional Engineering
Competence (UK-SPEC), the Information and Communications Technology
Technician (ICTTech) Standard, and within the learning outcomes for
accredited degrees and approved qualifications and Apprenticeships. The
Engineering Council will review this guidance periodically and welcomes
comments on it. Professional engineering institutions are encouraged to use
it to assist them in developing guidance for their members.
Adopt a security-minded approach to your professional
and personal life
A security-minded approach requires engineers and technicians to:
•	be aware that their behaviour, use of social media, publications
and public presentations affects their own security and the
security of others
•	assess potential threats and vulnerabilities end to end, taking
account of the potential harm to people, the asset or system,
and the sensitivity of the information, which may be societal,
environmental or commercial
•	be aware that security risks are interdependent, adopting
a holistic risk management view that is appropriate and
proportionate, and is an integral part of all engineering activity
and decision-making
•	remember that security risk assessment is an aid to professional
judgement, not a substitute for it
•	be aware that overly-elaborate processes and procedures can
lead to poor compliance and undermine a security culture
•	identify vulnerabilities that may be used in a hostile, malicious or
inadvertent manner to create security breaches or failures
•	be responsive to changes in the operating environment,
including the impact of changes in use of the asset or system, its
wider connectivity and emerging threats and vulnerabilities
Apply responsible judgement and take a leadership role
When implementing a security-minded approach, engineers
and technicians should demonstrate a commitment to privacy,
reliability and ethical conduct by:
•	leading others in improving practice
•	working with other professionals to ensure informed,
proportionate, holistic judgements
•	empowering all those involved to identify potential security
challenges and opportunities
•	being prepared to challenge assumptions and proposals
•	ensuring that everybody reporting to them has the opportunity
to maintain competence in the area of security
Comply with legislation and codes, understand their
intent and be prepared to seek further improvements
Seeking advice where necessary, engineers and technicians
should:
•	be aware of, and comply with, the security-related laws in
countries where they operate or where their products or services
will be used
•	act in accordance with relevant security-related codes of
conduct
•	recognise and understand the intent behind security standards
and codes, as well as their limitations
•	seek further improvements where reasonably practicable, thus
embedding a culture of continuous security development
•	be open-minded and avoid using regulations to facilitate
complacency
Principles to guide engineers and technicians
These six principles will guide engineers and technicians when identifying,
assessing, managing and communicating issues about security.
Ensure good security-minded communications
Good security depends on communicating effectively and
appropriately with customers, clients, suppliers, sub-contractors
and non-engineering colleagues. Engineers and technicians
should:
•	adopt appropriate measures to protect sensitive information
when it is communicated, used and stored, both within and
beyond their organisation
•	be able to express clearly the risks and benefits
•	where appropriate, encourage an ‘open reporting’ approach to
security risks, incidents and near-misses, coupled with a spirit of
questioning and learning
•	take a measured approach to publishing information at
conferences,
workshops and seminars, or in professional or
trade publications, to avoid helping those intent on hostile
reconnaissance
•	be aware of the impact of data aggregation, both through
accumulation and association, including the use of disparate
sources
•	recognise the persistent nature and accessibility of information
published on the internet or otherwise made publicly available
•	recognise that indiscriminate publication of project, technical
or personal information can aid reconnaissance and enable
security breaches through social media
•	be aware of the use of social engineering1
to manipulate
individuals to give up confidential information
•	ensure responsible use of social media use for both personal
and professional purposes
Understand, comply with and seek to improve lasting
systems for security governance
Effective security requires good governance, with clear reporting
lines and accountability at board or executive level. Engineers and
technicians should:
•	ensure that they, and those who work with them, understand
the relevant security management policies, processes and
procedures
•	seek regular briefings on the security threats facing their
organisation and understand how threat agents might exploit
vulnerabilities in their customers/users and their own assets,
systems or business processes
•	ensure that security-related roles and responsibilities are clearly
assigned and understood, irrespective of whether functions or
services are outsourced
•	ensure that there are appropriate mechanisms for reporting and
feedback on security incidents and issues
•	contribute to the development and review of relevant security
management frameworks, particularly about aspects which may
not be well understood
•	scrutinise the security culture and responses to management
systems, with audits encompassing processes and technical and
paper systems
Contribute to public and professional awareness
of security
Engineers and technicians have an important role in raising
awareness and understanding about security risk and benefit.
They should:
•	be prepared to engage in debate on security risks and benefits,
especially in relation to new technologies and innovative
developments
•	be security-minded during public discussion
•	recognise the social, political and economic implications of
security risks and
acknowledge these through appropriate
channels
•	be honest and clear about uncertainties, and prepared to
challenge
misrepresentations and misconceptions
•	contribute to public and professional awareness of security by
sharing and promoting knowledge of effective solutions1
Social engineering:
www.cpni.gov.uk/advice/Personnel-security1/Social-engineering-Understanding-the-threat/
DesignedbyFMSwww.fms-com.com
T +44 (0)20 3206 0500
info@engc.org.uk
www.engc.org.uk
@EngCouncil
Publication of extracts from this
document are encouraged, subject to
attribution to the Engineering Council.
Registered Charity: 286142
Published May 2016
Please refer to the Engineering Council website
to ensure that you have the current version.
The Engineering Council welcomes comments on this guidance
which will be reviewed periodically.
Further information:
Engineering Council
UK-SPEC www.engc.org.uk/ukspec
ICT Technician Standard www.engc.org.uk/icttech
Guidance on:
		Security www.engc.org.uk/security
		Risk www.engc.org.uk/risk
		Whistleblowing www.engc.org.uk/whistleblowing
Centre for the Protection of National Infrastructure (CPNI)
www.cpni.gov.uk
CPNI Passport to Good Security
www.cpni.gov.uk/advice/Passport-to-Good-Security
HM Government
www.gov.uk/government/publications/cyber-essentials-scheme-overview
Register of Security Engineers and Specialists
www.rses.org.uk
www.ice.org.uk/rses

More Related Content

Similar to Engineering council uk guidance on security for engineers & technicians

ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptxETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
norsubaisLibrary12
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...
stuimrozsm
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
SY0-701 Dumps | SY0-701 Preparation Kit
SY0-701 Dumps | SY0-701 Preparation KitSY0-701 Dumps | SY0-701 Preparation Kit
SY0-701 Dumps | SY0-701 Preparation Kit
bronxfugly43
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
sanabts249
 
Importance of Technology Integration in Enhancement of Safety Culture Among...
Importance of Technology Integration  in Enhancement of Safety Culture  Among...Importance of Technology Integration  in Enhancement of Safety Culture  Among...
Importance of Technology Integration in Enhancement of Safety Culture Among...
Rohan Homkar
 
Microsoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdfMicrosoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdf
Snarky Security
 
Software engineering-codes-of-ethics (1)
Software engineering-codes-of-ethics (1)Software engineering-codes-of-ethics (1)
Software engineering-codes-of-ethics (1)
Rana Muhammad Asif
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
timsnp
 
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
Major K. Subramaniam Kmaravehlu
 
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
Major K. Subramaniam Kmaravehlu
 
EQHSE Safety and Security Director
EQHSE Safety and Security DirectorEQHSE Safety and Security Director
EQHSE Safety and Security Director
Jason Rozacky, MBA-HRM, MM-PA
 
GROUP-1-PPT.pptx
GROUP-1-PPT.pptxGROUP-1-PPT.pptx
GROUP-1-PPT.pptx
JOSHUABALLESTEROS4
 
Choosing Secure and Verifiable Technologies [EN].pdf
Choosing Secure and Verifiable Technologies [EN].pdfChoosing Secure and Verifiable Technologies [EN].pdf
Choosing Secure and Verifiable Technologies [EN].pdf
Snarky Security
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 
Health And Safety Policy
Health And Safety PolicyHealth And Safety Policy
Health And Safety Policy
KONZABETAS - ARCHITECTS+ENGINEERS
 
D1 security and risk management v1.62
D1 security and risk management  v1.62D1 security and risk management  v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 
CHAP 8..ppt
CHAP 8..pptCHAP 8..ppt

Similar to Engineering council uk guidance on security for engineers & technicians (20)

ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptxETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
SY0-701 Dumps | SY0-701 Preparation Kit
SY0-701 Dumps | SY0-701 Preparation KitSY0-701 Dumps | SY0-701 Preparation Kit
SY0-701 Dumps | SY0-701 Preparation Kit
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
 
Importance of Technology Integration in Enhancement of Safety Culture Among...
Importance of Technology Integration  in Enhancement of Safety Culture  Among...Importance of Technology Integration  in Enhancement of Safety Culture  Among...
Importance of Technology Integration in Enhancement of Safety Culture Among...
 
Microsoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdfMicrosoft Navigating Incident Response [EN].pdf
Microsoft Navigating Incident Response [EN].pdf
 
Software engineering-codes-of-ethics (1)
Software engineering-codes-of-ethics (1)Software engineering-codes-of-ethics (1)
Software engineering-codes-of-ethics (1)
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
 
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
 
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
BLE 1213 MUST (PSY - Session 1).pptx-Student HO.
 
EQHSE Safety and Security Director
EQHSE Safety and Security DirectorEQHSE Safety and Security Director
EQHSE Safety and Security Director
 
GROUP-1-PPT.pptx
GROUP-1-PPT.pptxGROUP-1-PPT.pptx
GROUP-1-PPT.pptx
 
Choosing Secure and Verifiable Technologies [EN].pdf
Choosing Secure and Verifiable Technologies [EN].pdfChoosing Secure and Verifiable Technologies [EN].pdf
Choosing Secure and Verifiable Technologies [EN].pdf
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
Health And Safety Policy
Health And Safety PolicyHealth And Safety Policy
Health And Safety Policy
 
D1 security and risk management v1.62
D1 security and risk management  v1.62D1 security and risk management  v1.62
D1 security and risk management v1.62
 
CHAP 8..ppt
CHAP 8..pptCHAP 8..ppt
CHAP 8..ppt
 

More from Bhim Upadhyaya

Role of engineers in infrastructure development for the prosperity of nepal ...
Role of engineers  in infrastructure development for the prosperity of nepal ...Role of engineers  in infrastructure development for the prosperity of nepal ...
Role of engineers in infrastructure development for the prosperity of nepal ...
Bhim Upadhyaya
 
India's vision and roadmap for development of sanskrit report
India's vision and roadmap for development of sanskrit reportIndia's vision and roadmap for development of sanskrit report
India's vision and roadmap for development of sanskrit report
Bhim Upadhyaya
 
Nepal faecal sludge management and regulatory framework 2074
Nepal faecal sludge management and regulatory framework 2074Nepal faecal sludge management and regulatory framework 2074
Nepal faecal sludge management and regulatory framework 2074
Bhim Upadhyaya
 
Nepal- Total sanitation guidelines 2073 ministry of water supply and sanitat...
Nepal- Total  sanitation guidelines 2073 ministry of water supply and sanitat...Nepal- Total  sanitation guidelines 2073 ministry of water supply and sanitat...
Nepal- Total sanitation guidelines 2073 ministry of water supply and sanitat...
Bhim Upadhyaya
 
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
Bhim Upadhyaya
 
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
Bhim Upadhyaya
 
Water resources of nepal- in the context of climate change 2011 by wecs
Water resources of nepal- in the context of climate change 2011 by wecsWater resources of nepal- in the context of climate change 2011 by wecs
Water resources of nepal- in the context of climate change 2011 by wecs
Bhim Upadhyaya
 
Energy demand projection 2030 a study done by nepal investment board
Energy demand projection 2030  a study done by nepal investment boardEnergy demand projection 2030  a study done by nepal investment board
Energy demand projection 2030 a study done by nepal investment board
Bhim Upadhyaya
 
Nepal Energy strategy 2013 by wecs
Nepal Energy strategy 2013 by wecsNepal Energy strategy 2013 by wecs
Nepal Energy strategy 2013 by wecs
Bhim Upadhyaya
 
National Water Plan Nepal 2005 by WECS
National Water Plan Nepal 2005 by WECSNational Water Plan Nepal 2005 by WECS
National Water Plan Nepal 2005 by WECS
Bhim Upadhyaya
 
Water Resources Strategy Nepal 2002 by WECs
Water Resources Strategy Nepal 2002 by WECsWater Resources Strategy Nepal 2002 by WECs
Water Resources Strategy Nepal 2002 by WECs
Bhim Upadhyaya
 
Nepal - energy sector synopsis report 2010- wecs
Nepal - energy sector synopsis report 2010- wecsNepal - energy sector synopsis report 2010- wecs
Nepal - energy sector synopsis report 2010- wecs
Bhim Upadhyaya
 
Nepal final report on energy sectors vision 2050 ad
Nepal  final report on energy sectors vision 2050 adNepal  final report on energy sectors vision 2050 ad
Nepal final report on energy sectors vision 2050 ad
Bhim Upadhyaya
 
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naiduAndhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
Bhim Upadhyaya
 
Facebook sambad with naya patrika daily push 9th 2071
Facebook sambad with naya patrika daily push 9th 2071Facebook sambad with naya patrika daily push 9th 2071
Facebook sambad with naya patrika daily push 9th 2071
Bhim Upadhyaya
 
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भएMa pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
Bhim Upadhyaya
 
Gurustrotam in sanskrit and hindi
Gurustrotam in sanskrit and hindiGurustrotam in sanskrit and hindi
Gurustrotam in sanskrit and hindi
Bhim Upadhyaya
 
Sankskrit and science by dr raja ramanna
Sankskrit and  science by dr raja ramannaSankskrit and  science by dr raja ramanna
Sankskrit and science by dr raja ramanna
Bhim Upadhyaya
 
Ayurveda swadeshi chikitsa- part 1 by rajiv dixit
Ayurveda swadeshi chikitsa- part 1 by rajiv dixitAyurveda swadeshi chikitsa- part 1 by rajiv dixit
Ayurveda swadeshi chikitsa- part 1 by rajiv dixit
Bhim Upadhyaya
 
Ayurveda aapka swasthya aap ke haath by rajiv dixit
Ayurveda aapka swasthya aap ke haath by rajiv dixitAyurveda aapka swasthya aap ke haath by rajiv dixit
Ayurveda aapka swasthya aap ke haath by rajiv dixit
Bhim Upadhyaya
 

More from Bhim Upadhyaya (20)

Role of engineers in infrastructure development for the prosperity of nepal ...
Role of engineers  in infrastructure development for the prosperity of nepal ...Role of engineers  in infrastructure development for the prosperity of nepal ...
Role of engineers in infrastructure development for the prosperity of nepal ...
 
India's vision and roadmap for development of sanskrit report
India's vision and roadmap for development of sanskrit reportIndia's vision and roadmap for development of sanskrit report
India's vision and roadmap for development of sanskrit report
 
Nepal faecal sludge management and regulatory framework 2074
Nepal faecal sludge management and regulatory framework 2074Nepal faecal sludge management and regulatory framework 2074
Nepal faecal sludge management and regulatory framework 2074
 
Nepal- Total sanitation guidelines 2073 ministry of water supply and sanitat...
Nepal- Total  sanitation guidelines 2073 ministry of water supply and sanitat...Nepal- Total  sanitation guidelines 2073 ministry of water supply and sanitat...
Nepal- Total sanitation guidelines 2073 ministry of water supply and sanitat...
 
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
जलस्रोत विकास परिषद्को कार्यविधि तथा गठनविधि 054.08.19
 
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
जल तथा उर्जा आयोग गठनको गठन आदेश राजपत्र 049.3.15
 
Water resources of nepal- in the context of climate change 2011 by wecs
Water resources of nepal- in the context of climate change 2011 by wecsWater resources of nepal- in the context of climate change 2011 by wecs
Water resources of nepal- in the context of climate change 2011 by wecs
 
Energy demand projection 2030 a study done by nepal investment board
Energy demand projection 2030  a study done by nepal investment boardEnergy demand projection 2030  a study done by nepal investment board
Energy demand projection 2030 a study done by nepal investment board
 
Nepal Energy strategy 2013 by wecs
Nepal Energy strategy 2013 by wecsNepal Energy strategy 2013 by wecs
Nepal Energy strategy 2013 by wecs
 
National Water Plan Nepal 2005 by WECS
National Water Plan Nepal 2005 by WECSNational Water Plan Nepal 2005 by WECS
National Water Plan Nepal 2005 by WECS
 
Water Resources Strategy Nepal 2002 by WECs
Water Resources Strategy Nepal 2002 by WECsWater Resources Strategy Nepal 2002 by WECs
Water Resources Strategy Nepal 2002 by WECs
 
Nepal - energy sector synopsis report 2010- wecs
Nepal - energy sector synopsis report 2010- wecsNepal - energy sector synopsis report 2010- wecs
Nepal - energy sector synopsis report 2010- wecs
 
Nepal final report on energy sectors vision 2050 ad
Nepal  final report on energy sectors vision 2050 adNepal  final report on energy sectors vision 2050 ad
Nepal final report on energy sectors vision 2050 ad
 
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naiduAndhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
Andhra pradesh(india) sunrise vision 2029 draft by chandrababu naidu
 
Facebook sambad with naya patrika daily push 9th 2071
Facebook sambad with naya patrika daily push 9th 2071Facebook sambad with naya patrika daily push 9th 2071
Facebook sambad with naya patrika daily push 9th 2071
 
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भएMa pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
Ma pradhanmantri bhayeko bhaye as pub nayapatrika म प्रम भएको भए
 
Gurustrotam in sanskrit and hindi
Gurustrotam in sanskrit and hindiGurustrotam in sanskrit and hindi
Gurustrotam in sanskrit and hindi
 
Sankskrit and science by dr raja ramanna
Sankskrit and  science by dr raja ramannaSankskrit and  science by dr raja ramanna
Sankskrit and science by dr raja ramanna
 
Ayurveda swadeshi chikitsa- part 1 by rajiv dixit
Ayurveda swadeshi chikitsa- part 1 by rajiv dixitAyurveda swadeshi chikitsa- part 1 by rajiv dixit
Ayurveda swadeshi chikitsa- part 1 by rajiv dixit
 
Ayurveda aapka swasthya aap ke haath by rajiv dixit
Ayurveda aapka swasthya aap ke haath by rajiv dixitAyurveda aapka swasthya aap ke haath by rajiv dixit
Ayurveda aapka swasthya aap ke haath by rajiv dixit
 

Recently uploaded

Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
AIRCC Publishing Corporation
 
AFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdfAFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdf
vibhapatil140
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
GeethaAL
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
huseindihon
 
Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
princeshah76
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
huseindihon
 
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdfRed Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
mdfkobir
 
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented ArchitectureANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
Divya Rajasekar
 
TestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid systemTestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid system
artembondar5
 
carpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying toolscarpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying tools
ChristopherAltizen2
 
Protect YugabyteDB with Hashicorp Vault.pdf
Protect YugabyteDB with Hashicorp Vault.pdfProtect YugabyteDB with Hashicorp Vault.pdf
Protect YugabyteDB with Hashicorp Vault.pdf
Gwenn Etourneau
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
princeshah76
 
III B.TECH CSE_flutter Lab manual (1).docx
III B.TECH CSE_flutter Lab manual (1).docxIII B.TECH CSE_flutter Lab manual (1).docx
III B.TECH CSE_flutter Lab manual (1).docx
divijareddy0502
 
Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...
RohitGhulanavar2
 
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
amzhoxvzidbke
 
Safety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting TacklesSafety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting Tackles
ssuserfcf701
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
821priyankaj
 
Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)
rkpv2002
 
Chapter 1 Introduction to Software Engineering and Process Models.pdf
Chapter 1 Introduction to Software Engineering and Process Models.pdfChapter 1 Introduction to Software Engineering and Process Models.pdf
Chapter 1 Introduction to Software Engineering and Process Models.pdf
MeghaGupta952452
 
# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT
Yesh20
 

Recently uploaded (20)

Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
Developing a Genetic Algorithm Based Daily Calorie Recommendation System for ...
 
AFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdfAFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdf
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
 
Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
 
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdfRed Hat Enterprise Linux Administration 9.0 RH134 pdf
Red Hat Enterprise Linux Administration 9.0 RH134 pdf
 
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented ArchitectureANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
 
TestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid systemTestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid system
 
carpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying toolscarpentry-11-module-1.docx 1 identifying tools
carpentry-11-module-1.docx 1 identifying tools
 
Protect YugabyteDB with Hashicorp Vault.pdf
Protect YugabyteDB with Hashicorp Vault.pdfProtect YugabyteDB with Hashicorp Vault.pdf
Protect YugabyteDB with Hashicorp Vault.pdf
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
 
III B.TECH CSE_flutter Lab manual (1).docx
III B.TECH CSE_flutter Lab manual (1).docxIII B.TECH CSE_flutter Lab manual (1).docx
III B.TECH CSE_flutter Lab manual (1).docx
 
Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...
 
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
 
Safety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting TacklesSafety Operating Procedure for Testing Lifting Tackles
Safety Operating Procedure for Testing Lifting Tackles
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
 
Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)
 
Chapter 1 Introduction to Software Engineering and Process Models.pdf
Chapter 1 Introduction to Software Engineering and Process Models.pdfChapter 1 Introduction to Software Engineering and Process Models.pdf
Chapter 1 Introduction to Software Engineering and Process Models.pdf
 
# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT# Smart Parking Management System.pptx using IOT
# Smart Parking Management System.pptx using IOT
 

Engineering council uk guidance on security for engineers &amp; technicians

  • 1. GUIDANCE ON SECURITY for engineers and technicians www.engc.org.uk/security ENGINEERING COUNCIL
  • 2. Security Security can be defined as the state of relative freedom from threat or harm caused by deliberate, unwanted, hostile or malicious acts. It operates on a number of levels ranging from national security issues to countering crime. It includes preserving the value, longevity and ongoing operation and function of an enterprise’s assets, whether tangible or intangible, and the handling of privacy issues such as the protection of personally identifiable information. The role of engineers and technicians The behaviour of people is central to any engineering enterprise and the security of its operations, products and services. Assets can be compromised by individuals through lack of knowledge, carelessness, complacency and deliberate non-compliance. Therefore, in addition to physical, technological and process aspects, security must necessarily involve consideration of people and their potential behaviour, both in their professional duties and when sharing information including when using social media. Appropriate and proportionate security should be an integral part of the design and operation of an asset, and encompasses its whole lifecycle. It must recognise that threats and vulnerabilities change and evolve over time. Good security can enable business benefits and competitive advantage by protecting key assets and services, and engendering trust. By following the six principles within this guidance, engineers and technicians should be able to: • reduce the vulnerabilities in assets, systems or operations • provide early warning of potential threats • reduce opportunities for unauthorised or gratuitous access to information to plan hostile acts and/or the compromise of design and intellectual property • explain and manage security risks in an appropriate and proportionate manner • minimise the potential impact of security breaches or failures on their work, clients, services and the supply chain • improve the resilience, reliability, effectiveness and trustworthiness of their product, process or service • enable economic and societal benefits to be realised securely This guidance sets out six key principles to guide engineers and technicians in identifying, assessing, managing and communicating issues about security. It also describes their associated responsibilities to society and generally being security-minded. Adopt a security-minded approach to your professional and personal life Apply responsible judgement and take a leadership role Comply with legislation and codes, understand their intent and seek further improvements Ensure good security-minded communications Understand, comply and seek to improve lasting systems for security governance Contribute to public and professional awareness of security Security is referred to both explicitly and implicitly in several Engineering Council documents including the UK Standard for Professional Engineering Competence (UK-SPEC), the Information and Communications Technology Technician (ICTTech) Standard, and within the learning outcomes for accredited degrees and approved qualifications and Apprenticeships. The Engineering Council will review this guidance periodically and welcomes comments on it. Professional engineering institutions are encouraged to use it to assist them in developing guidance for their members.
  • 3. Adopt a security-minded approach to your professional and personal life A security-minded approach requires engineers and technicians to: • be aware that their behaviour, use of social media, publications and public presentations affects their own security and the security of others • assess potential threats and vulnerabilities end to end, taking account of the potential harm to people, the asset or system, and the sensitivity of the information, which may be societal, environmental or commercial • be aware that security risks are interdependent, adopting a holistic risk management view that is appropriate and proportionate, and is an integral part of all engineering activity and decision-making • remember that security risk assessment is an aid to professional judgement, not a substitute for it • be aware that overly-elaborate processes and procedures can lead to poor compliance and undermine a security culture • identify vulnerabilities that may be used in a hostile, malicious or inadvertent manner to create security breaches or failures • be responsive to changes in the operating environment, including the impact of changes in use of the asset or system, its wider connectivity and emerging threats and vulnerabilities Apply responsible judgement and take a leadership role When implementing a security-minded approach, engineers and technicians should demonstrate a commitment to privacy, reliability and ethical conduct by: • leading others in improving practice • working with other professionals to ensure informed, proportionate, holistic judgements • empowering all those involved to identify potential security challenges and opportunities • being prepared to challenge assumptions and proposals • ensuring that everybody reporting to them has the opportunity to maintain competence in the area of security Comply with legislation and codes, understand their intent and be prepared to seek further improvements Seeking advice where necessary, engineers and technicians should: • be aware of, and comply with, the security-related laws in countries where they operate or where their products or services will be used • act in accordance with relevant security-related codes of conduct • recognise and understand the intent behind security standards and codes, as well as their limitations • seek further improvements where reasonably practicable, thus embedding a culture of continuous security development • be open-minded and avoid using regulations to facilitate complacency Principles to guide engineers and technicians These six principles will guide engineers and technicians when identifying, assessing, managing and communicating issues about security.
  • 4. Ensure good security-minded communications Good security depends on communicating effectively and appropriately with customers, clients, suppliers, sub-contractors and non-engineering colleagues. Engineers and technicians should: • adopt appropriate measures to protect sensitive information when it is communicated, used and stored, both within and beyond their organisation • be able to express clearly the risks and benefits • where appropriate, encourage an ‘open reporting’ approach to security risks, incidents and near-misses, coupled with a spirit of questioning and learning • take a measured approach to publishing information at conferences,
workshops and seminars, or in professional or trade publications, to avoid helping those intent on hostile reconnaissance • be aware of the impact of data aggregation, both through accumulation and association, including the use of disparate sources • recognise the persistent nature and accessibility of information published on the internet or otherwise made publicly available • recognise that indiscriminate publication of project, technical or personal information can aid reconnaissance and enable security breaches through social media • be aware of the use of social engineering1 to manipulate individuals to give up confidential information • ensure responsible use of social media use for both personal and professional purposes Understand, comply with and seek to improve lasting systems for security governance Effective security requires good governance, with clear reporting lines and accountability at board or executive level. Engineers and technicians should: • ensure that they, and those who work with them, understand the relevant security management policies, processes and procedures • seek regular briefings on the security threats facing their organisation and understand how threat agents might exploit vulnerabilities in their customers/users and their own assets, systems or business processes • ensure that security-related roles and responsibilities are clearly assigned and understood, irrespective of whether functions or services are outsourced • ensure that there are appropriate mechanisms for reporting and feedback on security incidents and issues • contribute to the development and review of relevant security management frameworks, particularly about aspects which may not be well understood • scrutinise the security culture and responses to management systems, with audits encompassing processes and technical and paper systems Contribute to public and professional awareness of security Engineers and technicians have an important role in raising awareness and understanding about security risk and benefit. They should: • be prepared to engage in debate on security risks and benefits, especially in relation to new technologies and innovative developments • be security-minded during public discussion • recognise the social, political and economic implications of security risks and
acknowledge these through appropriate channels • be honest and clear about uncertainties, and prepared to challenge
misrepresentations and misconceptions • contribute to public and professional awareness of security by sharing and promoting knowledge of effective solutions1 Social engineering: www.cpni.gov.uk/advice/Personnel-security1/Social-engineering-Understanding-the-threat/
  • 5. DesignedbyFMSwww.fms-com.com T +44 (0)20 3206 0500 info@engc.org.uk www.engc.org.uk @EngCouncil Publication of extracts from this document are encouraged, subject to attribution to the Engineering Council. Registered Charity: 286142 Published May 2016 Please refer to the Engineering Council website to ensure that you have the current version. The Engineering Council welcomes comments on this guidance which will be reviewed periodically. Further information: Engineering Council UK-SPEC www.engc.org.uk/ukspec ICT Technician Standard www.engc.org.uk/icttech Guidance on: Security www.engc.org.uk/security Risk www.engc.org.uk/risk Whistleblowing www.engc.org.uk/whistleblowing Centre for the Protection of National Infrastructure (CPNI) www.cpni.gov.uk CPNI Passport to Good Security www.cpni.gov.uk/advice/Passport-to-Good-Security HM Government www.gov.uk/government/publications/cyber-essentials-scheme-overview Register of Security Engineers and Specialists www.rses.org.uk www.ice.org.uk/rses