Management: Information Security: Risk and Reward
- Donald Gauci (Ernst & Young)
- Document ID
- Society of Petroleum Engineers
- Journal of Petroleum Technology
- Publication Date
- May 2007
- Document Type
- Journal Paper
- 36 - 39
- 2007. Copyright is retained by the author. This document is distributed by SPE with the permission of the author. Contact the author for permission to use material from this document.
- 1 in the last 30 days
- 46 since 2007
- Show more detail
- View rights & permissions
|SPE Member Price:||Free|
|SPE Non-Member Price:||USD 15.00|
Information security is the bedrock of any information risk-management system, and oil and gas companies are becoming more adept at minimizing risk by bolstering these systems across their organizations. Information technology (IT) is becoming such an important facet to these businesses and their disaster-recovery and business-continuity planning that the security issues now often spread to the upper echelons of many organizational charts, even to boards of directors and audit committees.
In fact, the industry is seeing an increase in the number of executives in charge of company IT assets. Such arrangements play a powerful role in IT security and can result in strategically aligning IT-security issues with business objectives. Oil and gas companies should evaluate the following as global priorities when assessing information security:
- Integrating information security within the organization
- Extending the impact of compliance
- Managing the risks of third-party relationships
- Focusing on privacy and personal-data protection
- Designing and building information security
Some of the regulatory changes that have taken place over the last few years, particularly related to the Sarbanes-Oxley Act in the United States, have caused companies to move from a reactive to a more proactive mode. While many energy companies still would rather spend capital on commodity assets than on information assets, they are slowly shifting as they recognize that information security is a top business driver. IT security is becoming a part of the discussion in the context of a company’s priorities. Whether those priorities include adding new acreage or adding rigs, E&P companies are leveraging technology more and more, and, as that technology is leveraged, the need for IT security rises.
As Technology Is Leveraged, Risk Rises
As companies grow through expansion or from mergers and acquisitions, computer networks can multiply and expand like cell division. Gradually adding bits and pieces to a network, especially when knowingly or unknowingly commingling sensitive data, increases risks and elevates the need for IT security. Not long ago, petroleum engineers, for example, examined geology assets in a back room, working safely within a secured computer network. Today, more and more of these professionals are performing such work on broader company networks, a move that saves companies money, but also elevates the possibility of data being compromised.
The notion of E&P companies leveraging communications technologies is not new, but they are constantly breaking new ground where applications are concerned. Fiber-optic networks, for example, are commonplace, and energy companies are now investing billions of dollars to lay these systems in the Gulf of Mexico and at other offshore asset locations. They know that as they go out into deeper water, the fiber-optic network will offer better communications capabilities for current and future processing facilities and drilling activities.
|File Size||272 KB||Number of Pages||3|