Policy and procedure vulnerabilities

The following is a list that gives some insight into policy and procedure vulnerabilities:

• Inadequate ICS security policy
• Lack of formal ICS security training and awareness program
• Inadequate security architecture and design
• Lack of documented security procedures that have been developed based on ICS security policy
• Absent or deficient ICS equipment implementation guidelines
• Lack of administrative mechanisms for security enforcement