| dc.description.abstract | This thesis focuses on creating a flexible cyber security framework to improve compliance with cyber security requirements for oil and gas industry projects. Typical oil and gas projects have requirements and specification regarding cyber security that will vary from operator to operator and scope of supply, whether or not the installation is new or existing. However, these unique specifications from the different operators impose issues to the supplier who works with numerous clients within the industry. One of the issues emerging from the client's specification is that the specification is applicable to the entire oil and gas installation, whereas the scope for the supplier side of the project may only be a small fracture of it depending on the task. Another issue is regarding the level of cyber security knowledge the engineering on the supplier side may have in order to understand their responsibilities from the specification given by the client. Through qualitative study of a case with one of such suppliers, has reveled that the knowledge on the topic for complying with requirements from the client's specification are low, there is also a lack of specification from said supplier. To improve this situation, the study maps the recurring topics between the different clients' specifications and topics the employee of the case faces the most. Those derived topics have then been presented to a custom framework which is tailored for the used case on the supplier side. This framework allows the engineers working on the project to know what cyber security requirements are applicable to them. The framework has been reviewed by its users with positive responses regarding it as relevant and usable, and improving the understanding of cyber security responsibility for them as a supplier of their project scope. | |
