Developing best practices for industrial project life cycle security and a methodology for measuring implementation

The intent of this research was to establish security-related best practices with respect to the delivery of capital facility projects for the industrial sector. Its purpose was to develop security best practices for implementation during the project phases of front-end planning through startup to enhance facility security throughout its life cycle.; Proven construction industry best practices for project delivery were evaluated and used to identify specific security requirements. After identifying the essential security practices, these practices were categorized by security elements for organization and analysis. The practices were further grouped by project phase to assist with scoring of their use.; A Security Rating Index (SRI) was developed to provide a quantitative means for determining the level of use of the practices and for assessing impacts on cost, schedule, and safety. Use of the SRI requires the selection of consequence levels, which quantify potential results of a security breach over the facility life cycle, and threat levels, which quantify the intention and capability of an adversary to undertake detrimental actions. These concepts allow comparisons to be made between projects with similar security requirements.; An Internet-based questionnaire was programmed to collect project data for analysis. Following data collection, project information was analyzed to determine the relationship between project characteristics and security practice implementation.; Based upon the research and data analysis, a methodology for implementing security best practices for industrial projects was developed to facilitate the adoption of the security best practices by industry. While it does not provide specific guidance for the implementation of security procedures at the project level, it offers a framework for integrating security into the project delivery process in the context of likely threats facing the facility and consequences of security breaches.