International standards and frameworks provide extremely detailed guidance about the implementation of a security program. However, rapid or agile development guides many vendors and integrators when designing green (new) fields or planning maintenance and evolution of brown (existing) fields. This talk will review the six most important tactical concepts, enforcement boundaries; authentication / authorization; attack surface; asset management; logging and monitoring; incident response, to use as a risk reduction checklist designed to significantly improve the reliability and availability of the process environment and assets.