A methodological proposal concerning to the management of information security in Industrial Control Systems

2016 IEEE Ecuador Technical Chapters Meeting (ETCM) Pub Date : 2016-10-01 DOI:10.1109/ETCM.2016.7750821

Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis

{"title":"A methodological proposal concerning to the management of information security in Industrial Control Systems","authors":"Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis","doi":"10.1109/ETCM.2016.7750821","DOIUrl":null,"url":null,"abstract":"The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.","PeriodicalId":6480,"journal":{"name":"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)","volume":"105 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ETCM.2016.7750821","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.

查看原文本刊更多论文

关于工业控制系统信息安全管理的方法建议

最近关于安全问题的国际报告记录了越来越多的对工业控制系统的控制论攻击。因此，制造过程中信息技术实施的增加，为相关制造商和专业人员提供了信息安全解决方案。在这方面，出现了一个显著的趋势，即信息安全已特别打算用于企业的行政领域，其中ISO-27000是最受欢迎的标准。尽管如此，已经确定ISO还不是工业方法的理想标准，因为它还没有为这些系统创建。基于NIST发布的标准，我们设计并实现了工业企业工业控制系统信息安全管理的方法。这种方法呈现了一系列阶段的发展，提供了两个主要贡献:首先是一组降低风险的策略，其次是基于标准的指令指南以及有效管理信息安全的安全策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE Ecuador Technical Chapters Meeting (ETCM)

自引率

0.00%

发文量