Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis
{"title":"Integration of IT frameworks for the management of information security within industrial control systems providing metrics and indicators","authors":"Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis","doi":"10.1109/INTERCON.2017.8079672","DOIUrl":null,"url":null,"abstract":"As an extension of a previous methodological proposal to provide management of information security in Industrial Control Systems (ICS), this study aims to adapt IT frameworks to protect industrial and manufacturing enterprises against Information and Communication Technology disruptions and malicious activity. In order to accomplish this purpose, the integration of traditional IT standards and good practices such as COBIT, PMI-PMBOK, ITIL and NIST have been merged. Hereby, COBIT has been applied to align management with the enterprise strategy, PMI-PMBOK for project management, and ITIL for the support and maintenance of ICS services. In this respect, NIST-SP 800-82 has been used as a Guide to ICS Security. Prior to its implementation, we performed an evaluation and selection of a group of tools of these frameworks. Furthermore, they have been used effectively in the operational management of the information security in real cases. Among the main obtained benefits, we were able to reduce incidents and accomplished a holistic management. The achieved results and indicators demonstrate that the management tools comply with the control of the information security in the ICS in the contexts of technology, processes, and people aligned with the strategic objectives.","PeriodicalId":229086,"journal":{"name":"2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON)","volume":"159 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INTERCON.2017.8079672","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
As an extension of a previous methodological proposal to provide management of information security in Industrial Control Systems (ICS), this study aims to adapt IT frameworks to protect industrial and manufacturing enterprises against Information and Communication Technology disruptions and malicious activity. In order to accomplish this purpose, the integration of traditional IT standards and good practices such as COBIT, PMI-PMBOK, ITIL and NIST have been merged. Hereby, COBIT has been applied to align management with the enterprise strategy, PMI-PMBOK for project management, and ITIL for the support and maintenance of ICS services. In this respect, NIST-SP 800-82 has been used as a Guide to ICS Security. Prior to its implementation, we performed an evaluation and selection of a group of tools of these frameworks. Furthermore, they have been used effectively in the operational management of the information security in real cases. Among the main obtained benefits, we were able to reduce incidents and accomplished a holistic management. The achieved results and indicators demonstrate that the management tools comply with the control of the information security in the ICS in the contexts of technology, processes, and people aligned with the strategic objectives.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
