Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis
{"title":"关于工业控制系统信息安全管理的方法建议","authors":"Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis","doi":"10.1109/ETCM.2016.7750821","DOIUrl":null,"url":null,"abstract":"The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.","PeriodicalId":6480,"journal":{"name":"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)","volume":"105 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A methodological proposal concerning to the management of information security in Industrial Control Systems\",\"authors\":\"Fabián Bustamante, Walter Fuertes, P. Díaz, T. Toulkeridis\",\"doi\":\"10.1109/ETCM.2016.7750821\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.\",\"PeriodicalId\":6480,\"journal\":{\"name\":\"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)\",\"volume\":\"105 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ETCM.2016.7750821\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Ecuador Technical Chapters Meeting (ETCM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ETCM.2016.7750821","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A methodological proposal concerning to the management of information security in Industrial Control Systems
The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
