Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001

  • Conference paper
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (OTM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4277))

Abstract

Information technology constitutes a substantial component of the critical infrastructure of many nations. Systems used by utilities and service industries such as electricity, water, wastewater treatment and gas are key components of these critical infrastructures. These critical infrastructures rely on a range of technologies commonly known as Process Control Systems in the production, distribution or management aspects of their services.

To ensure continued delivery of these critical services, it is important to ensure that the process control systems used to control, monitor and manage the infrastructure are secured against physical and cyber security threats. A number of information security standards have been defined by various industry and government regulatory bodies to provide guidance in securing process control systems. However, managing compliance to several standards can become an added administrative overhead to organizations.

This paper reviews the challenges in maintaining compliance with multiple standards and postulates that a holistic information security management system is required to ensure ongoing security of these process control systems. It proposes the implementation of international standards ISO/IEC 17799 and 27001 as a practical approach to managing the various compliance requirements and providing a framework to implement, monitor, manage and improve the security of process control systems.

An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Attorney General’s Department (Australia): Trusted Information Sharing Network for Critical Infrastructure Protection, Attorney Generals Department (2006)

    Google Scholar 

  2. Attorney General’s Department (Australia): Critical Infrastructure Protection National Strategy. Attorney General’s Department, Canberra (2004)

    Google Scholar 

  3. Dacey, R.F.: Critical Infrastructure Protection: Challenges in Securing Control Systems, United States General Accounting Office (2003)

    Google Scholar 

  4. Rockliff, M.: Process Control System Security, Plexal Group (2005)

    Google Scholar 

  5. Verton, D.: Blaster Worm Linked to Severity of Blackout, ComputerWorld, ComputerWorld (2003)

    Google Scholar 

  6. Poulson, K.: Slammer Work Crashed Phio Nuke Plant Network, SecurityFocus (2003)

    Google Scholar 

  7. Boyer, S.A.: SCADA Supervisory Control and Data Acquisition, 3rd edn. The Instrumentation, Systems and Automation Society, Research Triangle Park, NC, ISA (2004)

    Google Scholar 

  8. Miller, A.: Trends in Process Control Systems Security. IEEE Security and Privacy 3, 57–60 (2005)

    Article  Google Scholar 

  9. US Computer Emergency Readiness Team: Control Systems Cyber Security Awareness, US-CERT (2005)

    Google Scholar 

  10. Byres, E., Lowe, J.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology (2004)

    Google Scholar 

  11. Amin, M.: Infrastructure Security: Reliability and Dependency of Critical Systems. IEEE Security and Privacy 3, 15–17 (2005)

    Article  Google Scholar 

  12. Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia National Laboratories, Albuquerque (2005)

    Google Scholar 

  13. Carlson, R., Dagle, J.E., Shamsuddin, S.A., Evans, R.P.: A summary of Control System Security Standards Activities in the Energy Sector, Department of Energy, p. 48 (2005)

    Google Scholar 

  14. North American Electricity Reliability Council: Reliability Standards for the Bulk Electric Systems of North America (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Infoshield Consulting,  

    Wipul Jayawickrama

Authors
  1. Wipul Jayawickrama
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, 3001, Melbourne, VIC, Australia

    Zahir Tari

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jayawickrama, W. (2006). Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_80

Download citation

  • DOI: https://doi.org/10.1007/11915034_80

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-48269-7

  • Online ISBN: 978-3-540-48272-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation