A Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure
| Autor: | Leandros A. Maglaras, Ying He, Andy Wood, Helge Janicke |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2016 |
| Předmět: |
Engineering
Business requirements Business Requirements Security Architectural Pattern Sherwood Applied Business Security Architecture SABSA 02 engineering and technology Computer security computer.software_genre Critical infrastructure Architectural pattern 0202 electrical engineering electronic engineering information engineering Industry Control Systems Safety Risk Reliability and Quality Risk management General Environmental Science Risk Management business.industry 020206 networking & telecommunications Enterprise information security architecture Information assurance Security controls General Energy Risk analysis (engineering) 020201 artificial intelligence & image processing Critical National Infrastructure business computer |
| DOI: | 10.1504/ijcis.2017.10009242 |
| Popis: | The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ’s mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|