Limits...
Advanced approach to information security management system model for industrial control system.

Park S, Lee K - ScientificWorldJournal (2014)

Bottom Line: Organizations make use of important information in day-to-day business.Protecting sensitive information is imperative and must be managed.ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information.

View Article: PubMed Central - PubMed

Affiliation: Center for Information Security Technologies (CIST), Korea University, Seoul 136-713, Republic of Korea.

ABSTRACT
Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Show MeSH

Related in: MedlinePlus

Domains for safety requirements of IEC 61511.
© Copyright Policy - open-access
Related In: Results  -  Collection


getmorefigures.php?uid=PMC4129153&req=5

fig5: Domains for safety requirements of IEC 61511.

Mentions: IEC 61511 is a technical standard used in the engineering of systems, and it ensures the safety of an industrial process. IEC 61511 consists of 3 chapters. The first chapter is called “framework, definitions, system, hardware and software requirements”; the second chapter is called “guidelines for the application of IEC 61511-1”; and the third chapter is called “guidance for the determination of the required safety integrity levels.” The safety requirements of IEC 61511 are divided into five safety parts and the safety parts consist of development, allocation, design, installation, commissioning, validation, operation, modification, and decommissioning for an ICS. The safety requirements of IEC 61511 are composed of 15 domains and the total number of controls is 215 pieces. The domain for requirements and overall framework of IEC 61511 are shown in Figures 5 and 6 [7].


Advanced approach to information security management system model for industrial control system.

Park S, Lee K - ScientificWorldJournal (2014)

Domains for safety requirements of IEC 61511.
© Copyright Policy - open-access
Related In: Results  -  Collection

Show All Figures
getmorefigures.php?uid=PMC4129153&req=5

fig5: Domains for safety requirements of IEC 61511.
Mentions: IEC 61511 is a technical standard used in the engineering of systems, and it ensures the safety of an industrial process. IEC 61511 consists of 3 chapters. The first chapter is called “framework, definitions, system, hardware and software requirements”; the second chapter is called “guidelines for the application of IEC 61511-1”; and the third chapter is called “guidance for the determination of the required safety integrity levels.” The safety requirements of IEC 61511 are divided into five safety parts and the safety parts consist of development, allocation, design, installation, commissioning, validation, operation, modification, and decommissioning for an ICS. The safety requirements of IEC 61511 are composed of 15 domains and the total number of controls is 215 pieces. The domain for requirements and overall framework of IEC 61511 are shown in Figures 5 and 6 [7].

Bottom Line: Organizations make use of important information in day-to-day business.Protecting sensitive information is imperative and must be managed.ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information.

View Article: PubMed Central - PubMed

Affiliation: Center for Information Security Technologies (CIST), Korea University, Seoul 136-713, Republic of Korea.

ABSTRACT
Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Show MeSH
Related in: MedlinePlus