TY - GEN
T1 - Using Integrated System Theory Approach to Assess Security for SCADA Systems Cyber Security for Critical Infrastructures
T2 - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
AU - Ismail, Suhaila
AU - Sitnikova, Elena
AU - Slay, Jill
PY - 2014/12/11
Y1 - 2014/12/11
N2 - The security of system that monitor critical infrastructure are vital. The possibility of critical infrastructure services being disrupted would have a significant impact on the wider society as it involves energy, water, gas, transport, and many more utilities. This paper examines critical infrastructure and the system that monitors and controls critical services. It also measures the information security aspects of the system by adopting Integrated System Theory which covers the importance of enforcing cyber security policies, assessing and managing risks, internal control-management, technical and process controls and information auditing. This study was initiated by preliminary interviews with experts from different countries on the themes of awareness, compliance and assessments, and measures and controls. Subsequently, a pilot study was done by conducting online surveys to practitioners from different countries, and several different critical infrastructure sectors on the existing information security practices in their organisations. We examined the constituents of existing policies, and controls implemented by the organisations. The conclusion was made the pilot study would provide a good basis for estimating and measuring the security awareness and controls implemented at the organisation level.
AB - The security of system that monitor critical infrastructure are vital. The possibility of critical infrastructure services being disrupted would have a significant impact on the wider society as it involves energy, water, gas, transport, and many more utilities. This paper examines critical infrastructure and the system that monitors and controls critical services. It also measures the information security aspects of the system by adopting Integrated System Theory which covers the importance of enforcing cyber security policies, assessing and managing risks, internal control-management, technical and process controls and information auditing. This study was initiated by preliminary interviews with experts from different countries on the themes of awareness, compliance and assessments, and measures and controls. Subsequently, a pilot study was done by conducting online surveys to practitioners from different countries, and several different critical infrastructure sectors on the existing information security practices in their organisations. We examined the constituents of existing policies, and controls implemented by the organisations. The conclusion was made the pilot study would provide a good basis for estimating and measuring the security awareness and controls implemented at the organisation level.
KW - Contingency Management
KW - Critical Infrastructure
KW - Cyber Security
KW - Integrated System Theory
KW - Internal Control
KW - Risk Management
KW - SCADA Systems
KW - Security Policy
UR - http://www.scopus.com/inward/record.url?scp=84920568397&partnerID=8YFLogxK
U2 - 10.1109/FSKD.2014.6980976
DO - 10.1109/FSKD.2014.6980976
M3 - Conference contribution
AN - SCOPUS:84920568397
T3 - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
SP - 1000
EP - 1006
BT - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 August 2014 through 21 August 2014
ER -