Informatization Policy 2023 KCI Impact Factor : 4.08
-
pISSN : 1598-3498
- https://journal.kci.go.kr/nia
KJCKorea
Journal Central
Information security auditing guideline in SCADA system
- Informatization Policy
- Abbr : 정보화정책
- 2008, 15(3), pp.65-82
- Publisher : NIA
- Research Area : Social Science > Public Policy
1경원대학교
Accredited
ABSTRACT
SCADA system is used to monitor and control systems that are geographically dispersed and connected public communication line and radio frequency. SCADA system is vital components of most nation’s critical infrastructures that are based of national security, safety of citizen and development of national economy. According to the change of business environment, SCADA system pushed integration all of the system including MIS and Web and connect to Internet. This situation led to use standard information technologies for SCADA system. This transition has been to expose nation’s critical infrastructures to attack through the Internet and need to develop security technology. Recently Korean government obliged owners of the public information system to audit and the owners of national infrastructure to improve their system security as a result of vulnerability analysis.
In this paper, I suggested the security architecture and information security auditing framework and auditing guideline for SCADA system in order to prepare the base of industrial system security auditing. I excepted this research have led to prepare secure nation’s cyber space through auditing and to promote system control technology, security technology and information system auditing industry.
Statistics
-
265 Viewed
-
2 Downloaded
Tools
Issue List
Citation status
* References for papers published after 2023 are currently being built.
[book]
국무조정실
/ 2005
/ 정보시스템 운영관리지침 개요서
: 1~7
[other]
국무조정실
/ 2005
/ 정보시스템 운영상태관리지침
: 47~49
[book]
국무조정실
/ 2005
/ 정보시스템 구성 및 변경관리 지침서
: 13~54
[book]
국무조정실
/ 2005
/ 정보시스템 성능관리지침서
: 178~193
[other]
/ 2005
/ 법률 제7816호. 정보시스템의 효율적 도입 및 운영 등에 관한 법률
[other]
/ 2008
/ 법률 제8852호. 정보통신기반보호법
[book]
한국정보사회진흥원
/ 1998
/ 정보시스템 보안/통제 감리지침 연구
/ 한국정보사회진흥원
: 21~61
[book]
한국정보사회진흥원
/ 2003
/ 정보시스템 감리 프레임워크 발전 방향 연구
/ 한국정보사회진흥원
: 18~21
[book]
한국정보사회진흥원
/ 2004
/ 공공부문 정보보호 아키텍처 구성 방안 연구
/ 한국정보사회진흥원
: 78~145
[book]
한국정보사회진흥원
/ 2007
/ 정보시스템감리점검해설서V2.0
/ 한국정보사회진흥원
: 3~8
[other]
/ 2004
/ ANSI/ISA-TR99.00.01 (2004). Security Technologies for Manufacturing and Control Systems, 21-76.
[other]
/ 2004
/ ANSI/ISA-TR99.00.02 (2004). Integrating Electronic Security into the Manufacturing and Control Systems Environment, 60-69.
[other]
Christopher J. May
/ 2006
/ Defense in Depth: Foundations for Secure and Resilient IT Enterprises, CMU/SEI-2006-HB-003, 3-23
[other]
/ Defense Dept., Technical Support Working Group (TSWG) (2005). Securing Your SCADA and Industrial Control Systems, ISBN 0-16-075115-2, 12-36.
[other]
DOD
/ 1996
/ technical architecture framework information management Volume 6, Department of Defense Goal Security Architecture, Version 3.0, 3.1 - 3.3
[other]
Dominique Kilman
/ 2005
/ Framework for SCADA Security Policy, Sandia National Laboratories report SAND2005-1002C
[other]
GAO
/ 1999
/ Federal Information Systems Control Audit Manual, 7-8
[other]
GAO
/ 2004
/ Challenges and Efforts to Secure Control Systems, 8-10
[other]
/ 2008
/ Georgia Tech, http://www.oit.gatech.edu/information_security/architecture/ (검색일: 2008. 03. 20)
[other]
Gartenr
/ 2006
/ Integrating Security Into the Enterprise Architecture Framework, 25 January 2006 ID Number: G00137069
[other]
/ 2006
/ ISACA Korea chapter (2006). CoBIT 4.0 한글판
[other]
/ 2005
/ ISO/IEC 27001 (2005). International standard -Information technology - Security techniques - Information security management systems - Requirements
[book]
Jason stamp
/ 2006
/ Vulnerabilities and trends for control system security, First Process control & SCADA security summit 2 March, keynote presentation
/ SANS institute
[web]
Joe St Sauver
/ SCADA Security, NLANR/Internet2 joint techs meeting, Columbus OH
/ http://darkwing.uoregon.edy/~joe/SCADA
[book]
Joseph Falco
/ 2004
/ IT Security for Industrial Control Systems: Requirements Specification and Performance Testing, Presented at the 2004 NDIA Homeland Security Symposium & Exhibition Hyatt Regency
/ Crystal City, Virginia
: 25~27
[other]
Joe Weiss
/ 2006
/ Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities
[other]
/ 2006
/ EEI/AGA Security Committee Fall Meetings, September 13, 2006, Boston, MA.
[report]
Michael Berg
/ 2005
/ A Reference Model for Control and Automation Systems in Electric Power
[web]
NCIP
/ The national plan for research and development in support of critical infrastructure protection, 21-61
/ www.dhs.gov/xlibrary/assets/ST_2004_NCIP_RD_PlanFINALApr05.pdf
[other]
NERC
/ 2005
/ North American Electric Reliability Council Status of August 2003 Blackout Recommendations
[other]
NIST
/ 2001
/ SP 800-33 Underlying Technical Models for Information Technology Security, 5-20
[other]
NIST
/ 2004
/ SPP-ICS(system protection profile-Industrial control systems) version 1.0, 39-89
[other]
NIST
/ 2006
/ Special Publication 800-53, Revision 1 Recommended Security Controls for Federal Information Systems, 31-105
[other]
NIST
/ 2006
/ Special Publication 800-18, Guide for Developing Security Plans for Federal Information Systems, 9-26
[other]
NIST
/ 2007
/ Special Publication 800-82, Guide to Industrial control systems security, 3.1-3.4
[other]
/ 2008
/ OMB, OMB Circular A-123revised (연도불명) . Management's Responsibility for Internal Control. http://www.whitehouse.gov/omb/circulars/a123/a123_rev.html- 117.0KB (검색일: 2008. 02. 27)
[other]
/ 2008
/ OMB, CIRCULAR NO. A-130 Revised, 1996 (연도불명). http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html- 90.8KB(검색일: 2008. 02. 27)
[other]
The white house
/ 2003
/ National Strategy to Secure Cyberspace
[other]
/ 2008
/ United States federal law, Sarbanes-Oxley Act of 2002, (연도불명). http://en.wikipedia. org/wiki/Sarbanes-Oxley_Act (검색일: 2008. 02. 27)