Assurance Techniques for Industrial Control Systems (ICS)

Knowles, William and Such Aparicio, Jose Miguel and Gouglidis, Antonios and Misra, Gaurav and Rashid, Awais (2015) Assurance Techniques for Industrial Control Systems (ICS). In: CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. ACM, New York, pp. 101-112. ISBN 9781450338271

[img]
Preview
PDF (AT_ICS)
AT_ICS.pdf
Available under License None.

Download (1MB)

Abstract

Assurance techniques generate evidence that allow us to make claims of assurance about security. For the purpose of certification to an assurance scheme, this evidence enables us to answer the question: are the implemented security controls consistent with organisational risk posture? This paper uses interviews with security practitioners to assess how ICS security assessments are conducted in practice, before introducing the five "PASIV" principles to ensure the safe use of assurance techniques. PASIV is then applied to three phases of the system development life cycle (development; procurement; operational), to determine when and when not, these assurance techniques can be used to generate evidence. Focusing then on the operational phase, this study assesses how assurances techniques generate evidence for the 35 security control families of ISO/IEC 27001:2013.

Item Type:
Contribution in Book/Report/Proceedings
Subjects:
ID Code:
77348
Deposited By:
Deposited On:
05 Jan 2016 09:14
Refereed?:
Yes
Published?:
Published
Last Modified:
09 Jul 2020 23:43