Cerca nel sito per parola chiave

pubblicazioni - Articolo

Treatment of Information Security for Electric Power Utilities (EPUs

pubblicazioni - Articolo

Treatment of Information Security for Electric Power Utilities (EPUs

Giovanna Dondossola*, Membri WG Cigré D2.22** Cigrè SC D2 Parigi * ERSE SPA ** MEMBRI WG CIGRÉ D2.22 This Technical Brochure (TB) covers the efforts of Working Group WG D2.22 "Treatment of Information Security for Electric Power Utilities (EPUs)". The work has been carried out between 2006 and 2009. The WG D2.22 is the successor of Joint Working Group (JWG) D2/B3/C2-01 on "Security for Information Systems and Intranets in Electric Power System" (2003 – 2006/2007). The WG D2.22 has focussed on the following three issues: • Frameworks for EPUs on how to manage information security, • Risk assessment (RA): Common models and methods for treating vulnerabilities, threats and attacks, and • Security technologies for SCADA (Supervisory Control And Data Acquisition)/control systems including real time control networks. The purpose of this TB is to deepen the study of the three areas of Security Frameworks, Risk Assessment, and Security Technologies Guidance, with respect to Information Security for an EPU. It is concluded that an overall security framework should be based on existing standards and "best practices", taking into account legal requirements. A framework should be based on risk assessment. The technical solution should be based on the domain model and the controls. The selection of the "proper" standard(s) is delicate. It is evident that information security for an EPU will continue to be an important issue, in both the short and long run. As natural further works, the following are proposed: 1) To improve methods for use of security frameworks and deploying risk assessment methods; 2) To more deeply involve and get acceptance from management regarding the importance of information and IT security. 3) To embed information security as a natural and mandatory part at procurement specification phase of a project.

Progetti

Commenti