Home > Research > Publications & Outputs > On the Cost of Security Compliance in Informati...

Electronic data

  • On_the_cost_of_security_compliance_in_information_systems_CR

    Accepted author manuscript, 472 KB, PDF document

View graph of relations

On the Cost of Security Compliance in Information Systems

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published
  • David Hofbauer
  • Igor Ivkic
  • Silia Maksuti
  • Andreas Aldrian
  • Markus Tauber
Close
NullPointerException

Abstract

The onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this paper’s outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs.