Accepted author manuscript, 472 KB, PDF document
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - On the Cost of Security Compliance in Information Systems
AU - Hofbauer, David
AU - Ivkic, Igor
AU - Maksuti, Silia
AU - Aldrian, Andreas
AU - Tauber, Markus
N1 - Conference code: 10
PY - 2019/3/1
Y1 - 2019/3/1
N2 - The onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this paper’s outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs.
AB - The onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this paper’s outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs.
KW - Industry 4.0
KW - Cyber-Physical Systems
KW - Requirements Engineering
KW - Standard Compliance
KW - Security
KW - Remote Access
KW - Costs
M3 - Conference contribution/Paper
BT - The 10th International Multi-Conference on Complexity, Informatics and Cybernetics: IMCIC 2019
PB - IMCIC
T2 - The 10th International Multi-Conference on Complexity, Informatics and Cybernetics: IMCIC 2019
Y2 - 12 March 2019 through 15 May 2019
ER -