Assurance Techniques for Industrial Control Systems (ICS)

Computing and Communications

Associated organisational units

Electronic data

AT_ICS
1.26 MB, PDF document
Available under license: None

Keywords

ICS, SCADA, Risk Management, Assurance Techniques

View graph of relations

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Published

Standard

Assurance Techniques for Industrial Control Systems (ICS). / Knowles, William ; Such Aparicio, Jose Miguel ; Gouglidis, Antonios et al.
CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York: ACM, 2015. p. 101-112.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Harvard

Knowles, W , Such Aparicio, JM , Gouglidis, A , Misra, G & Rashid, A 2015, Assurance Techniques for Industrial Control Systems (ICS). in CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. ACM, New York, pp. 101-112.

APA

Knowles, W., Such Aparicio, J. M., Gouglidis, A., Misra, G., & Rashid, A. (2015). Assurance Techniques for Industrial Control Systems (ICS). In CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (pp. 101-112). ACM.

Vancouver

Knowles W , Such Aparicio JM , Gouglidis A , Misra G , Rashid A. Assurance Techniques for Industrial Control Systems (ICS). In CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York: ACM. 2015. p. 101-112

Author

Knowles, William ; Such Aparicio, Jose Miguel ; Gouglidis, Antonios et al. / Assurance Techniques for Industrial Control Systems (ICS). CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy. New York : ACM, 2015. pp. 101-112

Bibtex

@inproceedings{f5414842f9b74e3f8c454b9f618152a9,

title = "Assurance Techniques for Industrial Control Systems (ICS)",

abstract = "Assurance techniques generate evidence that allow us to make claims of assurance about security. For the purpose of certification to an assurance scheme, this evidence enables us to answer the question: are the implemented security controls consistent with organisational risk posture? This paper uses interviews with security practitioners to assess how ICS security assessments are conducted in practice, before introducing the five {"}PASIV{"} principles to ensure the safe use of assurance techniques. PASIV is then applied to three phases of the system development life cycle (development; procurement; operational), to determine when and when not, these assurance techniques can be used to generate evidence. Focusing then on the operational phase, this study assesses how assurances techniques generate evidence for the 35 security control families of ISO/IEC 27001:2013.",

keywords = "ICS, SCADA, Risk Management, Assurance Techniques",

author = "William Knowles and {Such Aparicio}, {Jose Miguel} and Antonios Gouglidis and Gaurav Misra and Awais Rashid",

year = "2015",

month = oct,

language = "English",

isbn = "9781450338271",

pages = "101--112",

booktitle = "CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy",

publisher = "ACM",

}

RIS

TY - GEN

T1 - Assurance Techniques for Industrial Control Systems (ICS)

AU - Knowles, William

AU - Such Aparicio, Jose Miguel

AU - Gouglidis, Antonios

AU - Misra, Gaurav

AU - Rashid, Awais

PY - 2015/10

Y1 - 2015/10

N2 - Assurance techniques generate evidence that allow us to make claims of assurance about security. For the purpose of certification to an assurance scheme, this evidence enables us to answer the question: are the implemented security controls consistent with organisational risk posture? This paper uses interviews with security practitioners to assess how ICS security assessments are conducted in practice, before introducing the five "PASIV" principles to ensure the safe use of assurance techniques. PASIV is then applied to three phases of the system development life cycle (development; procurement; operational), to determine when and when not, these assurance techniques can be used to generate evidence. Focusing then on the operational phase, this study assesses how assurances techniques generate evidence for the 35 security control families of ISO/IEC 27001:2013.

AB - Assurance techniques generate evidence that allow us to make claims of assurance about security. For the purpose of certification to an assurance scheme, this evidence enables us to answer the question: are the implemented security controls consistent with organisational risk posture? This paper uses interviews with security practitioners to assess how ICS security assessments are conducted in practice, before introducing the five "PASIV" principles to ensure the safe use of assurance techniques. PASIV is then applied to three phases of the system development life cycle (development; procurement; operational), to determine when and when not, these assurance techniques can be used to generate evidence. Focusing then on the operational phase, this study assesses how assurances techniques generate evidence for the 35 security control families of ISO/IEC 27001:2013.

KW - ICS

KW - SCADA

KW - Risk Management

KW - Assurance Techniques

M3 - Conference contribution/Paper

SN - 9781450338271

SP - 101

EP - 112

BT - CPS-SPC '15 Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy

PB - ACM

CY - New York

ER -

Research

Associated organisational units

Electronic data

Keywords