Title :
Methodology for Experimental ICT Industrial and Critical Infrastructure Security Tests
Author :
Masera, Marcelo ; Fovino, Igor Nai
Author_Institution :
Joint Res. Centre, Inst. for the Protection & Security of the Citizen Eur. Comm., Varese
Abstract :
The security assessment of the ICT components of critical infrastructures is nowadays a prominent problem. Risk assessment methodologies require, in order to be effective, to be fed with data regarding the functioning and the behavior of the system under analysis, the potential vulnerabilities, the results and the effects of the possible cyber-attacks etc. Unfortunately the availability of security data coming from the field is scarce, mainly due to business confidentiality reasons. Therefore, there is an urgent need for alternative data sources. The solution is to conduct security experiments, with offline systems or in laboratories with realistic emulation of the target systems. In this paper we present a methodology that defines, step by step, how to conduct, in a systematic and rigorous way, experimental ICT security tests.
Keywords :
risk management; security of data; ICT component; ICT industrial security test; critical infrastructure security test; risk assessment; Availability; Communication system control; Communication system security; Control systems; Data security; Electrical equipment industry; Information security; Protection; Risk management; System testing; Critical Infrastructures; Experimental Tests; Security;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.49
