DocumentCode
2695491
Title
A propose technical security metrics model for SCADA systems
Author
Azuwa, M.P. ; Ahmad, Rabiah ; Sahib, Shahrin ; Shamsuddin, Solahuddin
Author_Institution
Dept. of Comput. Syst. & Commun., Univ. Teknikal Malaysia Melaka (UTeM), Ayer Keroh, Malaysia
fYear
2012
fDate
26-28 June 2012
Firstpage
70
Lastpage
75
Abstract
Information security metrics are very important to guide the direction for measuring the effectiveness of security controls in compliance with the information security standards. However, lack of method to guide organization in choosing the technical security metrics may cause technical security control objectives and capabilities failed. This research proposes a model of technical security metrics to measure the effectiveness of network security management, such as network security controls and services such as firewall and Intrusion Detection Prevention System (IDPS) in the protection of Supervisory and Data Acquisition (SCADA) systems. The methodology used is Plan-Do-Check-Act process model. The proposed technical security metric provides guidance for SCADA owners in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should be able to provide a comprehensive measurement and prove the effectiveness of ISO/IEC 27004 ISMS Measurement standard.
Keywords
IEC standards; ISO standards; SCADA systems; computer network security; IDPS; ISMS standard; ISO/IEC 27001 Information Security Management System standard; ISO/IEC 27004 ISMS Measurement standard; SCADA systems; firewall; information security metrics; information security standards; intrusion detection prevention system; network security control; network security management; plan-do-check-act process model; supervisory and data acquisition systems; technical security control; technical security metric model; IEC standards; ISO standards; Information security; Measurement; Standards organizations; Critical National Information Infrastructure; ISO/IEC 27001:2005; ISO/IEC 27004:2009; Information security metrics; SCADA; technical security metrics model;
fLanguage
English
Publisher
ieee
Conference_Titel
Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on
Conference_Location
Kuala Lumpur
Print_ISBN
978-1-4673-1425-1
Type
conf
DOI
10.1109/CyberSec.2012.6246089
Filename
6246089
Link To Document