|
Determining the appropriate methodology for the security evaluation of equipment related to information and communication technology in the power industry
|
Sofia Ahanj *   , Mahsa Rahmani , Zahra Sadeghigole , Veda Nobakht |
| Niroo research institute |
|
|
Abstract: (1321 Views) |
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory.
There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented. |
|
| Keywords: ISO/IEC 15408, ISO/IEC 27001 series, NIST SP 800-53, NISTIR 7628, NIST 800-82, ISO/IEC 27019, ISA/IEC 62443 series. |
|
|
Full-Text [PDF 510 kb]
(1143 Downloads)
|
Type of Study: Review Article |
Subject:
Special
Received: 2020/10/5 | Accepted: 2022/02/21 | Published: 2022/02/21
|
|
|
|
|
|
|
| Send email to the article author |
|
|
|
| Add your comments about this article |
|
|
|
